Bird_banner_small4
Backdoor.Win32.Stonedrill.A
TSL ID TSL20170313-03
Severity High
Description

Backdoor.Win32.Stonedrill.A is a Backdoor that targets the Windows platform. This malware has reportedly been used in a targeted attack against Saudi organizations. The malware contains a wiper component and another component which allows the malware to collect information, download/upload file, take screenshots and execute shell command. Furthermore, it adds a value to the Run key in the Registry to survive system reboots.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • AC3C25534C076623192B9381F926BA0D
SHA1:
  • 6C914B24442F0659FCA9287CA662A52AC30989AD
Identifiers
Sophos
  • TROJ/STONED-B
Symantec
  • TROJAN.STONEDRILL
TrendMicro
AhnLab
  • TROJAN/WIN32.DYNAMER.C1836138
ALYac
  • TROJAN.DISTTRACK.STDR
Arcabit
  • TROJAN.GENERIC.D1384132
AVG
  • GENERIC38.ANUQ
Avira
  • TR/AGENT.UJCUB
BitDefender
  • TROJAN.GENERIC.20463922
Bkav
  • W32.CLODED6.TROJAN.A239
ClamAV
  • WIN.MALWARE.STONEDRILL-6012379-0
DrWeb
  • TROJAN.SIGGEN7.13861
ESET
  • WIN32/STONEDRILL.A
invincea
  • TROJANSPY.WIN32.SKEEYAH.A!RFN
Jiangmin
  • TROJAN.GENERIC.ARVEO
Malwarebytes
  • WORM.DISTTRACK
NANO
  • TROJAN.WIN32.AGENT.ELNPUD
nProtect
  • TROJAN/W32.STONEDRILL.227840
PaloAlto
  • GENERIC.ML
Tencent
  • WIN32.TROJAN.GENERIC.LNEI
ViRobot
  • TROJAN.WIN32.INJECT.227840
Yandex
  • TROJAN.AGENT!NRJ7YFQERJ4
References https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf
https://www.symantec.com/security_response/writeup.jsp?docid=2017-030708-4403-99
Related Threats