SLOTHFULMEDIA
SLOTHFULMEDIA is a newly identified Remote Access Trojan (RAT) whose development and usage is yet to be attributed to any classified threat actor. The malware is meant to run on Windows systems, and it has a wide range of features, which enable its operators to take almost complete control over the infected machine. The authors of the malware have configured it to disguise itself under the process name 'mediaplayer.exe.' To achieve persistence, it applies changes to the Windows Registry, therefore ensuring that the bogus 'mediaplayer.exe' file will start whenever the operating system boots up.
Once the SLOTHFULMEDIA RAT is active, it will ping the control server www.sdvro.net and transmit some details about the compromised device – hardware and software, network configuration and installed services/software. If the payload receives a response, it will proceed to wait for a command to execute. In case of failure, the SLOTHFULMEDIA RAT will repeat the process every three seconds.
When the Trojan is up and running, it can execute the following commands:
- Execute commands via the Windows Command Prompt.
- Copy, write and delete files.
- See open ports and available drives.
- Manage running processes.
- List files and directories.
- Start and stop Windows services.
- Apply changes to the Windows Registry.
- Send and receive files.
- Take screenshots.
A mischievous cybercriminal could cause tons of problems with these escalated permissions. Users should keep their PCs protected at all times by investing in reputable applications that receive regular updates.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.