We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win64/SlugResin.A!dha
Aliases: No associated aliases
Summary
Backdoor:Win64/SlugResin.A!dha is the detection name for a 64-bit Windows backdoor variant of the SlugResin malware family. As a backdoor, it is designed to create a hidden pathway on a target device for a remote threat actor to access. It creates a hidden way to bypass normal security, access control, and permissions available in Windows. This kind of access can facilitate many malicious use cases, such as data exfiltration, espionage, ransomware attacks, and uploading additional payloads. This creates a very unsafe environment for the whole network where the infected device is connected.
The !dha suffix denotes that this SlugResin variant is detected via a Dynamic Heuristic Analysis methodology, tailored to the SlugResin family's characteristics.
- Disconnect from networks/internet.
- Implement multifactor authentication as a long-term security methodology.
- From a known-clean device, immediately reset passwords for all accounts that were accessed or stored on the infected machine
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
