Home > List all groups > List all tools > List all groups using tool sctrls

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: sctrls

TypeReconnaissance, Backdoor, Downloader
Description(Trend Micro) The sctrls backdoor has these functions:
• Compute the unique identifier (hash) from the username and computer name.
• Register a new user on the C&C server; this registration creates a new folder with hash name (<some_name>.php?b=<hash>).
• Read contents of the folder with the hash name from the C&C server, then download and run executables from that particular folder.

The malware operators can then upload binaries of shells or file stealers that will be executed into the respective folders. The directories of their C&C server were unsecured, and we were able to access all their registered victims (hashes) - numbering around 50 - as well as the other backdoors and file stealers in their employ.

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: Screenshotter
Next: SDBbot

All groups using tool sctrls


APT groups

 ConfuciusIndia2013-May 2018 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key