This in .Net witten backdoor abuses the DNS protocoll for its C2 communication. Also other techniques (e.g. long random sleeps, compression) are used to become more stealthy.
There is no Yara-Signature yet.
If your designated proposal does not fit in any other category,
feel free to write a free-text in the comment field below.
Please propose all changes regarding references on the Malpedia library page
Your suggestion will be reviewed before being published.
Thank you for contributing!