Pasam

Pasam is a trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0208
Aliases: Pasam
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
Pasam[2]

Techniques Used

DomainIDNameUse
EnterpriseT1043Commonly Used PortPasam connects to external C2 infrastructure and opens a backdoor over port 443.[2]
EnterpriseT1005Data from Local SystemPasam creates a backdoor through which remote attackers can retrieve files.[2]
EnterpriseT1083File and Directory DiscoveryPasam creates a backdoor through which remote attackers can retrieve lists of files.[2]
EnterpriseT1107File DeletionPasam creates a backdoor through which remote attackers can delete files.[2]
EnterpriseT1177LSASS DriverPasam establishes by infecting the Security Accounts Manager (SAM) DLL to load a malicious DLL dropped to disk.[2]
EnterpriseT1057Process DiscoveryPasam creates a backdoor through which remote attackers can retrieve lists of running processes.[2]
EnterpriseT1105Remote File CopyPasam creates a backdoor through which remote attackers can upload files.[2]
EnterpriseT1082System Information DiscoveryPasam creates a backdoor through which remote attackers can retrieve information such as hostname and free disk space.[2]

Groups

Groups that use this software:

Elderwood

References