SecurityHome.eu Backdoor.Baccamun

Home / malware PDF

Backdoor.Baccamun

First posted on 26 July 2014.
Source: Symantec
Aliases :
There are no other names known for Backdoor.Baccamun.
Explanation :
The Trojan may be dropped by Trojan.Mdropper or Trojan.Dropper.

Once executed, the Trojan creates the following file:
%Windir%\Tasks\taskmgr.exe

It then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Java Run Environment 1.1.0023\" = "%Windir%\tasks\taskmgr.exe"

Next, the Trojan connects to the following remote location:
www.telecom.ntdll.net

The Trojan then opens a back door on the compromised computer, allowing an attacker to perform the following actions:
Download filesExecute arbitrary commands
Last update 26 July 2014

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Family:

Backdoor.Typideg!gen1
Backdoor.Breut!gm
Backdoor:Solaris/Wanukdoor.A
Backdoor.Winnti!gen3
Backdoor.Korplug!gm
Backdoor.Gresim!gen1
Backdoor.Win32.Wisdoor.N
Backdoor:W32/PcClient.YW
Backdoor.Destover
Backdoor.Oldrea!gen1