Trojans that can act as backdoors are particularly alarming since they enable malicious actors to perform a range of dangerous activities. Trojan.Sakurel.B is classified as a backdoor type of a Trojan that is currently active in the wild. In order to avoid being affected by it, you should keep your system protected at all times.
|Short Description||The Trojan opens a backdoor on the compromised system.|
|Symptoms||System files are modified, a new registry entry is added.|
|Distribution Method||Email attachments, exploits, etc.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Trojan.Sakurel.B|
|User Experience||Join our forum to discuss the Pupy RAT.|
Trojan.Sakurel.B Distribution Method
The most common distribution path for Trojans such as Trojan.Sakurel.B is via malicious exploits. That is why frequently updating your software products and operating system is crucial to the security of your computer.
Trojans, in general, can also be spread via:
- Infected torrents (peer-to-peer communities);
- Malicious email attachments;
- Drive-by downloads;
- Social engineering scams.
Trojan.Sakurel.B Technical Review
Trojan.Sakurel.B (Symantec’s detection) can be detected differently by different AV solutions:
- Trojan:Win32/Sakurel.A (Microsoft)
- Win32/Shyape.M (ESET-NOD32)
- Trojan.Sakurel.A (B) (Emsisoft)
- Trojan.Sakurel.A (F-Secure)
- Trojan.Win32.Sakurel.d (Kaspersky)
- Trojan.Agent.ED (Malwarebytes)
- BackDoor-FBTH!3F0BA1CD12BA (McAfee)
- TROJ_SAKUREL.B (TrendMicro)
Once the Trojan is executed, the following files will be created on the compromised system:
Trojan.Sakurel.B also modifies the Windows Registry by adding the following entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”AdobePlayer” = regsvr32 /s “%UserProfile%\Application Data\adobe\adobe.dat”
Trojan.Sakurel.B acts as an installer for a legitimate application. Meanwhile, a separate, malicious process is also started. For example, once executed, the Trojan will try to open a backdoor on the compromised system. As reported by Symantec’s researchers, it will also attempt connecting to the following remote location:
18.104.22.168 on port 443 using SSL
Overall, Trojan.Sakurel.B can perform a range of malicious operations such as:
- Modify system files – delete, move, list, or steal such;
- Launch various processes;
- Download harmful files to the system;
- Send system information to the remote location given above;
- Open a remote shell;
- Uninstall itself.
Trojan.Sakurel.B Removal Options
The best way to deal with Trojan horses such as Trojan.Sakurel.B is by running a full system scan via a strong anti-virus solution. Such a solution will remove all traces of the threat and will continue to shield the system against future attacks.
A step-by-step removal guide is provided below.