Bird_banner_small4
Backdoor.Win32.Regostub.A
TSL ID TSL20170316-02
Severity High
Description

Backdoor.Win32.Regostub.A is a Backdoor that targets the Windows platform. This malware identifies itself to a remote server and accepts commands. The malware supports a large number of commands that will allow to execute shell commands, take screenshots and send output to the server, perform file management, upload/download/execute files, control mouse and CD drive, list/terminate processes, start/stop chat, perform keylogging and many more. The malware creates a link in the Startup folder of the user to achieve persistence on the infected system.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • CF489D0CA185C64B996DF805F99E4120
SHA1:
  • 732DBC410DE36064388039230ED6E13C9FCEC0AE
Identifiers
Kaspersky
  • TROJAN-PSW.WIN32.AUTOIT.HG
McAfee
  • ARTEMIS!CF489D0CA185
Sophos
  • TROJ/AUTOIT-BXI
TrendMicro
AegisLab
  • TROJ.W32.GEN.LRP4
AhnLab
  • TROJAN/WIN32.AUTOIT.C1800982
Arcabit
  • TROJAN.GENERIC.D43AC06
AVG
  • GENERIC17_C.FQR
Avira
  • TR/PSW.AUTOIT.BTGVR
Baidu
  • WIN32.TROJAN.WISDOMEYES.16070401.9500.9895
BitDefender
  • TROJAN.GENERICKD.4434950
Bkav
  • W32.HFSATITSTIL.B9D4
ClamAV
  • WIN.TROJAN.GENERIC-5966214-0
CMC
  • TROJAN.WIN32.GENERIC!O
Cyren
  • W32/TROJAN.YURQ-0054
DrWeb
  • TROJAN.DOWNLOADER23.58188
ESET
  • WIN32/AUTOIT.BQ
Fortinet
  • W32/AUTOIT.HG!TR.PWS
Invincea
  • VIRTOOL.WIN32.AUTINJECT.CJ
Jiangmin
  • TROJAN.PSW.AUTOIT.BX
NANO-Antivirus
  • TROJAN.WIN32.AUTOIT.ELVXIX
PaloAlto
  • WORM/WIN32.AUTOIT.OGJM
Proofpoint
  • LODA
Qihoo-360
  • WIN32/TROJAN.PSW.970
Rising
  • TROJAN.WIN32.AUTOIT.EWZ
Tencent
  • WIN32.TROJAN-QQPASS.QQROB.TAOU
VBA32
  • TROJAN.AUTOIT.F
ViRobot
  • TROJAN.WIN32.Z.AUTOIT.1099518
References https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/
https://www.proofpoint.com/us/threat-insight/post/introducing-loda-malware
Related Threats