Home / malware Backdoor:Win32/SilverMob.A!dha
First posted on 15 December 2017.
Source: MicrosoftAliases :
There are no other names known for Backdoor:Win32/SilverMob.A!dha.
Explanation :
Installation
This threat is generally delivered through a malicious macro as a link or attachment within a spam email. It can create the following installation file on your PC: %TEMP%\lsm.exe
Payload
Allows backdoor access and control
This threat can give a malicious hacker access and control of your PC. They can then perform a number of different actions, such as:
- Downloading and uploading files
- Enumerating files and folders
- Enumerating running processes
- Executing arbitrary commands
- Gathering system information such as IP address and computer name
- Securely deleting files and folders
Connects to a remote host
We have seen this threat connect to a remote host, including the following C2 servers:
- 108[.]222[.]149[.]173[:]443
- 118[.]140[.]97[.]6[:]443
- 123[.]127[.]189[.]29[:]443
Encrypts C2 communications
This threat encrypts all configuration information and C2 communications using TLS and RC4. It uses the following RC4 key:
- 0x857C174DF47620333BC8770B
This malware description was published using the analysis of file SHA1 72d0d2f047403b3d00ac52d94e7acf5ac0fcdfc6.Last update 15 December 2017
