| Port No | 31745 |
| Service Name | BuschTrommel |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Buschtrommel is one of the latest trojans that will disable security software such as anti-trojan programs and firewalls. After analyzing it as I always do with new trojans so that they can be added to the TrojanHunter database. |
| Reference Link | Analysis of the Buschtrommel Trojan More Information |
| Attack | Name:BuschTrommel Backdoor Buschtrommel 1.0 is a Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to remotely change the settings of some antivirus and firewall programs. Buschtrommel runs from the server file "C:\WINDOWS\SERVER.EXE" over port 31745 via TCP. Buschtrommel is a backdoor Trojan affecting Microsoft Windows operating systems. It spreads by manual installation. When first executed, Buschtrommel copies the backdoor server to the Windows System directory. It modifies the registry, so that the backdoor server runs whenever Windows starts up. The backdoor server default opens TCP port 31745 on the victim machine. Buschtrommel can disable several anti-virus programs. A remote attacker can use the Buschtrommel client to gain unauthorized access to the victim system. The attacker can then perform such operations as: upload or download files, execute commands, restart Windows, control the mouse, send e-mail messages, launch a denial of service attack, and perform an application redirect. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.