BKDR_ZEGOST.SM44
August 18, 2017
ALIASES:
Backdoor.Win32.Farfli.audj (Kaspersky), Trojan:Win32/Toga!rfn (Microsoft), BDS/Backdoor.mfjpw (Avira)
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Backdoor
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
However, as of this writing, the said sites are inaccessible.
TECHNICAL DETAILS
File Size:
102,400 bytes
File Type:
EXE
Initial Samples Received Date:
16 Jun 2017
Arrival Details
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Other Details
This Backdoor connects to the following possibly malicious URL:
- http://users.{BLOCKED}e.{BLOCKED}q.com/fcg-bin/cgi_get_portrait.fcg?uins=
- http://users.{BLOCKED}e.{BLOCKED}q.com:443
However, as of this writing, the said sites are inaccessible.