Author: Christopher Daniel So   
 PLATFORM:

Mac OS X

 OVER ALL RISK RATING:
 DAMAGE POTENTIAL::
 DISTRIBUTION POTENTIAL::
 REPORTED INFECTION:
Low
Medium
High
Critical

  • Threat Type:
    Backdoor

  • Destructiveness:
    No

  • Encrypted:
    Yes

  • In the wild::
    Yes

  OVERVIEW

INFECTION CHANNEL: Eliminado por otro tipo de malware, Descargado de Internet

Para obtener una visión integral del comportamiento de este Backdoor, consulte el diagrama de amenazas que se muestra a continuación.

Ejecuta comandos desde un usuario remoto malicioso que pone en peligro el sistema afectado.

  TECHNICAL DETAILS

File size: 78,664 bytes
File type: Mach-O
Memory resident: Yes
INITIAL SAMPLES RECEIVED DATE: 24 de августа de 2012
PAYLOAD: Connects to URLs/IPs

Rutina de puerta trasera

Ejecuta los comandos siguientes desde un usuario remoto malicioso:

  • Get OS version, user name, host name, $PATH variable, home directory, malware process ID, current process path
  • Download a file and save it as /tmp/{random file name 1}, then execute the downloaded file
  • Exit
  • List files in a directory
  • Read a file
  • Write and close a file
  • Copy a file
  • Execute a file
  • Rename a file
  • Delete a file
  • Create a directory
  • Start remote shell
  • Kill a process
  • Get currently logged in users
  • Enumerate window titles of all processes
  • Download a file and save it as /tmp/{random file name 2}
  • Simulate keyboard press
  • Simulate mouse event
  • Get stored login credentials in Thunderbird, SeaMonkey, Mozilla Firefox

  SOLUTION

Minimum scan engine: 9.200
First VSAPI Pattern File: 9.346.05
First VSAPI Pattern Release Date: 24 de августа de 2012
VSAPI OPR PATTERN-VERSION: 9.347.00
VSAPI OPR PATTERN DATE: 25 de августа de 2012
Did this description help? Tell us how we did.