Backdoor.APT.Merong

Backdoor.APT.Merong Description

Type: Adware

Backdoor.APT.Merong is a backdoor Trojan that is a part of a malware campaign, which aims at companies. The malware attack that is used by cybercrooks to corrupt victimized PCs with Backdoor.APT.Merong uses the name of the company it affects in the CnC domain name. Backdoor.APT.Merong regularly uses either names of companies or a project that a particular company works on in its CnC domain name in order not to seem to be suspicious. Backdoor.APT.Merong circulates via harmful emails involving infectious domain names. The zip file incorporates 'Updated_office_contact_v1.exe', which, when executed, creates 'ctfmon.exe' and 'Lanl_Office_Contact_oct.pdf' in the '%UserProfile%\Local Settings\Temp' directory. It then opens a decoy PDF document for instance, 'Lanl_Office_Contact_oct.pdf' from the Temp directory and then executes 'ctfmon.exe'. 'Lanl_office_contact_oct.pdf' belongs to 'Los Alamos National Lab' and the contacts can also be found in the PDF file on the website. 'ctfmon.exe' replicates itself into the '%UserProfile%\Start Menu\Programs\Startup\ctfmon.exe' directory to launch whenever the affected computer is started and begins to contact the CnC server.

Technical Information

File System Details

Backdoor.APT.Merong creates the following file(s):
# File Name Detection Count
1 ctfmon.exe N/A
2 Updated_office_contact_v1.exe N/A
3 hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v3.zip N/A
4 hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v6.zip N/A
5 hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v2.zip N/A
6 hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v5.zip N/A
7 hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v1.zip N/A
8 hxxp://americansystems.ddns.info/corporate/office/Updated_office_contact_v4.zip N/A
9 Lanl_Office_Contact_oct.pdf N/A

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.