| 6.3.60L3nw00Uk.exe.4565bd5.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
| 6.3.60L3nw00Uk.exe.45bdbda.1.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x11bb0:$a1: logins.json
- 0x11b10:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x12334:$s4: \mozsqlite3.dll
- 0x115a4:$s5: SMTP Password
|
| 6.3.60L3nw00Uk.exe.45bdbda.1.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 2.2.60L3nw00Uk.exe.3a5c958.1.unpack | MAL_HawkEye_Keylogger_Gen_Dec18 | Detects HawkEye Keylogger Reborn | Florian Roth | - 0x85e2e:$s1: HawkEye Keylogger
- 0x85e97:$s1: HawkEye Keylogger
- 0x7f271:$s2: _ScreenshotLogger
- 0x7f23e:$s3: _PasswordStealer
|
| 2.2.60L3nw00Uk.exe.3a5c958.1.unpack | SUSP_NET_NAME_ConfuserEx | Detects ConfuserEx packed file | Arnim Rupp | - 0x85801:$name: ConfuserEx
- 0x8450e:$compile: AssemblyTitle
|
| 2.2.60L3nw00Uk.exe.3a5c958.1.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
| 2.2.60L3nw00Uk.exe.3a5c958.1.unpack | HawkEyev9 | HawkEye v9 Payload | ditekshen | - 0x85e2e:$id1: HawkEye Keylogger - Reborn v9 - {0} Logs - {1} \ {2}
- 0x85e97:$id2: HawkEye Keylogger - Reborn v9{0}{1} Logs{0}{2} \ {3}{0}{0}{4}
- 0x7f23e:$str1: _PasswordStealer
- 0x7f24f:$str2: _KeyStrokeLogger
- 0x7f271:$str3: _ScreenshotLogger
- 0x7f260:$str4: _ClipboardLogger
- 0x7f283:$str5: _WebCamLogger
- 0x7f398:$str6: _AntiVirusKiller
- 0x7f386:$str7: _ProcessElevation
- 0x7f34d:$str8: _DisableCommandPrompt
- 0x7f453:$str9: _WebsiteBlocker
- 0x7f463:$str9: _WebsiteBlocker
- 0x7f339:$str10: _DisableTaskManager
- 0x7f3b4:$str11: _AntiDebugger
- 0x7f43e:$str12: _WebsiteVisitorSites
- 0x7f363:$str13: _DisableRegEdit
- 0x7f3c2:$str14: _ExecutionDelay
- 0x7f2e7:$str15: _InstallStartupPersistance
|
| 6.2.60L3nw00Uk.exe.3d91990.2.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x11bb0:$a1: logins.json
- 0x11b10:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x12334:$s4: \mozsqlite3.dll
- 0x115a4:$s5: SMTP Password
|
| 6.2.60L3nw00Uk.exe.3d91990.2.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 22.2.vbc.exe.400000.0.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x147b0:$a1: logins.json
- 0x14710:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x14f34:$s4: \mozsqlite3.dll
- 0x137a4:$s5: SMTP Password
|
| 22.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 6.2.60L3nw00Uk.exe.3d91990.2.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
| 6.2.60L3nw00Uk.exe.3d91990.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 22.2.vbc.exe.400000.0.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
| 22.2.vbc.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 6.2.60L3nw00Uk.exe.400000.0.unpack | MAL_HawkEye_Keylogger_Gen_Dec18 | Detects HawkEye Keylogger Reborn | Florian Roth | - 0x87c2e:$s1: HawkEye Keylogger
- 0x87c97:$s1: HawkEye Keylogger
- 0x81071:$s2: _ScreenshotLogger
- 0x8103e:$s3: _PasswordStealer
|
| 6.2.60L3nw00Uk.exe.400000.0.unpack | SUSP_NET_NAME_ConfuserEx | Detects ConfuserEx packed file | Arnim Rupp | - 0x87601:$name: ConfuserEx
- 0x8630e:$compile: AssemblyTitle
|
| 6.2.60L3nw00Uk.exe.400000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
| 6.2.60L3nw00Uk.exe.400000.0.unpack | HawkEyev9 | HawkEye v9 Payload | ditekshen | - 0x87c2e:$id1: HawkEye Keylogger - Reborn v9 - {0} Logs - {1} \ {2}
- 0x87c97:$id2: HawkEye Keylogger - Reborn v9{0}{1} Logs{0}{2} \ {3}{0}{0}{4}
- 0x8103e:$str1: _PasswordStealer
- 0x8104f:$str2: _KeyStrokeLogger
- 0x81071:$str3: _ScreenshotLogger
- 0x81060:$str4: _ClipboardLogger
- 0x81083:$str5: _WebCamLogger
- 0x81198:$str6: _AntiVirusKiller
- 0x81186:$str7: _ProcessElevation
- 0x8114d:$str8: _DisableCommandPrompt
- 0x81253:$str9: _WebsiteBlocker
- 0x81263:$str9: _WebsiteBlocker
- 0x81139:$str10: _DisableTaskManager
- 0x811b4:$str11: _AntiDebugger
- 0x8123e:$str12: _WebsiteVisitorSites
- 0x81163:$str13: _DisableRegEdit
- 0x811c2:$str14: _ExecutionDelay
- 0x810e7:$str15: _InstallStartupPersistance
|
| 7.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
| 6.3.60L3nw00Uk.exe.45bdbda.1.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
| 6.3.60L3nw00Uk.exe.45bdbda.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 2.2.60L3nw00Uk.exe.3a5c958.1.raw.unpack | MAL_HawkEye_Keylogger_Gen_Dec18 | Detects HawkEye Keylogger Reborn | Florian Roth | - 0x87c2e:$s1: HawkEye Keylogger
- 0x87c97:$s1: HawkEye Keylogger
- 0x81071:$s2: _ScreenshotLogger
- 0x8103e:$s3: _PasswordStealer
|
| 2.2.60L3nw00Uk.exe.3a5c958.1.raw.unpack | SUSP_NET_NAME_ConfuserEx | Detects ConfuserEx packed file | Arnim Rupp | - 0x87601:$name: ConfuserEx
- 0x8630e:$compile: AssemblyTitle
|
| 2.2.60L3nw00Uk.exe.3a5c958.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
| 2.2.60L3nw00Uk.exe.3a5c958.1.raw.unpack | HawkEyev9 | HawkEye v9 Payload | ditekshen | - 0x87c2e:$id1: HawkEye Keylogger - Reborn v9 - {0} Logs - {1} \ {2}
- 0x87c97:$id2: HawkEye Keylogger - Reborn v9{0}{1} Logs{0}{2} \ {3}{0}{0}{4}
- 0x8103e:$str1: _PasswordStealer
- 0x8104f:$str2: _KeyStrokeLogger
- 0x81071:$str3: _ScreenshotLogger
- 0x81060:$str4: _ClipboardLogger
- 0x81083:$str5: _WebCamLogger
- 0x81198:$str6: _AntiVirusKiller
- 0x81186:$str7: _ProcessElevation
- 0x8114d:$str8: _DisableCommandPrompt
- 0x81253:$str9: _WebsiteBlocker
- 0x81263:$str9: _WebsiteBlocker
- 0x81139:$str10: _DisableTaskManager
- 0x811b4:$str11: _AntiDebugger
- 0x8123e:$str12: _WebsiteVisitorSites
- 0x81163:$str13: _DisableRegEdit
- 0x811c2:$str14: _ExecutionDelay
- 0x810e7:$str15: _InstallStartupPersistance
|
| 6.2.60L3nw00Uk.exe.3cf5950.3.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
| 6.3.60L3nw00Uk.exe.4565890.2.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x696fa:$a1: logins.json
- 0x6965a:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x69e7e:$s4: \mozsqlite3.dll
- 0x686ee:$s5: SMTP Password
|
| 6.3.60L3nw00Uk.exe.4565890.2.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 6.3.60L3nw00Uk.exe.4565890.2.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
| 2.2.60L3nw00Uk.exe.39871a0.2.raw.unpack | MAL_HawkEye_Keylogger_Gen_Dec18 | Detects HawkEye Keylogger Reborn | Florian Roth | - 0x15d3e6:$s1: HawkEye Keylogger
- 0x15d44f:$s1: HawkEye Keylogger
- 0x156829:$s2: _ScreenshotLogger
- 0x1567f6:$s3: _PasswordStealer
|
| 2.2.60L3nw00Uk.exe.39871a0.2.raw.unpack | SUSP_NET_NAME_ConfuserEx | Detects ConfuserEx packed file | Arnim Rupp | - 0x15cdb9:$name: ConfuserEx
- 0x132df:$compile: AssemblyTitle
- 0x15bac6:$compile: AssemblyTitle
|
| 2.2.60L3nw00Uk.exe.39871a0.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
| 2.2.60L3nw00Uk.exe.39871a0.2.raw.unpack | HawkEyev9 | HawkEye v9 Payload | ditekshen | - 0x15d3e6:$id1: HawkEye Keylogger - Reborn v9 - {0} Logs - {1} \ {2}
- 0x15d44f:$id2: HawkEye Keylogger - Reborn v9{0}{1} Logs{0}{2} \ {3}{0}{0}{4}
- 0x1567f6:$str1: _PasswordStealer
- 0x156807:$str2: _KeyStrokeLogger
- 0x156829:$str3: _ScreenshotLogger
- 0x156818:$str4: _ClipboardLogger
- 0x15683b:$str5: _WebCamLogger
- 0x156950:$str6: _AntiVirusKiller
- 0x15693e:$str7: _ProcessElevation
- 0x156905:$str8: _DisableCommandPrompt
- 0x156a0b:$str9: _WebsiteBlocker
- 0x156a1b:$str9: _WebsiteBlocker
- 0x1568f1:$str10: _DisableTaskManager
- 0x15696c:$str11: _AntiDebugger
- 0x1569f6:$str12: _WebsiteVisitorSites
- 0x15691b:$str13: _DisableRegEdit
- 0x15697a:$str14: _ExecutionDelay
- 0x15689f:$str15: _InstallStartupPersistance
|
| 6.3.60L3nw00Uk.exe.4565890.2.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x6b4fa:$a1: logins.json
- 0x6b45a:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x6bc7e:$s4: \mozsqlite3.dll
- 0x6a4ee:$s5: SMTP Password
|
| 6.3.60L3nw00Uk.exe.4565890.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 6.3.60L3nw00Uk.exe.4565890.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
| 6.3.60L3nw00Uk.exe.4565bd5.0.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x6b1b5:$a1: logins.json
- 0x6b115:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x6b939:$s4: \mozsqlite3.dll
- 0x6a1a9:$s5: SMTP Password
|
| 6.3.60L3nw00Uk.exe.4565bd5.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 6.3.60L3nw00Uk.exe.4565bd5.0.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
| 7.2.vbc.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
| 6.2.60L3nw00Uk.exe.3cf5950.3.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0xaf1f0:$a1: logins.json
- 0xaf150:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0xaf974:$s4: \mozsqlite3.dll
- 0xae1e4:$s5: SMTP Password
|
| 6.2.60L3nw00Uk.exe.3cf5950.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
| 6.2.60L3nw00Uk.exe.3cf5950.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
| Click to see the 39 entries |
Play interactive tour
Edit tour
