We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win64/ApolloShadow!dha
Aliases: No associated aliases
Summary
Trojan:Win64/ApolloShadow!dha is a modular backdoor that targets 64-bit Windows devices using phishing emails, fake updates, and compromised software downloads. Once installed, it can persist in a variety of ways like registry changes, DLL side-loading, and acquire persistence. The mentioned techniques allow Trojan:Win64/ApolloShadow!dha to masquerade as a legitimate process with respect to security software.
Trojan:Win64/ApolloShadow!dha does reconnaissance, user credential theft, and comes with one or more secondary payloads like ransomware. It will contact a command and control (C2) site through encrypted HTTPS channels to upload data off the device.
The stealth capabilities of the trojan make it appear as the infected device is operating as expected, which in turn decreases the chances of detection. It will need analysis-based detection and not signature-based method approach.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
