Modrunner Backdoor
released on 2017-03-17 @ 11:00:20 PM
When the Trojan is executed, it may connect to one of the following remote locations:
[http://]crcchecker.com/in[REMOVED]
[http://]msmodule.com/in[REMOVED]
[http://]msgetupdt.com/in[REMOVED]
[http://]mssendinf.com/in[REMOVED]
The Trojan may send the following information to one of the remote locations:
Computer name
The Trojan may download and execute the following potentially malicious file:
%Temp%\[RANDOM CHARACTERS].dll