Backdoor.Win64.BRUTEL.YXCIW

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Führt Befehle eines externen, böswilligen Benutzers aus, wodurch das betroffene System gefährdet wird.

Übertragungsdetails

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Backdoor-Routine

Führt die folgenden Befehle eines externen, böswilligen Benutzers aus:

• Manage Files(Create, Delete, Modify, Move, Copy)
• Manage Directories(Create, Remove)
• Manage Processes(Create, Open, Terminate)
• Manage Services(Create, Start)
• Escalate Privileges
• Impersonate Token
• Enumerate Registries
• Read/Modify File time
• Upload/download files
• Decode Kerberos tickets and convert to hashcat
• Scan Ports
• Push Scheduled Task Thru Group Policy Objects
• Execute WMI Commands
• Take Screenshots
• Query various LDAP queries to the domain or forest
• Execute Commands using SMB, TCP, WMI, WinRM and managing remote services over RPC

Datendiebstahl

Folgende Daten werden gesammelt:

• User Name
• Computer Name
• Local IP Address
• OS Info
• RAM Info
• Current Process ID
• Network Adapter Info