Backdoor.APT.Merong

Backdoor.APT.Merong is a backdoor Trojan that is a part of a malware campaign, which aims at companies. The malware attack that is used by cybercrooks to corrupt victimized PCs with Backdoor.APT.Merong uses the name of the company it affects in the CnC domain name. Backdoor.APT.Merong regularly uses either names of companies or a project that a particular company works on in its CnC domain name in order not to seem to be suspicious. Backdoor.APT.Merong circulates via harmful emails involving infectious domain names. The zip file incorporates 'Updated_office_contact_v1.exe', which, when executed, creates 'ctfmon.exe' and 'Lanl_Office_Contact_oct.pdf' in the '%UserProfile%\Local Settings\Temp' directory. It then opens a decoy PDF document for instance, 'Lanl_Office_Contact_oct.pdf' from the Temp directory and then executes 'ctfmon.exe'. 'Lanl_office_contact_oct.pdf' belongs to 'Los Alamos National Lab' and the contacts can also be found in the PDF file on the website. 'ctfmon.exe' replicates itself into the '%UserProfile%\Start Menu\Programs\Startup\ctfmon.exe' directory to launch whenever the affected computer is started and begins to contact the CnC server.