FANDOM


NetWiredRC is a dangerous backdoor that can give malicious hackers unauthorized access and control of the user's PC.

Threat behavior

This threat can create files on the user's PC, including: excel cap.exe and f68mkaajqqsx.exe

It modifies the registry so that it runs each time the user starts their PC, The malware uses code injection to make it harder to detect and remove. It can inject code into running processes.

Payload

This threat can give a malicious hacker access and control of the user's PC. They can then perform a number of different actions, including:

  • Deleting files
  • Downloading and running files
  • Logging the user's keystrokes or stealing their sensitive data
  • Modifying the user's system settings
  • Running or stopping applications
  • Spreading malware to other PCs
  • Uploading files
  • Connecting to a remote host

We have seen this threat connect to a remote host, including:

  • tatanajax.ddns.net with the port 1010

The malware can connect to a remote host to do any of the following:

  • Check for an Internet connection
  • Download and run files (including updates or other malware)
  • Report a new infection to its author
  • Receive configuration or other data
  • Receive instructions from a malicious hacker
  • Search for the user's PC location
  • Upload information taken from the user's PC
  • Validate a digital certificate

Information

This threat can create a mutex on your PC. For example:

  • YsqIgNrk

It might use this mutex as an infection marker to prevent more than one copy of the threat running on the user's PC.

Community content is available under CC-BY-SA unless otherwise noted.