https://securelist.com/blog/research/76 ... ion-users/
http://usa.kaspersky.com/about-us/press ... StrongPity
some win32/strongpity stuff attached
caced8a4982b1483679f5f5825b6a003 looks like the dropper mentioned in securelist article.
https://malwr.com/analysis/NWExNDlmYTUw ... f493e0be33
dropping this
2f98ac11c78ad1b4c5c5c10a88857baf7af43acb9162e8077709db9d563bcf02
1915536f3e033c6ef2238bb4da940432e0c8a4115236add6505aa7e7c2442aa5
23f61dc51206b72a9577fa4856433b11de9ee126787efdf92bdb259d47abf8f9
ee7f490891289c8649751382ed2fa9e84abb630f1556d9d2a664eaca0db7e340
73296791bdc11ea82d791e6ab91ccc13877eadb7bc6d0c699c917a7feef9ae33
http://usa.kaspersky.com/about-us/press ... StrongPity
some win32/strongpity stuff attached
caced8a4982b1483679f5f5825b6a003 looks like the dropper mentioned in securelist article.
https://malwr.com/analysis/NWExNDlmYTUw ... f493e0be33
dropping this
Code: Select all
attached:,,,\Temp\procexp.exe
...\Temp\sega
...\Temp\sega\Wrlck.dll
...\Temp\sega\wrlck.cab
...\Temp\sega\Prst.dll
...\Temp\sega\prst.cab
...\Temp\sega\wndplyr.exe
...\Temp\sega\nvvscv.exe2f98ac11c78ad1b4c5c5c10a88857baf7af43acb9162e8077709db9d563bcf02
1915536f3e033c6ef2238bb4da940432e0c8a4115236add6505aa7e7c2442aa5
23f61dc51206b72a9577fa4856433b11de9ee126787efdf92bdb259d47abf8f9
ee7f490891289c8649751382ed2fa9e84abb630f1556d9d2a664eaca0db7e340
73296791bdc11ea82d791e6ab91ccc13877eadb7bc6d0c699c917a7feef9ae33
Attachments
(7.48 MiB) Downloaded 66 times
