Skip to content
MalwareWiki

Malware

CLEANTOAD

CLEANTOAD is a disruption tool that will delete file system artifacts, including those related to BLINDTOAD, and will run after a date obtained from a configuration file.

CLEANTOAD is a Windows malware family operated by Lazarus Group.

Background

CLEANTOAD is a disruptive cleanup tool that wipes file system artifacts, including those left by BLINDTOAD, and only activates once a date read from its configuration file has passed. It injects shellcode into notepad.exe and proceeds to overwrite and delete files, alter registry keys, remove services, and purge Windows event logs.

Source: Malpedia (Fraunhofer FKIE).