| Port No | 50552 |
| Service Name | R0xr4t |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | R0xR4t is a Brazilian backdoor Trojan affecting Microsoft Windows operating systems. The backdoor server, server.exe, opens either TCP port 5050 or 60552 on the victim machine by default. It also modifies the Windows registry to ensure that it gets run at system start up. A remote attacker can use the R0xR4t client, R0xR4t.exe, to gain unauthorized access to the victim system. The attacker can use the client to upload/download files, execute files, and manipulate the file system, among other things. The R0xR4t Trojan includes a keystroke logger that can be used to record all user keystrokes. The keystroke data is saved to a hidden file which can be downloaded by the attacker, and checked to obtain confidential information. Most versions of R0xR4t also act as FTP servers and notifiers |
| Reference Link | More Information |
| Attack | Name:R0xr4t R0xr4t Removal Instructions Kill the following processes editserver.exe, r0xr4t.exe, server.exe 2. Remove the following files editserver.exe, icons.icl, leiame.txt, r0xr4t.exe, server.exe. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.