Bird_banner_small4
Backdoor.Win32.CatuabaBot.A
TSL ID TSL20170809-01
Severity High
Description

Backdoor.Win32.CatuabaBot.A is a Backdoor Bot agent that targets the Windows platform. This malware identifies itself to a remote server and accepts various commands. The supported commands would allow to execute shell commands on the infected machine and send the result back, launch a UDP flood attack, and more. Moreover, the malware copies itself to the user's Startup folder to achieve persistence on the infected machine.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • B472D430558FBF91ED20299A3CE594DB
SHA1:
  • BB58B6A29D8C7E598D381F0D4C9E424F5DB31CAE
Identifiers
McAfee
  • RDN/SPYBOT.WORM.GEN
Microsoft Malware Protection Center
Sophos
  • MAL/EMOGEN-Y
TrendMicro
AhnLab-V3
  • TROJAN/WIN32.MALEX.C2078975
Arcabit
  • GEN:WIN32.IRC-BACKDOOR.E2F60C
Avira
  • WORM/IRCBOT.HPDME
Baidu
  • WIN32.TROJAN.WISDOMEYES.16070401.9500.9999
BitDefender
  • GEN:WIN32.IRC-BACKDOOR.AMW@AGNWEME
Cyren
  • W32/IRCBOT-BASED!MAXIMUS
DrWeb
  • TROJAN.DOWNLOADER25.18059
ESET-NOD32
  • WIN32/IRCBOT.AVT
Fortinet
  • W32/GENERIC.Y!TR
Qihoo-360
  • WIN32/BACKDOOR.IRC.08A
Rising
  • TROJAN.MALEX!8.657
Tencent
  • WIN32.TROJAN.GENERIC.PEPE
References http://www.virusradar.com/en/Win32_IRCBot.AVT/description
Related Threats