Event ID - 31745

Port No31745
Service NameBuschTrommel
RFC Doc0
ProtocolTCP
DescriptionBuschtrommel is one of the latest trojans that will disable security software such as anti-trojan programs and firewalls. After analyzing it as I always do with new trojans so that they can be added to the TrojanHunter database.
Reference LinkAnalysis of the Buschtrommel Trojan

More Information
AttackName:BuschTrommel

Backdoor Buschtrommel 1.0 is a Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to remotely change the settings of some antivirus and firewall programs. Buschtrommel runs from the server file "C:\WINDOWS\SERVER.EXE" over port 31745 via TCP.

Buschtrommel is a backdoor Trojan affecting Microsoft Windows operating systems. It spreads by manual installation. When first executed, Buschtrommel copies the backdoor server to the Windows System directory. It modifies the registry, so that the backdoor server runs whenever Windows starts up. The backdoor server default opens TCP port 31745 on the victim machine. Buschtrommel can disable several anti-virus programs.

A remote attacker can use the Buschtrommel client to gain unauthorized access to the victim system. The attacker can then perform such operations as: upload or download files, execute commands, restart Windows, control the mouse, send e-mail messages, launch a denial of service attack, and perform an application redirect.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.