QueenOfClubs
The QueenOfClubs is yet another payload used by the same criminal group behind the SLOTHFULMEDIA malware. The QueenOfClubs also share many similarities with QueenOfHearts and KingOfHearts malware samples, but they're also some drastic differences, which make the QueenOfClubs more suitable for specific situations. In terms of functionality, the QueenOfClubs backdoor Trojan can:
- Use the 'Windows Command Prompt' to execute remote commands.
- Load custom PowerShell scripts – an exceptionally threatening feature.
- View, modify, download and upload files.
- It has a built-in screenshot-taking feature, unlike the KingOfHearts Backdoor, which uses a separate utility to handle this task.
Surprisingly, the QueenOfHearts malware was often found working alongside QueenOfClubs – it is not clear why the attackers were deploying two very similar malware families on the same system. Experts also mention that it is very common for both malware families to use overlapping network infrastructure.
The QueenOfClubs, alongside KingOfHearts and QueenOfHearts, shows how advanced the plans of some APT actors are – even though they use very similar malware families, they end up using the ones that best suit their needs.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.