BKDR_VERNOT.A

BKDR_VERNOT.A, otherwise known as Vernot malware, is a backdoor Trojan that misuses legitimate services of a legal software product called Evernote. BKDR_VERNOT.A spreads to targeted PCs as a file downloaded by other malware infections or as a file downloaded unknowingly by PC users when visiting malicious websites. BKDR_VERNOT.A executes commands from a remote attacker, effectively taking over the infected computer system. BKDR_VERNOT.A injects a .DLL component is to the process called 'explorer.exe'. BKDR_VERNOT.A modifies the registry entries to assure it loads automatically whenever a PC users starts Windows. BKDR_VERNOT.A downloads, executes and renames files and unzips archive files on the corrupted PC. BKDR_VERNOT.A connects to the genuine website Evernote, a website created for note taking and archiving by connecting to the web address Evernote.com/intl/zh-cn. It is possible that BKDR_VERNOT.A is able to retrieve its C&C server in one of the notes saved in its Evernote account. BKDR_VERNOT.A may query its backdoor commands in the notes saved in its Evernote account. BKDR_VERNOT.A may also use the notes as a drop-off point for the stolen information. BKDR_VERNOT.A grabs data including the compromised PC's operating sustem information, user name, time zone, registered owner, computer name, and registered organization.