Home / malware Backdoor.Darksun.B
First posted on 28 July 2015.
Source: SymantecAliases :
There are no other names known for Backdoor.Darksun.B.
Explanation :
Once executed, the Trojan copies itself to the following location:
%AllUsersProfile%\[THREAT NAME].exe
The Trojan also creates the following file:
%CurrentFolder%\_temp.dat
The Trojan creates the following registry entries so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AudioClient" = "%AllUsersProfile%\[THREAT NAME].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Cliented" = "%AllUsersProfile%\[THREAT NAME].exe"
The Trojan then opens a back door on the compromised computer, allowing an attacker to access the compromised computer.
The Trojan then records keystrokes on the compromised computer and saves them to the following location:
%CurrentFolder%\_temp.dat
The Trojan may send the stolen information to a remote location.Last update 28 July 2015
