Botnet C&C

Matsnu

Brief

Matsnu is a type of hybridized malware bot which not only performs common backdoor tasks like retrieving and running additional files, communicating with C&C servers, updating or deleting itself, but can also lock a computer and demand a ransom.

Symptoms

Some possible symptoms include, but are not limited to:

  • Inability to restart the computer in safe mode
  • Inability to open the Windows registry editor
  • Inability to open the Windows task manager
  • Modification or deletion of certain registry entries

Analysis

Like many other rootkits or backdoor Trojans, Matsnu can perform multiple malicious tasks.

It also will attempt to maintain persistence and prevent the user from removing it by limiting access to core Windows programs like task manager and by preventing the computer from entering safe mode to remove the malicious program.

Instructions

It is not recommended that any attempts to remove this malware be performed manually. Fortinet recommends that you remove this threat by running a complete scan of your system using FortiClient Endpoint Protection.