SecurityHome.eu Backdoor.Setoba

Home / malware PDF

Backdoor.Setoba

First posted on 04 December 2014.
Source: Symantec
Aliases :
There are no other names known for Backdoor.Setoba.
Explanation :
When the Trojan is executed, it creates the following file: [PATH TO MALWARE]\COM.Extentions.bin.log
The Trojan may then create, remove, start, or end a service with the following characteristics: Service name: COM+ System Extentions>Provides a common interface and extention module to access, management and use any services that explicitly depend on Component Object Model (COM)+-based.Display Name: COM+ System Extentions
The Trojan then connects to the following remote location: srv01.microsoftwindowsupdate.net
The Trojan then exfiltrates data by sending emails with the data from testmail_00001@yahoo.com to dyanachear@beyondsys.com

The Trojan may also perform the following actions: Open a reverse shellExecute filesWrite log data
Last update 04 December 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Backdoor.Typideg!gen1
Backdoor.Breut!gm
Backdoor:Solaris/Wanukdoor.A
Backdoor.Winnti!gen3
Backdoor.Korplug!gm
Backdoor.Gresim!gen1
Backdoor.Win32.Wisdoor.N
Backdoor:W32/PcClient.YW
Backdoor.Destover
Backdoor.Oldrea!gen1