ELMER Trojan

By GoldSparrow in Trojans

Translate To:

The ELMER threat is categorized as a backdoor trojan that emerged in late-2015. The ELMER cyber-threat is a product by a formidable APT (Advanced Persistent Threat) group known as APT16 among computer security researchers. The APT16 group has established a reputation for targeting high-profile targets in Japan and Taiwan. APT16 has been found to launch attacks on technical companies, government service, media networks, financial institutions and some production facilities. APT16 is believed to be based in China judging by Web traffic analysis and code from Elmer samples.

The ELMER Backdoor Trojan is distributed to systems via an exploit tagged as CVE-2015-170 and an undisclosed and silently patched EPS vulnerability. The exploit allows threat actors to accomplish a privilege escalation attack and drop a version of the IRONHALO Trojan downloader. The IRONHALO program copies itself to the startup directory for persistence and connects to a compromised site to obtain a Base64 encoded payload. The Base64 encoded string is saved to a temporary file, decoded and launched using a hidden window. Users may not be aware of what is happening until it is already too late. The IRONHALO program delivers the ELMER Backdoor Trojan to a hidden folder under the AppData directory, and it is used to load the backdoor after a system reboot.

The ELMER Backdoor Trojan has no persistence enabled, and it can't load with Windows unless a loader module is present (IRONHALO in this case). The ELMER Backdoor Trojan is notable with proxy detection, but it is otherwise a generic backdoor program like Briba and NoteBot. The APT16 group is known to use the ELMER Backdoor Trojan as a way to extract data, plant programs and monitor user activity. The ELMER Backdoor Trojan can execute files, download files from a remote location, map folders on the system drives, list the running processes, and upload files to the 'Command and Control' server. PC users are advised to install the latest security fixes for their software and keep Windows up-to-date. Computer security instruments flag resources associated with the ELMER Backdoor Trojan as:

BKDR_ELMER.ZTCL-A
Backdoor.Elmer
Downloader.Agent!8.B23 (CLOUD)
Gen:Trojan.Heur.cS0@t8XE52ib
Malicious.db475f
TrojWare.Win32.Spy.Banker.Gen@1qlojk
Trojan ( 7000000f1 )
Trojan.FKM!5SpiuCMGDEI
Trojan.Kryptik!FpeJ7Fm9B7c
Trojan.Win32.Agent.44544.GR
Trojan/Win32.Agent.C1314593
W32/Threat-SysVenFak-based!Maxi

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

ELMER Trojan

Submit Comment

Related Posts

Elmer's Glue Locker Ransomware

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen