Botnet C&CMatsnu
Description
Matsnu is a type of hybridized malware bot which not only performs common backdoor tasks like retrieving and running additional files, communicating with C&C servers, updating or deleting itself, but can also lock a computer and demand a ransom.
Symptoms
Some possible symptoms include, but are not limited to:
- Inability to restart the computer in safe mode
- Inability to open the Windows registry editor
- Inability to open the Windows task manager
- Modification or deletion of certain registry entries
Analysis
Like many other rootkits or backdoor Trojans, Matsnu can perform multiple malicious tasks.
It also will attempt to maintain persistence and prevent the user from removing it by limiting access to core Windows programs like task manager and by preventing the computer from entering safe mode to remove the malicious program.
Instructions
It is not recommended that any attempts to remove this malware be performed manually. Fortinet recommends that you remove this threat by running a complete scan of your system using FortiClient Endpoint Protection.
