Bird_banner_small4
Trojan.Win32.AthenaGo.A
TSL ID TSL20170213-04
Severity Moderate
Description

Trojan.Win32.AthenaGo.A is a Trojan that targets the Windows platform. It is reported that the malware has been used in targeted attacks. The malware sends out system information to a remote server. It accepts commands to execute shell commands, download/execute files, list directories, obtain process list, kill processes, and more. Furthermore, it copies itself to the user's Startup folder to survive system reboots.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 02BE4E542A77319C28511ABCFB126C4B
SHA1:
  • 64EE7E0706D3A86C34787C0F84CF35D9FC8A1912
Identifiers
Kaspersky
  • TROJAN.WIN32.AGENT.NEUMHP
McAfee
  • ARTEMIS!02BE4E542A77
Panda
  • TRJ/RANSOMCRYPT.H
Sophos
  • TROJ/DRIDEX-QS
Symantec
  • BACKDOOR.ATHENRAT
TrendMicro
AhnLab
  • MALWARE/WIN32.GENERIC.C1364838
Arcabit
  • TROJAN.RAZY.D90F3
AVG
  • WIN32/DH{GUOKGHW?}
Avira
  • TR/DLDR.AGENT.6716416
BitDefender
  • GEN:VARIANT.RAZY.37107
Bkav
  • W32.CLODECE.TROJAN.186C
ClamAV
  • WIN.TROJAN.ATHENA-5329665-0
Comodo
  • TROJWARE.WIN32.GENERIC.QBTIU
Cyren
  • W32/TROJAN.ZQQM-3422
DrWeb
  • TROJAN.DOWNLOADER20.40956
ESET
  • GENERIK.DQOMNYS
Fortinet
  • W32/AGENT.NEUMHP!TR
F-Prot
  • W32/TROJAN2.OZNB
Jiangmin
  • TROJAN.GENERIC.UORQ
NANO-Antivirus
  • TROJAN.WIN32.DOWNLOADER20.ECASKZ
Rising
  • TROJAN.AGENT!8.B1E-RL6ZSPZBGIT
Tencent
  • WIN32.TROJAN.AGENT.EYO
Yandex
  • TROJAN.AGENT!ZAVG5VI0K+A
Zillya
  • TROJAN.AGENT.WIN32.671719
References http://blog.talosintel.com/2017/02/athena-go.html
https://www.bleepingcomputer.com/news/security/athenago-rat-uses-tor2web-proxy-system-to-hide-candc-server/
http://www.securityweek.com/athenago-rat-uses-tor2web-cc-communication
Related Threats