ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool sctrls

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: sctrls

TypeReconnaissance, Backdoor, Downloader
Description(Trend Micro) The sctrls backdoor has these functions:
• Compute the unique identifier (hash) from the username and computer name.
• Register a new user on the C&C server; this registration creates a new folder with hash name (<some_name>.php?b=<hash>).
• Read contents of the folder with the hash name from the C&C server, then download and run executables from that particular folder.

The malware operators can then upload binaries of shells or file stealers that will be executed into the respective folders. The directories of their C&C server were unsecured, and we were able to access all their registered victims (hashes) - numbering around 50 - as well as the other backdoors and file stealers in their employ.

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

All groups using tool sctrls


APT groups

 ConfuciusIndia2013-Aug 2021 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]