Trojan.MacOS.NUKESPED.YXBB-A

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Ejecuta comandos desde un usuario remoto malicioso que pone en peligro el sistema afectado. Se conecta a un sitio Web para enviar y recibir información.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Rutina de puerta trasera

Ejecuta los comandos siguientes desde un usuario remoto malicioso:

• Read in memory Configuration data
• Edit in memory Configuration data
• Upload current in memory Configuration data
• Secure Delete
• Download File from C&C
• Upload File From C&C
• Execute command
• Execute Process
• List Files and directories
• Test Connection

Se conecta a los sitios Web siguientes para enviar y recibir información:

• https://{BLOCKED}eker.com/redirect.php
• https://{BLOCKED}keystroke.com/pockbackx.php
• https://www.{BLOCKED}te.it/administrator/help/en-GB/bins/tags/taghelper.php

Otros detalles

Hace lo siguiente:

• Checks if there is a configuration file available to load (/private/etc/krb5d.conf)
  • If none, it’s default is to connect to https://www.{BLOCKED}te.it/administrator/help/en-GB/bins/tags/taghelper.php