Hi folks,
first discovered this bot a few months ago. It seems to be a work in progress, because bot and loader are full of debug strings. Currently, it constantly crashes explorer.exe after injection process on all Windows versions up to Windows 10. Might be anyway interesting for future research, since it looks like a bigger project...
Earlier version only consists of a dropper for the x86 and x86-64 payloads, later versions also come with a loader. At moment, it is not classified by any AV software.
August sample:
Dropper
https://www.virustotal.com/en/file/e207 ... /analysis/
November samples:
Loader
https://www.virustotal.com/en/file/2cbb ... /analysis/
https://www.virustotal.com/en/file/72cd ... /analysis/
https://www.virustotal.com/en/file/599b ... /analysis/
Dropper
https://www.virustotal.com/en/file/e356 ... /analysis/
first discovered this bot a few months ago. It seems to be a work in progress, because bot and loader are full of debug strings. Currently, it constantly crashes explorer.exe after injection process on all Windows versions up to Windows 10. Might be anyway interesting for future research, since it looks like a bigger project...
Earlier version only consists of a dropper for the x86 and x86-64 payloads, later versions also come with a loader. At moment, it is not classified by any AV software.
August sample:
Dropper
https://www.virustotal.com/en/file/e207 ... /analysis/
November samples:
Loader
https://www.virustotal.com/en/file/2cbb ... /analysis/
https://www.virustotal.com/en/file/72cd ... /analysis/
https://www.virustotal.com/en/file/599b ... /analysis/
Dropper
https://www.virustotal.com/en/file/e356 ... /analysis/
Attachments
PW: infected
(244.56 KiB) Downloaded 91 times
(244.56 KiB) Downloaded 91 times
Malware Reversing
http://www.malware-reversing.com
http://www.malware-reversing.com
