Event ID - 54321

Port No54321
Service NameSCHOOLB.A.C
RFC Doc0
ProtocolTCP
DescriptionThis client part of a backdoor hacking tool is a variant of BKDR_SCBUS.C. It does not have a destructive payload.
Reference LinkSCHOOLB.A.C
AttackSolution:

This backdoor program contains bugs in its code and thus, does not run properly. It is supposed to read API calls from the WSOCK32.DLL file so that it can control its server part. It is supposed to run as a client part of a backdoor hacking tool.
Variants of this backdoor program contains the following text strings:
“SchoolBus by Serdar Kabaoglu”

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.