sctrls

Description

(Trend Micro) The sctrls backdoor has these functions: • Compute the unique identifier (hash) from the username and computer name. • Register a new user on the C&C server; this registration creates a new folder with hash name (<some_name>.php?b=). • Read contents of the folder with the hash name from the C&C server, then download and run executables from that particular folder.

The malware operators can then upload binaries of shells or file stealers that will be executed into the respective folders. The directories of their C&C server were unsecured, and we were able to access all their registered victims (hashes) - numbering around 50 - as well as the other backdoors and file stealers in their employ.

Names

Name
sctrls

Type

Reconnaissance
Backdoor
Downloader

Information

https://documents.trendmicro.com/assets/research-deciphering-confucius-cyberespionage-operations.pdf

Other Information

Uuid

f169f172-39e0-4605-bc70-6a4fd090f0b6

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

sctrls

sctrls

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks