LONGRUN

Description

LONGRUN is a backdoor designed to communicate with a hard-coded IP address and provide the attackers with a custom interactive shell. It supports file uploads and downloads, and executing arbitrary commands on the compromised machine. When LONGRUN executes, it first loads configuration data stored as an obfuscated string inside the PE resource section. The distinctive string thequickbrownfxjmpsvalzydg is used as part of the input to the decoding algorithm. When the configuration data string is decoded it is parsed and treated as an IP and port number. The malware then connects to the host and begins interacting with it over a custom protocol.

Names

Name
LONGRUN

Type

Backdoor
Info stealer
Exfiltration

Information

http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html

Other Information

Uuid

7f5652d8-d82d-4298-ad2d-effcb67444ae

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

LONGRUN

LONGRUN

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks