Author: Jaime Benigno Reyes   
 

Backdoor:Win32/Brambul.A (Microsoft)

 PLATFORM:

Windows

 OVER ALL RISK RATING:
 DAMAGE POTENTIAL::
 DISTRIBUTION POTENTIAL::
 REPORTED INFECTION:
 INFORMATION EXPOSURE:
Low
Medium
High
Critical

  • Threat Type:
    Backdoor

  • Destructiveness:
    No

  • Encrypted:
     

  • In the wild::
    Yes

  OVERVIEW


  TECHNICAL DETAILS

File size: 18,977 bytes
File type: EXE
Memory resident: No
INITIAL SAMPLES RECEIVED DATE: 28 февраля 2013

Otras modificaciones del sistema

Agrega las siguientes entradas de registro:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
services\SharedAccess\Parameters\
FirewallPolicy\FirewallRules
TCP Query User{random}{malware path}\{malware name} = "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App={malware path}\{malware name}|Name={malware base name}|Desc={malware base name}|Defer=User|"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
services\SharedAccess\Parameters\
FirewallPolicy\FirewallRules
UDP Query User{random}{malware path}\{malware name} = "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App={malware path}\{malware name}|Name={malware base name}|Desc={malware base name}|Defer=User|"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path}\{malware name} = "{malware path}\{malware name}:*:Enabled:{malware base name}"