BOUNCER (52d9a474-fc37-48b5-8e39-4394194b9573)
BOUNCER will load an extracted DLL into memory, and then will call the DLL's dump export. The dump export is called with the parameters passed via the command line to the BOUNCER executable. It requires at least two arguments, the IP and port to send the password dump information. It can accept at most five arguments, including a proxy IP, port and an x.509 key for SSL authentication. The DLL backdoor has the capability to execute arbitrary commands, collect database and server information, brute force SQL login credentials, launch arbitrary programs, create processes and threads, delete files, and redirect network traffic.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
BOUNCER (52d9a474-fc37-48b5-8e39-4394194b9573) | Tool | Bouncer (80487bca-7629-4cb2-bf5b-993d5568b699) | Malpedia | 1 |