Home / malware

PDF

Backdoor.Contopee

First posted on 16 February 2016.
Source: Symantec

Aliases :

There are no other names known for Backdoor.Contopee.

Explanation :

Once executed, the Trojan opens a back door on the compromised computer, and connects to the following remote location over TCP port 443:
onlink.epac.to
Next, the Trojan may gather the following information from the compromised computer and send it to the remote location:
Computer nameOperating system version, ProductID, and ProductNameCPU informationLocale informationTotal memoryList of available drives and available free spaceBIOS manufacturer and product nameNetwork informationList of filesList of processes
The Trojan may also gather a list of logical drives on the compromised computer, including the following information:
Drive typeVolume informationAvailable free space
The Trojan may then perform the following actions:
Create directoriesSet current directoryCreate and end processesDownload, upload, move, and delete files

Last update 16 February 2016

 

TOP