Backdoor.APT.Merong
Backdoor.APT.Merong is a backdoor Trojan that is a part of a malware campaign, which aims at companies. The malware attack that is used by cybercrooks to corrupt victimized PCs with Backdoor.APT.Merong uses the name of the company it affects in the CnC domain name. Backdoor.APT.Merong regularly uses either names of companies or a project that a particular company works on in its CnC domain name in order not to seem to be suspicious. Backdoor.APT.Merong circulates via harmful emails involving infectious domain names. The zip file incorporates 'Updated_office_contact_v1.exe', which, when executed, creates 'ctfmon.exe' and 'Lanl_Office_Contact_oct.pdf' in the '%UserProfile%\Local Settings\Temp' directory. It then opens a decoy PDF document for instance, 'Lanl_Office_Contact_oct.pdf' from the Temp directory and then executes 'ctfmon.exe'. 'Lanl_office_contact_oct.pdf' belongs to 'Los Alamos National Lab' and the contacts can also be found in the PDF file on the website. 'ctfmon.exe' replicates itself into the '%UserProfile%\Start Menu\Programs\Startup\ctfmon.exe' directory to launch whenever the affected computer is started and begins to contact the CnC server.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | ctfmon.exe | |
2. | Updated_office_contact_v1.exe | |
3. | hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v3.zip | |
4. | hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v6.zip | |
5. | hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v2.zip | |
6. | hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v5.zip | |
7. | hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v1.zip | |
8. | hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v4.zip | |
9. | Lanl_Office_Contact_oct.pdf |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.