Warning message... Link to action
Aliases: No associated aliases
Windows Defender Antivirus detects and removes this threat.
This backdoor connects to a remote server to retrieve and execute commands.
We have observed this backdoor being downloaded from hxxp://iqhost[.]us:99/a[.]zip.
When run, it connects to the server hxxps://iqhost[.]us:3389/. It then waits for and executes commands, including but not limited to:
- Download and run files
- Run cmd.exe to execute shell commands
- Stop process