Backdoor.APT.Merong DescriptionType: Adware
Backdoor.APT.Merong is a backdoor Trojan that is a part of a malware campaign, which aims at companies. The malware attack that is used by cybercrooks to corrupt victimized PCs with Backdoor.APT.Merong uses the name of the company it affects in the CnC domain name. Backdoor.APT.Merong regularly uses either names of companies or a project that a particular company works on in its CnC domain name in order not to seem to be suspicious. Backdoor.APT.Merong circulates via harmful emails involving infectious domain names. The zip file incorporates 'Updated_office_contact_v1.exe', which, when executed, creates 'ctfmon.exe' and 'Lanl_Office_Contact_oct.pdf' in the '%UserProfile%\Local Settings\Temp' directory. It then opens a decoy PDF document for instance, 'Lanl_Office_Contact_oct.pdf' from the Temp directory and then executes 'ctfmon.exe'. 'Lanl_office_contact_oct.pdf' belongs to 'Los Alamos National Lab' and the contacts can also be found in the PDF file on the website. 'ctfmon.exe' replicates itself into the '%UserProfile%\Start Menu\Programs\Startup\ctfmon.exe' directory to launch whenever the affected computer is started and begins to contact the CnC server.
File System Details
|#||File Name||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.