Home / malwarePDF  

Trojan.Bodegun


First posted on 04 February 2016.
Source: Symantec

Aliases :

There are no other names known for Trojan.Bodegun.

Explanation :

Once executed, the Trojan creates the following files:
%System%\awx-intelx86-amdx64.dat%System%\HnCLoader.exe%SystemDrive%\Temp\AntiAgent.log
In an attempt to disguise itself as a print spooler, the Trojan may create a Windows service pointing to the following file:
%System%\SpoolerSvc.exe The Trojan may open a back door on the compromised computer, and connect to one of the following locations:
[http://]cdpc.dg.gov.cn/up/1443849343[REMOVED][http://]www.etgcx.com/common/image/myphoto19[REMOVED][http://]www.jnts1532.cn/phpcms/templates/default/message/myphoto19[REMOVED]211.255.32.175
The Trojan may perform the following actions on the compromised computer:
Obtain a directory listObtain a file listLog keystrokesDownload filesExecute filesExecute shell commands
The Trojan may steal the following information from the compromised computer:
Operating System versionComputer nameUser name

Last update 04 February 2016

 

TOP