Home / malware Backdoor.Wespion
First posted on 21 May 2015.
Source: SymantecAliases :
There are no other names known for Backdoor.Wespion.
Explanation :
When the Trojan is executed, it creates the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"conhost" = "[PATH TO TROJAN]"
Next, the Trojan connects to the following remote location: [https://]security.symantecse.com[REMOVED]
The Trojan may then perform the following actions: Open a back doorGather information on files and disk volumesEnumerate filesDownload filesExecute commandsLast update 21 May 2015
