17.2.Windows Update.exe.350b42c.5.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.2.Windows Update.exe.7f20000.9.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
4.2.RedLine.MainPanel-cracked.exe.2ad9310.4.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2ad9310.4.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x67d3:$a1: netsh firewall add allowedprogram
- 0x1c02b:$a1: netsh firewall add allowedprogram
- 0x24043:$a1: netsh firewall add allowedprogram
- 0x67a3:$a2: SEE_MASK_NOZONECHECKS
- 0x1bffb:$a2: SEE_MASK_NOZONECHECKS
- 0x24013:$a2: SEE_MASK_NOZONECHECKS
- 0x69c3:$b1: [TAP]
- 0x1c21b:$b1: [TAP]
- 0x24233:$b1: [TAP]
- 0x68bf:$c3: cmd.exe /c ping
- 0x1c117:$c3: cmd.exe /c ping
- 0x2412f:$c3: cmd.exe /c ping
|
4.2.RedLine.MainPanel-cracked.exe.2ad9310.4.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x67a3:$reg: SEE_MASK_NOZONECHECKS
- 0x1bffb:$reg: SEE_MASK_NOZONECHECKS
- 0x24013:$reg: SEE_MASK_NOZONECHECKS
- 0x64a4:$msg: Execute ERROR
- 0x653e:$msg: Execute ERROR
- 0x1bcfc:$msg: Execute ERROR
- 0x1bd96:$msg: Execute ERROR
- 0x23d14:$msg: Execute ERROR
- 0x23dae:$msg: Execute ERROR
- 0x68bf:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x1c117:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x2412f:$ping: cmd.exe /c ping 0 -n 2 & del
|
5.2.RedLine.MainPanel-cracked.exe.2886bc0.3.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
5.2.RedLine.MainPanel-cracked.exe.2886bc0.3.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xe77b:$a1: netsh firewall add allowedprogram
- 0x16793:$a1: netsh firewall add allowedprogram
- 0xe74b:$a2: SEE_MASK_NOZONECHECKS
- 0x16763:$a2: SEE_MASK_NOZONECHECKS
- 0xe96b:$b1: [TAP]
- 0x16983:$b1: [TAP]
- 0xe867:$c3: cmd.exe /c ping
- 0x1687f:$c3: cmd.exe /c ping
|
5.2.RedLine.MainPanel-cracked.exe.2886bc0.3.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xe74b:$reg: SEE_MASK_NOZONECHECKS
- 0x16763:$reg: SEE_MASK_NOZONECHECKS
- 0xe44c:$msg: Execute ERROR
- 0xe4e6:$msg: Execute ERROR
- 0x16464:$msg: Execute ERROR
- 0x164fe:$msg: Execute ERROR
- 0xe867:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x1687f:$ping: cmd.exe /c ping 0 -n 2 & del
|
28.0.vbc.exe.400000.4.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
5.2.RedLine.MainPanel-cracked.exe.24b0000.1.raw.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x68bf:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x6504:$s3: Executed As
|
5.2.RedLine.MainPanel-cracked.exe.24b0000.1.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
5.2.RedLine.MainPanel-cracked.exe.24b0000.1.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x67d3:$a1: netsh firewall add allowedprogram
- 0x67a3:$a2: SEE_MASK_NOZONECHECKS
- 0x69c3:$b1: [TAP]
- 0x68bf:$c3: cmd.exe /c ping
|
5.2.RedLine.MainPanel-cracked.exe.24b0000.1.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x67a3:$reg: SEE_MASK_NOZONECHECKS
- 0x64a4:$msg: Execute ERROR
- 0x653e:$msg: Execute ERROR
- 0x68bf:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.3.Windows Update.exe.6e1b39a.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d49c0d.11.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2630000.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x4abf:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x4704:$s3: Executed As
|
4.2.RedLine.MainPanel-cracked.exe.2630000.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2630000.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x49d3:$a1: netsh firewall add allowedprogram
- 0x49a3:$a2: SEE_MASK_NOZONECHECKS
- 0x4bc3:$b1: [TAP]
- 0x4abf:$c3: cmd.exe /c ping
|
4.2.RedLine.MainPanel-cracked.exe.2630000.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x49a3:$reg: SEE_MASK_NOZONECHECKS
- 0x46a4:$msg: Execute ERROR
- 0x473e:$msg: Execute ERROR
- 0x4abf:$ping: cmd.exe /c ping 0 -n 2 & del
|
25.2.vbc.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
28.0.vbc.exe.400000.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2ae6bc0.2.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2ae6bc0.2.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xe77b:$a1: netsh firewall add allowedprogram
- 0x16793:$a1: netsh firewall add allowedprogram
- 0xe74b:$a2: SEE_MASK_NOZONECHECKS
- 0x16763:$a2: SEE_MASK_NOZONECHECKS
- 0xe96b:$b1: [TAP]
- 0x16983:$b1: [TAP]
- 0xe867:$c3: cmd.exe /c ping
- 0x1687f:$c3: cmd.exe /c ping
|
4.2.RedLine.MainPanel-cracked.exe.2ae6bc0.2.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xe74b:$reg: SEE_MASK_NOZONECHECKS
- 0x16763:$reg: SEE_MASK_NOZONECHECKS
- 0xe44c:$msg: Execute ERROR
- 0xe4e6:$msg: Execute ERROR
- 0x16464:$msg: Execute ERROR
- 0x164fe:$msg: Execute ERROR
- 0xe867:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x1687f:$ping: cmd.exe /c ping 0 -n 2 & del
|
2.0.Keylogger.exe.7bfa72.2.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.2.Keylogger.exe.7bfa72.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1db97:$key: HawkEyeKeylogger
- 0x1fecd:$salt: 099u787978786
- 0x1e254:$string1: HawkEye_Keylogger
- 0x1f0a7:$string1: HawkEye_Keylogger
- 0x1fe2d:$string1: HawkEye_Keylogger
- 0x1e63d:$string2: holdermail.txt
- 0x1e65d:$string2: holdermail.txt
- 0x1e57f:$string3: wallet.dat
- 0x1e597:$string3: wallet.dat
- 0x1e5ad:$string3: wallet.dat
- 0x1f9f1:$string4: Keylog Records
- 0x1fd09:$string4: Keylog Records
- 0x1ff25:$string5: do not script -->
- 0x1db7f:$string6: \pidloc.txt
- 0x1dc0d:$string7: BSPLIT
- 0x1dc1d:$string7: BSPLIT
|
2.2.Keylogger.exe.7bfa72.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.2.Keylogger.exe.7bfa72.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
2.2.Keylogger.exe.7bfa72.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ac:$hawkstr1: HawkEye Keylogger
- 0x1f0ed:$hawkstr1: HawkEye Keylogger
- 0x1f41c:$hawkstr1: HawkEye Keylogger
- 0x1f577:$hawkstr1: HawkEye Keylogger
- 0x1f6da:$hawkstr1: HawkEye Keylogger
- 0x1f9c9:$hawkstr1: HawkEye Keylogger
- 0x1de1e:$hawkstr2: Dear HawkEye Customers!
- 0x1f46f:$hawkstr2: Dear HawkEye Customers!
- 0x1f5c6:$hawkstr2: Dear HawkEye Customers!
- 0x1f72d:$hawkstr2: Dear HawkEye Customers!
- 0x1df3f:$hawkstr3: HawkEye Logger Details:
|
2.2.Keylogger.exe.768208.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x75401:$key: HawkEyeKeylogger
- 0x77737:$salt: 099u787978786
- 0x75abe:$string1: HawkEye_Keylogger
- 0x76911:$string1: HawkEye_Keylogger
- 0x77697:$string1: HawkEye_Keylogger
- 0x75ea7:$string2: holdermail.txt
- 0x75ec7:$string2: holdermail.txt
- 0x75de9:$string3: wallet.dat
- 0x75e01:$string3: wallet.dat
- 0x75e17:$string3: wallet.dat
- 0x7725b:$string4: Keylog Records
- 0x77573:$string4: Keylog Records
- 0x7778f:$string5: do not script -->
- 0x753e9:$string6: \pidloc.txt
- 0x75477:$string7: BSPLIT
- 0x75487:$string7: BSPLIT
|
2.2.Keylogger.exe.768208.2.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
2.2.Keylogger.exe.768208.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.2.Keylogger.exe.768208.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
2.2.Keylogger.exe.768208.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
2.2.Keylogger.exe.768208.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b16:$hawkstr1: HawkEye Keylogger
- 0x76957:$hawkstr1: HawkEye Keylogger
- 0x76c86:$hawkstr1: HawkEye Keylogger
- 0x76de1:$hawkstr1: HawkEye Keylogger
- 0x76f44:$hawkstr1: HawkEye Keylogger
- 0x77233:$hawkstr1: HawkEye Keylogger
- 0x75688:$hawkstr2: Dear HawkEye Customers!
- 0x76cd9:$hawkstr2: Dear HawkEye Customers!
- 0x76e30:$hawkstr2: Dear HawkEye Customers!
- 0x76f97:$hawkstr2: Dear HawkEye Customers!
- 0x757a9:$hawkstr3: HawkEye Logger Details:
|
2.3.Keylogger.exe.eb4e92.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d48208.6.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x75401:$key: HawkEyeKeylogger
- 0x77737:$salt: 099u787978786
- 0x75abe:$string1: HawkEye_Keylogger
- 0x76911:$string1: HawkEye_Keylogger
- 0x77697:$string1: HawkEye_Keylogger
- 0x75ea7:$string2: holdermail.txt
- 0x75ec7:$string2: holdermail.txt
- 0x75de9:$string3: wallet.dat
- 0x75e01:$string3: wallet.dat
- 0x75e17:$string3: wallet.dat
- 0x7725b:$string4: Keylog Records
- 0x77573:$string4: Keylog Records
- 0x7778f:$string5: do not script -->
- 0x753e9:$string6: \pidloc.txt
- 0x75477:$string7: BSPLIT
- 0x75487:$string7: BSPLIT
|
17.0.Windows Update.exe.d48208.6.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.0.Windows Update.exe.d48208.6.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d48208.6.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d48208.6.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d48208.6.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b16:$hawkstr1: HawkEye Keylogger
- 0x76957:$hawkstr1: HawkEye Keylogger
- 0x76c86:$hawkstr1: HawkEye Keylogger
- 0x76de1:$hawkstr1: HawkEye Keylogger
- 0x76f44:$hawkstr1: HawkEye Keylogger
- 0x77233:$hawkstr1: HawkEye Keylogger
- 0x75688:$hawkstr2: Dear HawkEye Customers!
- 0x76cd9:$hawkstr2: Dear HawkEye Customers!
- 0x76e30:$hawkstr2: Dear HawkEye Customers!
- 0x76f97:$hawkstr2: Dear HawkEye Customers!
- 0x757a9:$hawkstr3: HawkEye Logger Details:
|
2.2.Keylogger.exe.769c0d.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d9fa72.13.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1db97:$key: HawkEyeKeylogger
- 0x1fecd:$salt: 099u787978786
- 0x1e254:$string1: HawkEye_Keylogger
- 0x1f0a7:$string1: HawkEye_Keylogger
- 0x1fe2d:$string1: HawkEye_Keylogger
- 0x1e63d:$string2: holdermail.txt
- 0x1e65d:$string2: holdermail.txt
- 0x1e57f:$string3: wallet.dat
- 0x1e597:$string3: wallet.dat
- 0x1e5ad:$string3: wallet.dat
- 0x1f9f1:$string4: Keylog Records
- 0x1fd09:$string4: Keylog Records
- 0x1ff25:$string5: do not script -->
- 0x1db7f:$string6: \pidloc.txt
- 0x1dc0d:$string7: BSPLIT
- 0x1dc1d:$string7: BSPLIT
|
17.0.Windows Update.exe.d9fa72.13.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d9fa72.13.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d9fa72.13.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ac:$hawkstr1: HawkEye Keylogger
- 0x1f0ed:$hawkstr1: HawkEye Keylogger
- 0x1f41c:$hawkstr1: HawkEye Keylogger
- 0x1f577:$hawkstr1: HawkEye Keylogger
- 0x1f6da:$hawkstr1: HawkEye Keylogger
- 0x1f9c9:$hawkstr1: HawkEye Keylogger
- 0x1de1e:$hawkstr2: Dear HawkEye Customers!
- 0x1f46f:$hawkstr2: Dear HawkEye Customers!
- 0x1f5c6:$hawkstr2: Dear HawkEye Customers!
- 0x1f72d:$hawkstr2: Dear HawkEye Customers!
- 0x1df3f:$hawkstr3: HawkEye Logger Details:
|
2.0.Keylogger.exe.768208.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x75401:$key: HawkEyeKeylogger
- 0x77737:$salt: 099u787978786
- 0x75abe:$string1: HawkEye_Keylogger
- 0x76911:$string1: HawkEye_Keylogger
- 0x77697:$string1: HawkEye_Keylogger
- 0x75ea7:$string2: holdermail.txt
- 0x75ec7:$string2: holdermail.txt
- 0x75de9:$string3: wallet.dat
- 0x75e01:$string3: wallet.dat
- 0x75e17:$string3: wallet.dat
- 0x7725b:$string4: Keylog Records
- 0x77573:$string4: Keylog Records
- 0x7778f:$string5: do not script -->
- 0x753e9:$string6: \pidloc.txt
- 0x75477:$string7: BSPLIT
- 0x75487:$string7: BSPLIT
|
2.0.Keylogger.exe.768208.3.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
2.0.Keylogger.exe.768208.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.0.Keylogger.exe.768208.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
2.0.Keylogger.exe.768208.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
2.0.Keylogger.exe.768208.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b16:$hawkstr1: HawkEye Keylogger
- 0x76957:$hawkstr1: HawkEye Keylogger
- 0x76c86:$hawkstr1: HawkEye Keylogger
- 0x76de1:$hawkstr1: HawkEye Keylogger
- 0x76f44:$hawkstr1: HawkEye Keylogger
- 0x77233:$hawkstr1: HawkEye Keylogger
- 0x75688:$hawkstr2: Dear HawkEye Customers!
- 0x76cd9:$hawkstr2: Dear HawkEye Customers!
- 0x76e30:$hawkstr2: Dear HawkEye Customers!
- 0x76f97:$hawkstr2: Dear HawkEye Customers!
- 0x757a9:$hawkstr3: HawkEye Logger Details:
|
17.3.Windows Update.exe.6e1b39a.0.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1db97:$key: HawkEyeKeylogger
- 0x1fecd:$salt: 099u787978786
- 0x1e254:$string1: HawkEye_Keylogger
- 0x1f0a7:$string1: HawkEye_Keylogger
- 0x1fe2d:$string1: HawkEye_Keylogger
- 0x1e63d:$string2: holdermail.txt
- 0x1e65d:$string2: holdermail.txt
- 0x1e57f:$string3: wallet.dat
- 0x1e597:$string3: wallet.dat
- 0x1e5ad:$string3: wallet.dat
- 0x1f9f1:$string4: Keylog Records
- 0x1fd09:$string4: Keylog Records
- 0x1ff25:$string5: do not script -->
- 0x1db7f:$string6: \pidloc.txt
- 0x1dc0d:$string7: BSPLIT
- 0x1dc1d:$string7: BSPLIT
|
17.3.Windows Update.exe.6e1b39a.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.3.Windows Update.exe.6e1b39a.0.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.3.Windows Update.exe.6e1b39a.0.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ac:$hawkstr1: HawkEye Keylogger
- 0x1f0ed:$hawkstr1: HawkEye Keylogger
- 0x1f41c:$hawkstr1: HawkEye Keylogger
- 0x1f577:$hawkstr1: HawkEye Keylogger
- 0x1f6da:$hawkstr1: HawkEye Keylogger
- 0x1f9c9:$hawkstr1: HawkEye Keylogger
- 0x1de1e:$hawkstr2: Dear HawkEye Customers!
- 0x1f46f:$hawkstr2: Dear HawkEye Customers!
- 0x1f5c6:$hawkstr2: Dear HawkEye Customers!
- 0x1f72d:$hawkstr2: Dear HawkEye Customers!
- 0x1df3f:$hawkstr3: HawkEye Logger Details:
|
16.2.RedLine.exe.2a99190.3.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x4abf:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x4704:$s3: Executed As
|
16.2.RedLine.exe.2a99190.3.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
16.2.RedLine.exe.2a99190.3.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x49d3:$a1: netsh firewall add allowedprogram
- 0x49a3:$a2: SEE_MASK_NOZONECHECKS
- 0x4bc3:$b1: [TAP]
- 0x4abf:$c3: cmd.exe /c ping
|
16.2.RedLine.exe.2a99190.3.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x49a3:$reg: SEE_MASK_NOZONECHECKS
- 0x46a4:$msg: Execute ERROR
- 0x473e:$msg: Execute ERROR
- 0x4abf:$ping: cmd.exe /c ping 0 -n 2 & del
|
2.3.Keylogger.exe.eb4e92.0.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1db97:$key: HawkEyeKeylogger
- 0x1fecd:$salt: 099u787978786
- 0x1e254:$string1: HawkEye_Keylogger
- 0x1f0a7:$string1: HawkEye_Keylogger
- 0x1fe2d:$string1: HawkEye_Keylogger
- 0x1e63d:$string2: holdermail.txt
- 0x1e65d:$string2: holdermail.txt
- 0x1e57f:$string3: wallet.dat
- 0x1e597:$string3: wallet.dat
- 0x1e5ad:$string3: wallet.dat
- 0x1f9f1:$string4: Keylog Records
- 0x1fd09:$string4: Keylog Records
- 0x1ff25:$string5: do not script -->
- 0x1db7f:$string6: \pidloc.txt
- 0x1dc0d:$string7: BSPLIT
- 0x1dc1d:$string7: BSPLIT
|
2.3.Keylogger.exe.eb4e92.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.3.Keylogger.exe.eb4e92.0.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
2.3.Keylogger.exe.eb4e92.0.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ac:$hawkstr1: HawkEye Keylogger
- 0x1f0ed:$hawkstr1: HawkEye Keylogger
- 0x1f41c:$hawkstr1: HawkEye Keylogger
- 0x1f577:$hawkstr1: HawkEye Keylogger
- 0x1f6da:$hawkstr1: HawkEye Keylogger
- 0x1f9c9:$hawkstr1: HawkEye Keylogger
- 0x1de1e:$hawkstr2: Dear HawkEye Customers!
- 0x1f46f:$hawkstr2: Dear HawkEye Customers!
- 0x1f5c6:$hawkstr2: Dear HawkEye Customers!
- 0x1f72d:$hawkstr2: Dear HawkEye Customers!
- 0x1df3f:$hawkstr3: HawkEye Logger Details:
|
16.2.RedLine.exe.2a99190.3.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
16.2.RedLine.exe.2a99190.3.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x67d3:$a1: netsh firewall add allowedprogram
- 0x1c02b:$a1: netsh firewall add allowedprogram
- 0x24043:$a1: netsh firewall add allowedprogram
- 0x67a3:$a2: SEE_MASK_NOZONECHECKS
- 0x1bffb:$a2: SEE_MASK_NOZONECHECKS
- 0x24013:$a2: SEE_MASK_NOZONECHECKS
- 0x69c3:$b1: [TAP]
- 0x1c21b:$b1: [TAP]
- 0x24233:$b1: [TAP]
- 0x68bf:$c3: cmd.exe /c ping
- 0x1c117:$c3: cmd.exe /c ping
- 0x2412f:$c3: cmd.exe /c ping
|
16.2.RedLine.exe.2a99190.3.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x67a3:$reg: SEE_MASK_NOZONECHECKS
- 0x1bffb:$reg: SEE_MASK_NOZONECHECKS
- 0x24013:$reg: SEE_MASK_NOZONECHECKS
- 0x64a4:$msg: Execute ERROR
- 0x653e:$msg: Execute ERROR
- 0x1bcfc:$msg: Execute ERROR
- 0x1bd96:$msg: Execute ERROR
- 0x23d14:$msg: Execute ERROR
- 0x23dae:$msg: Execute ERROR
- 0x68bf:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x1c117:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x2412f:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.0.Windows Update.exe.d9fa72.5.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1db97:$key: HawkEyeKeylogger
- 0x1fecd:$salt: 099u787978786
- 0x1e254:$string1: HawkEye_Keylogger
- 0x1f0a7:$string1: HawkEye_Keylogger
- 0x1fe2d:$string1: HawkEye_Keylogger
- 0x1e63d:$string2: holdermail.txt
- 0x1e65d:$string2: holdermail.txt
- 0x1e57f:$string3: wallet.dat
- 0x1e597:$string3: wallet.dat
- 0x1e5ad:$string3: wallet.dat
- 0x1f9f1:$string4: Keylog Records
- 0x1fd09:$string4: Keylog Records
- 0x1ff25:$string5: do not script -->
- 0x1db7f:$string6: \pidloc.txt
- 0x1dc0d:$string7: BSPLIT
- 0x1dc1d:$string7: BSPLIT
|
17.0.Windows Update.exe.d9fa72.5.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d9fa72.5.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d9fa72.5.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ac:$hawkstr1: HawkEye Keylogger
- 0x1f0ed:$hawkstr1: HawkEye Keylogger
- 0x1f41c:$hawkstr1: HawkEye Keylogger
- 0x1f577:$hawkstr1: HawkEye Keylogger
- 0x1f6da:$hawkstr1: HawkEye Keylogger
- 0x1f9c9:$hawkstr1: HawkEye Keylogger
- 0x1de1e:$hawkstr2: Dear HawkEye Customers!
- 0x1f46f:$hawkstr2: Dear HawkEye Customers!
- 0x1f5c6:$hawkstr2: Dear HawkEye Customers!
- 0x1f72d:$hawkstr2: Dear HawkEye Customers!
- 0x1df3f:$hawkstr3: HawkEye Logger Details:
|
17.0.Windows Update.exe.d48208.14.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x75401:$key: HawkEyeKeylogger
- 0x77737:$salt: 099u787978786
- 0x75abe:$string1: HawkEye_Keylogger
- 0x76911:$string1: HawkEye_Keylogger
- 0x77697:$string1: HawkEye_Keylogger
- 0x75ea7:$string2: holdermail.txt
- 0x75ec7:$string2: holdermail.txt
- 0x75de9:$string3: wallet.dat
- 0x75e01:$string3: wallet.dat
- 0x75e17:$string3: wallet.dat
- 0x7725b:$string4: Keylog Records
- 0x77573:$string4: Keylog Records
- 0x7778f:$string5: do not script -->
- 0x753e9:$string6: \pidloc.txt
- 0x75477:$string7: BSPLIT
- 0x75487:$string7: BSPLIT
|
17.0.Windows Update.exe.d48208.14.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.0.Windows Update.exe.d48208.14.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d48208.14.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d48208.14.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d48208.14.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b16:$hawkstr1: HawkEye Keylogger
- 0x76957:$hawkstr1: HawkEye Keylogger
- 0x76c86:$hawkstr1: HawkEye Keylogger
- 0x76de1:$hawkstr1: HawkEye Keylogger
- 0x76f44:$hawkstr1: HawkEye Keylogger
- 0x77233:$hawkstr1: HawkEye Keylogger
- 0x75688:$hawkstr2: Dear HawkEye Customers!
- 0x76cd9:$hawkstr2: Dear HawkEye Customers!
- 0x76e30:$hawkstr2: Dear HawkEye Customers!
- 0x76f97:$hawkstr2: Dear HawkEye Customers!
- 0x757a9:$hawkstr3: HawkEye Logger Details:
|
16.2.RedLine.exe.2aa6b58.2.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
16.2.RedLine.exe.2aa6b58.2.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xe663:$a1: netsh firewall add allowedprogram
- 0x1667b:$a1: netsh firewall add allowedprogram
- 0xe633:$a2: SEE_MASK_NOZONECHECKS
- 0x1664b:$a2: SEE_MASK_NOZONECHECKS
- 0xe853:$b1: [TAP]
- 0x1686b:$b1: [TAP]
- 0xe74f:$c3: cmd.exe /c ping
- 0x16767:$c3: cmd.exe /c ping
|
16.2.RedLine.exe.2aa6b58.2.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xe633:$reg: SEE_MASK_NOZONECHECKS
- 0x1664b:$reg: SEE_MASK_NOZONECHECKS
- 0xe334:$msg: Execute ERROR
- 0xe3ce:$msg: Execute ERROR
- 0x1634c:$msg: Execute ERROR
- 0x163e6:$msg: Execute ERROR
- 0xe74f:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x16767:$ping: cmd.exe /c ping 0 -n 2 & del
|
28.0.vbc.exe.400000.3.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.2.Windows Update.exe.d49c0d.3.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d49c0d.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d48208.10.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x75401:$key: HawkEyeKeylogger
- 0x77737:$salt: 099u787978786
- 0x75abe:$string1: HawkEye_Keylogger
- 0x76911:$string1: HawkEye_Keylogger
- 0x77697:$string1: HawkEye_Keylogger
- 0x75ea7:$string2: holdermail.txt
- 0x75ec7:$string2: holdermail.txt
- 0x75de9:$string3: wallet.dat
- 0x75e01:$string3: wallet.dat
- 0x75e17:$string3: wallet.dat
- 0x7725b:$string4: Keylog Records
- 0x77573:$string4: Keylog Records
- 0x7778f:$string5: do not script -->
- 0x753e9:$string6: \pidloc.txt
- 0x75477:$string7: BSPLIT
- 0x75487:$string7: BSPLIT
|
17.0.Windows Update.exe.d48208.10.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.0.Windows Update.exe.d48208.10.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d48208.10.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d48208.10.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d48208.10.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b16:$hawkstr1: HawkEye Keylogger
- 0x76957:$hawkstr1: HawkEye Keylogger
- 0x76c86:$hawkstr1: HawkEye Keylogger
- 0x76de1:$hawkstr1: HawkEye Keylogger
- 0x76f44:$hawkstr1: HawkEye Keylogger
- 0x77233:$hawkstr1: HawkEye Keylogger
- 0x75688:$hawkstr2: Dear HawkEye Customers!
- 0x76cd9:$hawkstr2: Dear HawkEye Customers!
- 0x76e30:$hawkstr2: Dear HawkEye Customers!
- 0x76f97:$hawkstr2: Dear HawkEye Customers!
- 0x757a9:$hawkstr3: HawkEye Logger Details:
|
17.2.Windows Update.exe.d48208.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x75401:$key: HawkEyeKeylogger
- 0x77737:$salt: 099u787978786
- 0x75abe:$string1: HawkEye_Keylogger
- 0x76911:$string1: HawkEye_Keylogger
- 0x77697:$string1: HawkEye_Keylogger
- 0x75ea7:$string2: holdermail.txt
- 0x75ec7:$string2: holdermail.txt
- 0x75de9:$string3: wallet.dat
- 0x75e01:$string3: wallet.dat
- 0x75e17:$string3: wallet.dat
- 0x7725b:$string4: Keylog Records
- 0x77573:$string4: Keylog Records
- 0x7778f:$string5: do not script -->
- 0x753e9:$string6: \pidloc.txt
- 0x75477:$string7: BSPLIT
- 0x75487:$string7: BSPLIT
|
17.2.Windows Update.exe.d48208.2.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.2.Windows Update.exe.d48208.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.2.Windows Update.exe.d48208.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.2.Windows Update.exe.d48208.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.2.Windows Update.exe.d48208.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b16:$hawkstr1: HawkEye Keylogger
- 0x76957:$hawkstr1: HawkEye Keylogger
- 0x76c86:$hawkstr1: HawkEye Keylogger
- 0x76de1:$hawkstr1: HawkEye Keylogger
- 0x76f44:$hawkstr1: HawkEye Keylogger
- 0x77233:$hawkstr1: HawkEye Keylogger
- 0x75688:$hawkstr2: Dear HawkEye Customers!
- 0x76cd9:$hawkstr2: Dear HawkEye Customers!
- 0x76e30:$hawkstr2: Dear HawkEye Customers!
- 0x76f97:$hawkstr2: Dear HawkEye Customers!
- 0x757a9:$hawkstr3: HawkEye Logger Details:
|
17.0.Windows Update.exe.d49c0d.7.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d49c0d.7.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x739fc:$key: HawkEyeKeylogger
- 0x75d32:$salt: 099u787978786
- 0x740b9:$string1: HawkEye_Keylogger
- 0x74f0c:$string1: HawkEye_Keylogger
- 0x75c92:$string1: HawkEye_Keylogger
- 0x744a2:$string2: holdermail.txt
- 0x744c2:$string2: holdermail.txt
- 0x743e4:$string3: wallet.dat
- 0x743fc:$string3: wallet.dat
- 0x74412:$string3: wallet.dat
- 0x75856:$string4: Keylog Records
- 0x75b6e:$string4: Keylog Records
- 0x75d8a:$string5: do not script -->
- 0x739e4:$string6: \pidloc.txt
- 0x73a72:$string7: BSPLIT
- 0x73a82:$string7: BSPLIT
|
17.0.Windows Update.exe.d49c0d.7.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d49c0d.7.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d49c0d.7.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d49c0d.7.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74111:$hawkstr1: HawkEye Keylogger
- 0x74f52:$hawkstr1: HawkEye Keylogger
- 0x75281:$hawkstr1: HawkEye Keylogger
- 0x753dc:$hawkstr1: HawkEye Keylogger
- 0x7553f:$hawkstr1: HawkEye Keylogger
- 0x7582e:$hawkstr1: HawkEye Keylogger
- 0x73c83:$hawkstr2: Dear HawkEye Customers!
- 0x752d4:$hawkstr2: Dear HawkEye Customers!
- 0x7542b:$hawkstr2: Dear HawkEye Customers!
- 0x75592:$hawkstr2: Dear HawkEye Customers!
- 0x73da4:$hawkstr3: HawkEye Logger Details:
|
17.2.Windows Update.exe.4592050.7.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
5.2.RedLine.MainPanel-cracked.exe.24b0000.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x4abf:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x4704:$s3: Executed As
|
5.2.RedLine.MainPanel-cracked.exe.24b0000.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
5.2.RedLine.MainPanel-cracked.exe.24b0000.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x49d3:$a1: netsh firewall add allowedprogram
- 0x49a3:$a2: SEE_MASK_NOZONECHECKS
- 0x4bc3:$b1: [TAP]
- 0x4abf:$c3: cmd.exe /c ping
|
5.2.RedLine.MainPanel-cracked.exe.24b0000.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x49a3:$reg: SEE_MASK_NOZONECHECKS
- 0x46a4:$msg: Execute ERROR
- 0x473e:$msg: Execute ERROR
- 0x4abf:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.2.Windows Update.exe.43d7e00.6.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.0.Keylogger.exe.7bfa72.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1db97:$key: HawkEyeKeylogger
- 0x1fecd:$salt: 099u787978786
- 0x1e254:$string1: HawkEye_Keylogger
- 0x1f0a7:$string1: HawkEye_Keylogger
- 0x1fe2d:$string1: HawkEye_Keylogger
- 0x1e63d:$string2: holdermail.txt
- 0x1e65d:$string2: holdermail.txt
- 0x1e57f:$string3: wallet.dat
- 0x1e597:$string3: wallet.dat
- 0x1e5ad:$string3: wallet.dat
- 0x1f9f1:$string4: Keylog Records
- 0x1fd09:$string4: Keylog Records
- 0x1ff25:$string5: do not script -->
- 0x1db7f:$string6: \pidloc.txt
- 0x1dc0d:$string7: BSPLIT
- 0x1dc1d:$string7: BSPLIT
|
2.0.Keylogger.exe.7bfa72.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.0.Keylogger.exe.7bfa72.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
2.0.Keylogger.exe.7bfa72.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ac:$hawkstr1: HawkEye Keylogger
- 0x1f0ed:$hawkstr1: HawkEye Keylogger
- 0x1f41c:$hawkstr1: HawkEye Keylogger
- 0x1f577:$hawkstr1: HawkEye Keylogger
- 0x1f6da:$hawkstr1: HawkEye Keylogger
- 0x1f9c9:$hawkstr1: HawkEye Keylogger
- 0x1de1e:$hawkstr2: Dear HawkEye Customers!
- 0x1f46f:$hawkstr2: Dear HawkEye Customers!
- 0x1f5c6:$hawkstr2: Dear HawkEye Customers!
- 0x1f72d:$hawkstr2: Dear HawkEye Customers!
- 0x1df3f:$hawkstr3: HawkEye Logger Details:
|
17.0.Windows Update.exe.d40000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b809:$key: HawkEyeKeylogger
- 0x7db3f:$salt: 099u787978786
- 0x7bec6:$string1: HawkEye_Keylogger
- 0x7cd19:$string1: HawkEye_Keylogger
- 0x7da9f:$string1: HawkEye_Keylogger
- 0x7c2af:$string2: holdermail.txt
- 0x7c2cf:$string2: holdermail.txt
- 0x7c1f1:$string3: wallet.dat
- 0x7c209:$string3: wallet.dat
- 0x7c21f:$string3: wallet.dat
- 0x7d663:$string4: Keylog Records
- 0x7d97b:$string4: Keylog Records
- 0x7db97:$string5: do not script -->
- 0x7b7f1:$string6: \pidloc.txt
- 0x7b87f:$string7: BSPLIT
- 0x7b88f:$string7: BSPLIT
|
17.0.Windows Update.exe.d40000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.0.Windows Update.exe.d40000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d40000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d40000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d40000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf1e:$hawkstr1: HawkEye Keylogger
- 0x7cd5f:$hawkstr1: HawkEye Keylogger
- 0x7d08e:$hawkstr1: HawkEye Keylogger
- 0x7d1e9:$hawkstr1: HawkEye Keylogger
- 0x7d34c:$hawkstr1: HawkEye Keylogger
- 0x7d63b:$hawkstr1: HawkEye Keylogger
- 0x7ba90:$hawkstr2: Dear HawkEye Customers!
- 0x7d0e1:$hawkstr2: Dear HawkEye Customers!
- 0x7d238:$hawkstr2: Dear HawkEye Customers!
- 0x7d39f:$hawkstr2: Dear HawkEye Customers!
- 0x7bbb1:$hawkstr3: HawkEye Logger Details:
|
28.0.vbc.exe.400000.2.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2ad9310.4.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x4abf:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x4704:$s3: Executed As
|
4.2.RedLine.MainPanel-cracked.exe.2ad9310.4.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2ad9310.4.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x49d3:$a1: netsh firewall add allowedprogram
- 0x49a3:$a2: SEE_MASK_NOZONECHECKS
- 0x4bc3:$b1: [TAP]
- 0x4abf:$c3: cmd.exe /c ping
|
4.2.RedLine.MainPanel-cracked.exe.2ad9310.4.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x49a3:$reg: SEE_MASK_NOZONECHECKS
- 0x46a4:$msg: Execute ERROR
- 0x473e:$msg: Execute ERROR
- 0x4abf:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.0.Windows Update.exe.d9fa72.5.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.2.Windows Update.exe.d49c0d.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x739fc:$key: HawkEyeKeylogger
- 0x75d32:$salt: 099u787978786
- 0x740b9:$string1: HawkEye_Keylogger
- 0x74f0c:$string1: HawkEye_Keylogger
- 0x75c92:$string1: HawkEye_Keylogger
- 0x744a2:$string2: holdermail.txt
- 0x744c2:$string2: holdermail.txt
- 0x743e4:$string3: wallet.dat
- 0x743fc:$string3: wallet.dat
- 0x74412:$string3: wallet.dat
- 0x75856:$string4: Keylog Records
- 0x75b6e:$string4: Keylog Records
- 0x75d8a:$string5: do not script -->
- 0x739e4:$string6: \pidloc.txt
- 0x73a72:$string7: BSPLIT
- 0x73a82:$string7: BSPLIT
|
17.2.Windows Update.exe.d49c0d.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.2.Windows Update.exe.d49c0d.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.2.Windows Update.exe.d49c0d.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.2.Windows Update.exe.d49c0d.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74111:$hawkstr1: HawkEye Keylogger
- 0x74f52:$hawkstr1: HawkEye Keylogger
- 0x75281:$hawkstr1: HawkEye Keylogger
- 0x753dc:$hawkstr1: HawkEye Keylogger
- 0x7553f:$hawkstr1: HawkEye Keylogger
- 0x7582e:$hawkstr1: HawkEye Keylogger
- 0x73c83:$hawkstr2: Dear HawkEye Customers!
- 0x752d4:$hawkstr2: Dear HawkEye Customers!
- 0x7542b:$hawkstr2: Dear HawkEye Customers!
- 0x75592:$hawkstr2: Dear HawkEye Customers!
- 0x73da4:$hawkstr3: HawkEye Logger Details:
|
2.2.Keylogger.exe.7bfa72.3.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.0.Keylogger.exe.769c0d.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
2.2.Keylogger.exe.769c0d.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x739fc:$key: HawkEyeKeylogger
- 0x75d32:$salt: 099u787978786
- 0x740b9:$string1: HawkEye_Keylogger
- 0x74f0c:$string1: HawkEye_Keylogger
- 0x75c92:$string1: HawkEye_Keylogger
- 0x744a2:$string2: holdermail.txt
- 0x744c2:$string2: holdermail.txt
- 0x743e4:$string3: wallet.dat
- 0x743fc:$string3: wallet.dat
- 0x74412:$string3: wallet.dat
- 0x75856:$string4: Keylog Records
- 0x75b6e:$string4: Keylog Records
- 0x75d8a:$string5: do not script -->
- 0x739e4:$string6: \pidloc.txt
- 0x73a72:$string7: BSPLIT
- 0x73a82:$string7: BSPLIT
|
2.2.Keylogger.exe.769c0d.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.2.Keylogger.exe.769c0d.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
2.2.Keylogger.exe.769c0d.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
2.2.Keylogger.exe.769c0d.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74111:$hawkstr1: HawkEye Keylogger
- 0x74f52:$hawkstr1: HawkEye Keylogger
- 0x75281:$hawkstr1: HawkEye Keylogger
- 0x753dc:$hawkstr1: HawkEye Keylogger
- 0x7553f:$hawkstr1: HawkEye Keylogger
- 0x7582e:$hawkstr1: HawkEye Keylogger
- 0x73c83:$hawkstr2: Dear HawkEye Customers!
- 0x752d4:$hawkstr2: Dear HawkEye Customers!
- 0x7542b:$hawkstr2: Dear HawkEye Customers!
- 0x75592:$hawkstr2: Dear HawkEye Customers!
- 0x73da4:$hawkstr3: HawkEye Logger Details:
|
17.0.Windows Update.exe.d40000.8.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b809:$key: HawkEyeKeylogger
- 0x7db3f:$salt: 099u787978786
- 0x7bec6:$string1: HawkEye_Keylogger
- 0x7cd19:$string1: HawkEye_Keylogger
- 0x7da9f:$string1: HawkEye_Keylogger
- 0x7c2af:$string2: holdermail.txt
- 0x7c2cf:$string2: holdermail.txt
- 0x7c1f1:$string3: wallet.dat
- 0x7c209:$string3: wallet.dat
- 0x7c21f:$string3: wallet.dat
- 0x7d663:$string4: Keylog Records
- 0x7d97b:$string4: Keylog Records
- 0x7db97:$string5: do not script -->
- 0x7b7f1:$string6: \pidloc.txt
- 0x7b87f:$string7: BSPLIT
- 0x7b88f:$string7: BSPLIT
|
17.0.Windows Update.exe.d40000.8.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.0.Windows Update.exe.d40000.8.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d40000.8.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d40000.8.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d40000.8.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf1e:$hawkstr1: HawkEye Keylogger
- 0x7cd5f:$hawkstr1: HawkEye Keylogger
- 0x7d08e:$hawkstr1: HawkEye Keylogger
- 0x7d1e9:$hawkstr1: HawkEye Keylogger
- 0x7d34c:$hawkstr1: HawkEye Keylogger
- 0x7d63b:$hawkstr1: HawkEye Keylogger
- 0x7ba90:$hawkstr2: Dear HawkEye Customers!
- 0x7d0e1:$hawkstr2: Dear HawkEye Customers!
- 0x7d238:$hawkstr2: Dear HawkEye Customers!
- 0x7d39f:$hawkstr2: Dear HawkEye Customers!
- 0x7bbb1:$hawkstr3: HawkEye Logger Details:
|
17.2.Windows Update.exe.7d50000.8.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
5.2.RedLine.MainPanel-cracked.exe.2879310.2.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
5.2.RedLine.MainPanel-cracked.exe.2879310.2.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x67d3:$a1: netsh firewall add allowedprogram
- 0x1c02b:$a1: netsh firewall add allowedprogram
- 0x24043:$a1: netsh firewall add allowedprogram
- 0x67a3:$a2: SEE_MASK_NOZONECHECKS
- 0x1bffb:$a2: SEE_MASK_NOZONECHECKS
- 0x24013:$a2: SEE_MASK_NOZONECHECKS
- 0x69c3:$b1: [TAP]
- 0x1c21b:$b1: [TAP]
- 0x24233:$b1: [TAP]
- 0x68bf:$c3: cmd.exe /c ping
- 0x1c117:$c3: cmd.exe /c ping
- 0x2412f:$c3: cmd.exe /c ping
|
5.2.RedLine.MainPanel-cracked.exe.2879310.2.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x67a3:$reg: SEE_MASK_NOZONECHECKS
- 0x1bffb:$reg: SEE_MASK_NOZONECHECKS
- 0x24013:$reg: SEE_MASK_NOZONECHECKS
- 0x64a4:$msg: Execute ERROR
- 0x653e:$msg: Execute ERROR
- 0x1bcfc:$msg: Execute ERROR
- 0x1bd96:$msg: Execute ERROR
- 0x23d14:$msg: Execute ERROR
- 0x23dae:$msg: Execute ERROR
- 0x68bf:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x1c117:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x2412f:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.2.Windows Update.exe.d40000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b809:$key: HawkEyeKeylogger
- 0x7db3f:$salt: 099u787978786
- 0x7bec6:$string1: HawkEye_Keylogger
- 0x7cd19:$string1: HawkEye_Keylogger
- 0x7da9f:$string1: HawkEye_Keylogger
- 0x7c2af:$string2: holdermail.txt
- 0x7c2cf:$string2: holdermail.txt
- 0x7c1f1:$string3: wallet.dat
- 0x7c209:$string3: wallet.dat
- 0x7c21f:$string3: wallet.dat
- 0x7d663:$string4: Keylog Records
- 0x7d97b:$string4: Keylog Records
- 0x7db97:$string5: do not script -->
- 0x7b7f1:$string6: \pidloc.txt
- 0x7b87f:$string7: BSPLIT
- 0x7b88f:$string7: BSPLIT
|
17.2.Windows Update.exe.d40000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.2.Windows Update.exe.d40000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.2.Windows Update.exe.d40000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.2.Windows Update.exe.d40000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.2.Windows Update.exe.d40000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf1e:$hawkstr1: HawkEye Keylogger
- 0x7cd5f:$hawkstr1: HawkEye Keylogger
- 0x7d08e:$hawkstr1: HawkEye Keylogger
- 0x7d1e9:$hawkstr1: HawkEye Keylogger
- 0x7d34c:$hawkstr1: HawkEye Keylogger
- 0x7d63b:$hawkstr1: HawkEye Keylogger
- 0x7ba90:$hawkstr2: Dear HawkEye Customers!
- 0x7d0e1:$hawkstr2: Dear HawkEye Customers!
- 0x7d238:$hawkstr2: Dear HawkEye Customers!
- 0x7d39f:$hawkstr2: Dear HawkEye Customers!
- 0x7bbb1:$hawkstr3: HawkEye Logger Details:
|
17.2.Windows Update.exe.d9fa72.1.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
5.2.RedLine.MainPanel-cracked.exe.2886cd8.4.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
5.2.RedLine.MainPanel-cracked.exe.2886cd8.4.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xe663:$a1: netsh firewall add allowedprogram
- 0x1667b:$a1: netsh firewall add allowedprogram
- 0xe633:$a2: SEE_MASK_NOZONECHECKS
- 0x1664b:$a2: SEE_MASK_NOZONECHECKS
- 0xe853:$b1: [TAP]
- 0x1686b:$b1: [TAP]
- 0xe74f:$c3: cmd.exe /c ping
- 0x16767:$c3: cmd.exe /c ping
|
5.2.RedLine.MainPanel-cracked.exe.2886cd8.4.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xe633:$reg: SEE_MASK_NOZONECHECKS
- 0x1664b:$reg: SEE_MASK_NOZONECHECKS
- 0xe334:$msg: Execute ERROR
- 0xe3ce:$msg: Execute ERROR
- 0x1634c:$msg: Execute ERROR
- 0x163e6:$msg: Execute ERROR
- 0xe74f:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x16767:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.2.Windows Update.exe.d9fa72.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1db97:$key: HawkEyeKeylogger
- 0x1fecd:$salt: 099u787978786
- 0x1e254:$string1: HawkEye_Keylogger
- 0x1f0a7:$string1: HawkEye_Keylogger
- 0x1fe2d:$string1: HawkEye_Keylogger
- 0x1e63d:$string2: holdermail.txt
- 0x1e65d:$string2: holdermail.txt
- 0x1e57f:$string3: wallet.dat
- 0x1e597:$string3: wallet.dat
- 0x1e5ad:$string3: wallet.dat
- 0x1f9f1:$string4: Keylog Records
- 0x1fd09:$string4: Keylog Records
- 0x1ff25:$string5: do not script -->
- 0x1db7f:$string6: \pidloc.txt
- 0x1dc0d:$string7: BSPLIT
- 0x1dc1d:$string7: BSPLIT
|
17.2.Windows Update.exe.d9fa72.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.2.Windows Update.exe.d9fa72.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.2.Windows Update.exe.d9fa72.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ac:$hawkstr1: HawkEye Keylogger
- 0x1f0ed:$hawkstr1: HawkEye Keylogger
- 0x1f41c:$hawkstr1: HawkEye Keylogger
- 0x1f577:$hawkstr1: HawkEye Keylogger
- 0x1f6da:$hawkstr1: HawkEye Keylogger
- 0x1f9c9:$hawkstr1: HawkEye Keylogger
- 0x1de1e:$hawkstr2: Dear HawkEye Customers!
- 0x1f46f:$hawkstr2: Dear HawkEye Customers!
- 0x1f5c6:$hawkstr2: Dear HawkEye Customers!
- 0x1f72d:$hawkstr2: Dear HawkEye Customers!
- 0x1df3f:$hawkstr3: HawkEye Logger Details:
|
5.2.RedLine.MainPanel-cracked.exe.2879310.2.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x4abf:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x4704:$s3: Executed As
|
5.2.RedLine.MainPanel-cracked.exe.2879310.2.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
5.2.RedLine.MainPanel-cracked.exe.2879310.2.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x49d3:$a1: netsh firewall add allowedprogram
- 0x49a3:$a2: SEE_MASK_NOZONECHECKS
- 0x4bc3:$b1: [TAP]
- 0x4abf:$c3: cmd.exe /c ping
|
5.2.RedLine.MainPanel-cracked.exe.2879310.2.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x49a3:$reg: SEE_MASK_NOZONECHECKS
- 0x46a4:$msg: Execute ERROR
- 0x473e:$msg: Execute ERROR
- 0x4abf:$ping: cmd.exe /c ping 0 -n 2 & del
|
16.2.RedLine.exe.2700000.1.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x4abf:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x4704:$s3: Executed As
|
16.2.RedLine.exe.2700000.1.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
16.2.RedLine.exe.2700000.1.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x49d3:$a1: netsh firewall add allowedprogram
- 0x49a3:$a2: SEE_MASK_NOZONECHECKS
- 0x4bc3:$b1: [TAP]
- 0x4abf:$c3: cmd.exe /c ping
|
16.2.RedLine.exe.2700000.1.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x49a3:$reg: SEE_MASK_NOZONECHECKS
- 0x46a4:$msg: Execute ERROR
- 0x473e:$msg: Execute ERROR
- 0x4abf:$ping: cmd.exe /c ping 0 -n 2 & del
|
28.0.vbc.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2630000.1.raw.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x68bf:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x6504:$s3: Executed As
|
4.2.RedLine.MainPanel-cracked.exe.2630000.1.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2630000.1.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x67d3:$a1: netsh firewall add allowedprogram
- 0x67a3:$a2: SEE_MASK_NOZONECHECKS
- 0x69c3:$b1: [TAP]
- 0x68bf:$c3: cmd.exe /c ping
|
4.2.RedLine.MainPanel-cracked.exe.2630000.1.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x67a3:$reg: SEE_MASK_NOZONECHECKS
- 0x64a4:$msg: Execute ERROR
- 0x653e:$msg: Execute ERROR
- 0x68bf:$ping: cmd.exe /c ping 0 -n 2 & del
|
2.0.Keylogger.exe.760000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b809:$key: HawkEyeKeylogger
- 0x7db3f:$salt: 099u787978786
- 0x7bec6:$string1: HawkEye_Keylogger
- 0x7cd19:$string1: HawkEye_Keylogger
- 0x7da9f:$string1: HawkEye_Keylogger
- 0x7c2af:$string2: holdermail.txt
- 0x7c2cf:$string2: holdermail.txt
- 0x7c1f1:$string3: wallet.dat
- 0x7c209:$string3: wallet.dat
- 0x7c21f:$string3: wallet.dat
- 0x7d663:$string4: Keylog Records
- 0x7d97b:$string4: Keylog Records
- 0x7db97:$string5: do not script -->
- 0x7b7f1:$string6: \pidloc.txt
- 0x7b87f:$string7: BSPLIT
- 0x7b88f:$string7: BSPLIT
|
2.0.Keylogger.exe.760000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
2.0.Keylogger.exe.760000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.0.Keylogger.exe.760000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
2.0.Keylogger.exe.760000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
2.0.Keylogger.exe.760000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf1e:$hawkstr1: HawkEye Keylogger
- 0x7cd5f:$hawkstr1: HawkEye Keylogger
- 0x7d08e:$hawkstr1: HawkEye Keylogger
- 0x7d1e9:$hawkstr1: HawkEye Keylogger
- 0x7d34c:$hawkstr1: HawkEye Keylogger
- 0x7d63b:$hawkstr1: HawkEye Keylogger
- 0x7ba90:$hawkstr2: Dear HawkEye Customers!
- 0x7d0e1:$hawkstr2: Dear HawkEye Customers!
- 0x7d238:$hawkstr2: Dear HawkEye Customers!
- 0x7d39f:$hawkstr2: Dear HawkEye Customers!
- 0x7bbb1:$hawkstr3: HawkEye Logger Details:
|
17.0.Windows Update.exe.d9fa72.9.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2ae6cd8.3.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
4.2.RedLine.MainPanel-cracked.exe.2ae6cd8.3.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xe663:$a1: netsh firewall add allowedprogram
- 0x1667b:$a1: netsh firewall add allowedprogram
- 0xe633:$a2: SEE_MASK_NOZONECHECKS
- 0x1664b:$a2: SEE_MASK_NOZONECHECKS
- 0xe853:$b1: [TAP]
- 0x1686b:$b1: [TAP]
- 0xe74f:$c3: cmd.exe /c ping
- 0x16767:$c3: cmd.exe /c ping
|
4.2.RedLine.MainPanel-cracked.exe.2ae6cd8.3.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xe633:$reg: SEE_MASK_NOZONECHECKS
- 0x1664b:$reg: SEE_MASK_NOZONECHECKS
- 0xe334:$msg: Execute ERROR
- 0xe3ce:$msg: Execute ERROR
- 0x1634c:$msg: Execute ERROR
- 0x163e6:$msg: Execute ERROR
- 0xe74f:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x16767:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.0.Windows Update.exe.d48208.2.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x75401:$key: HawkEyeKeylogger
- 0x77737:$salt: 099u787978786
- 0x75abe:$string1: HawkEye_Keylogger
- 0x76911:$string1: HawkEye_Keylogger
- 0x77697:$string1: HawkEye_Keylogger
- 0x75ea7:$string2: holdermail.txt
- 0x75ec7:$string2: holdermail.txt
- 0x75de9:$string3: wallet.dat
- 0x75e01:$string3: wallet.dat
- 0x75e17:$string3: wallet.dat
- 0x7725b:$string4: Keylog Records
- 0x77573:$string4: Keylog Records
- 0x7778f:$string5: do not script -->
- 0x753e9:$string6: \pidloc.txt
- 0x75477:$string7: BSPLIT
- 0x75487:$string7: BSPLIT
|
17.0.Windows Update.exe.d48208.2.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.0.Windows Update.exe.d48208.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d48208.2.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d48208.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d48208.2.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x75b16:$hawkstr1: HawkEye Keylogger
- 0x76957:$hawkstr1: HawkEye Keylogger
- 0x76c86:$hawkstr1: HawkEye Keylogger
- 0x76de1:$hawkstr1: HawkEye Keylogger
- 0x76f44:$hawkstr1: HawkEye Keylogger
- 0x77233:$hawkstr1: HawkEye Keylogger
- 0x75688:$hawkstr2: Dear HawkEye Customers!
- 0x76cd9:$hawkstr2: Dear HawkEye Customers!
- 0x76e30:$hawkstr2: Dear HawkEye Customers!
- 0x76f97:$hawkstr2: Dear HawkEye Customers!
- 0x757a9:$hawkstr3: HawkEye Logger Details:
|
2.2.Keylogger.exe.2f3be9c.4.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
16.2.RedLine.exe.2aa6a40.4.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
16.2.RedLine.exe.2aa6a40.4.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0xe77b:$a1: netsh firewall add allowedprogram
- 0x16793:$a1: netsh firewall add allowedprogram
- 0xe74b:$a2: SEE_MASK_NOZONECHECKS
- 0x16763:$a2: SEE_MASK_NOZONECHECKS
- 0xe96b:$b1: [TAP]
- 0x16983:$b1: [TAP]
- 0xe867:$c3: cmd.exe /c ping
- 0x1687f:$c3: cmd.exe /c ping
|
16.2.RedLine.exe.2aa6a40.4.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0xe74b:$reg: SEE_MASK_NOZONECHECKS
- 0x16763:$reg: SEE_MASK_NOZONECHECKS
- 0xe44c:$msg: Execute ERROR
- 0xe4e6:$msg: Execute ERROR
- 0x16464:$msg: Execute ERROR
- 0x164fe:$msg: Execute ERROR
- 0xe867:$ping: cmd.exe /c ping 0 -n 2 & del
- 0x1687f:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.0.Windows Update.exe.d49c0d.15.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x739fc:$key: HawkEyeKeylogger
- 0x75d32:$salt: 099u787978786
- 0x740b9:$string1: HawkEye_Keylogger
- 0x74f0c:$string1: HawkEye_Keylogger
- 0x75c92:$string1: HawkEye_Keylogger
- 0x744a2:$string2: holdermail.txt
- 0x744c2:$string2: holdermail.txt
- 0x743e4:$string3: wallet.dat
- 0x743fc:$string3: wallet.dat
- 0x74412:$string3: wallet.dat
- 0x75856:$string4: Keylog Records
- 0x75b6e:$string4: Keylog Records
- 0x75d8a:$string5: do not script -->
- 0x739e4:$string6: \pidloc.txt
- 0x73a72:$string7: BSPLIT
- 0x73a82:$string7: BSPLIT
|
17.0.Windows Update.exe.d49c0d.15.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d49c0d.15.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d49c0d.15.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d49c0d.15.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74111:$hawkstr1: HawkEye Keylogger
- 0x74f52:$hawkstr1: HawkEye Keylogger
- 0x75281:$hawkstr1: HawkEye Keylogger
- 0x753dc:$hawkstr1: HawkEye Keylogger
- 0x7553f:$hawkstr1: HawkEye Keylogger
- 0x7582e:$hawkstr1: HawkEye Keylogger
- 0x73c83:$hawkstr2: Dear HawkEye Customers!
- 0x752d4:$hawkstr2: Dear HawkEye Customers!
- 0x7542b:$hawkstr2: Dear HawkEye Customers!
- 0x75592:$hawkstr2: Dear HawkEye Customers!
- 0x73da4:$hawkstr3: HawkEye Logger Details:
|
17.0.Windows Update.exe.d9fa72.3.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1db97:$key: HawkEyeKeylogger
- 0x1fecd:$salt: 099u787978786
- 0x1e254:$string1: HawkEye_Keylogger
- 0x1f0a7:$string1: HawkEye_Keylogger
- 0x1fe2d:$string1: HawkEye_Keylogger
- 0x1e63d:$string2: holdermail.txt
- 0x1e65d:$string2: holdermail.txt
- 0x1e57f:$string3: wallet.dat
- 0x1e597:$string3: wallet.dat
- 0x1e5ad:$string3: wallet.dat
- 0x1f9f1:$string4: Keylog Records
- 0x1fd09:$string4: Keylog Records
- 0x1ff25:$string5: do not script -->
- 0x1db7f:$string6: \pidloc.txt
- 0x1dc0d:$string7: BSPLIT
- 0x1dc1d:$string7: BSPLIT
|
17.0.Windows Update.exe.d9fa72.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d9fa72.3.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d9fa72.3.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ac:$hawkstr1: HawkEye Keylogger
- 0x1f0ed:$hawkstr1: HawkEye Keylogger
- 0x1f41c:$hawkstr1: HawkEye Keylogger
- 0x1f577:$hawkstr1: HawkEye Keylogger
- 0x1f6da:$hawkstr1: HawkEye Keylogger
- 0x1f9c9:$hawkstr1: HawkEye Keylogger
- 0x1de1e:$hawkstr2: Dear HawkEye Customers!
- 0x1f46f:$hawkstr2: Dear HawkEye Customers!
- 0x1f5c6:$hawkstr2: Dear HawkEye Customers!
- 0x1f72d:$hawkstr2: Dear HawkEye Customers!
- 0x1df3f:$hawkstr3: HawkEye Logger Details:
|
17.2.Windows Update.exe.43d7e00.6.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
28.0.vbc.exe.400000.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
25.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
28.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
16.2.RedLine.exe.2700000.1.raw.unpack | CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth | - 0x68bf:$x1: cmd.exe /c ping 0 -n 2 & del "
- 0x6504:$s3: Executed As
|
16.2.RedLine.exe.2700000.1.raw.unpack | JoeSecurity_Njrat | Yara detected Njrat | Joe Security | |
16.2.RedLine.exe.2700000.1.raw.unpack | njrat1 | Identify njRat | Brian Wallace @botnet_hunter | - 0x67d3:$a1: netsh firewall add allowedprogram
- 0x67a3:$a2: SEE_MASK_NOZONECHECKS
- 0x69c3:$b1: [TAP]
- 0x68bf:$c3: cmd.exe /c ping
|
16.2.RedLine.exe.2700000.1.raw.unpack | Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group | - 0x67a3:$reg: SEE_MASK_NOZONECHECKS
- 0x64a4:$msg: Execute ERROR
- 0x653e:$msg: Execute ERROR
- 0x68bf:$ping: cmd.exe /c ping 0 -n 2 & del
|
17.0.Windows Update.exe.d9fa72.13.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d9fa72.9.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x1db97:$key: HawkEyeKeylogger
- 0x1fecd:$salt: 099u787978786
- 0x1e254:$string1: HawkEye_Keylogger
- 0x1f0a7:$string1: HawkEye_Keylogger
- 0x1fe2d:$string1: HawkEye_Keylogger
- 0x1e63d:$string2: holdermail.txt
- 0x1e65d:$string2: holdermail.txt
- 0x1e57f:$string3: wallet.dat
- 0x1e597:$string3: wallet.dat
- 0x1e5ad:$string3: wallet.dat
- 0x1f9f1:$string4: Keylog Records
- 0x1fd09:$string4: Keylog Records
- 0x1ff25:$string5: do not script -->
- 0x1db7f:$string6: \pidloc.txt
- 0x1dc0d:$string7: BSPLIT
- 0x1dc1d:$string7: BSPLIT
|
17.0.Windows Update.exe.d9fa72.9.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d9fa72.9.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d9fa72.9.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x1e2ac:$hawkstr1: HawkEye Keylogger
- 0x1f0ed:$hawkstr1: HawkEye Keylogger
- 0x1f41c:$hawkstr1: HawkEye Keylogger
- 0x1f577:$hawkstr1: HawkEye Keylogger
- 0x1f6da:$hawkstr1: HawkEye Keylogger
- 0x1f9c9:$hawkstr1: HawkEye Keylogger
- 0x1de1e:$hawkstr2: Dear HawkEye Customers!
- 0x1f46f:$hawkstr2: Dear HawkEye Customers!
- 0x1f5c6:$hawkstr2: Dear HawkEye Customers!
- 0x1f72d:$hawkstr2: Dear HawkEye Customers!
- 0x1df3f:$hawkstr3: HawkEye Logger Details:
|
17.2.Windows Update.exe.4592050.7.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d9fa72.3.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
28.2.vbc.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d49c0d.15.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
28.0.vbc.exe.400000.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
28.0.vbc.exe.400000.4.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d49c0d.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x739fc:$key: HawkEyeKeylogger
- 0x75d32:$salt: 099u787978786
- 0x740b9:$string1: HawkEye_Keylogger
- 0x74f0c:$string1: HawkEye_Keylogger
- 0x75c92:$string1: HawkEye_Keylogger
- 0x744a2:$string2: holdermail.txt
- 0x744c2:$string2: holdermail.txt
- 0x743e4:$string3: wallet.dat
- 0x743fc:$string3: wallet.dat
- 0x74412:$string3: wallet.dat
- 0x75856:$string4: Keylog Records
- 0x75b6e:$string4: Keylog Records
- 0x75d8a:$string5: do not script -->
- 0x739e4:$string6: \pidloc.txt
- 0x73a72:$string7: BSPLIT
- 0x73a82:$string7: BSPLIT
|
17.0.Windows Update.exe.d49c0d.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d49c0d.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d49c0d.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d49c0d.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74111:$hawkstr1: HawkEye Keylogger
- 0x74f52:$hawkstr1: HawkEye Keylogger
- 0x75281:$hawkstr1: HawkEye Keylogger
- 0x753dc:$hawkstr1: HawkEye Keylogger
- 0x7553f:$hawkstr1: HawkEye Keylogger
- 0x7582e:$hawkstr1: HawkEye Keylogger
- 0x73c83:$hawkstr2: Dear HawkEye Customers!
- 0x752d4:$hawkstr2: Dear HawkEye Customers!
- 0x7542b:$hawkstr2: Dear HawkEye Customers!
- 0x75592:$hawkstr2: Dear HawkEye Customers!
- 0x73da4:$hawkstr3: HawkEye Logger Details:
|
17.0.Windows Update.exe.d49c0d.11.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x739fc:$key: HawkEyeKeylogger
- 0x75d32:$salt: 099u787978786
- 0x740b9:$string1: HawkEye_Keylogger
- 0x74f0c:$string1: HawkEye_Keylogger
- 0x75c92:$string1: HawkEye_Keylogger
- 0x744a2:$string2: holdermail.txt
- 0x744c2:$string2: holdermail.txt
- 0x743e4:$string3: wallet.dat
- 0x743fc:$string3: wallet.dat
- 0x74412:$string3: wallet.dat
- 0x75856:$string4: Keylog Records
- 0x75b6e:$string4: Keylog Records
- 0x75d8a:$string5: do not script -->
- 0x739e4:$string6: \pidloc.txt
- 0x73a72:$string7: BSPLIT
- 0x73a82:$string7: BSPLIT
|
17.0.Windows Update.exe.d49c0d.11.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d49c0d.11.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d49c0d.11.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d49c0d.11.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74111:$hawkstr1: HawkEye Keylogger
- 0x74f52:$hawkstr1: HawkEye Keylogger
- 0x75281:$hawkstr1: HawkEye Keylogger
- 0x753dc:$hawkstr1: HawkEye Keylogger
- 0x7553f:$hawkstr1: HawkEye Keylogger
- 0x7582e:$hawkstr1: HawkEye Keylogger
- 0x73c83:$hawkstr2: Dear HawkEye Customers!
- 0x752d4:$hawkstr2: Dear HawkEye Customers!
- 0x7542b:$hawkstr2: Dear HawkEye Customers!
- 0x75592:$hawkstr2: Dear HawkEye Customers!
- 0x73da4:$hawkstr3: HawkEye Logger Details:
|
17.0.Windows Update.exe.d40000.4.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b809:$key: HawkEyeKeylogger
- 0x7db3f:$salt: 099u787978786
- 0x7bec6:$string1: HawkEye_Keylogger
- 0x7cd19:$string1: HawkEye_Keylogger
- 0x7da9f:$string1: HawkEye_Keylogger
- 0x7c2af:$string2: holdermail.txt
- 0x7c2cf:$string2: holdermail.txt
- 0x7c1f1:$string3: wallet.dat
- 0x7c209:$string3: wallet.dat
- 0x7c21f:$string3: wallet.dat
- 0x7d663:$string4: Keylog Records
- 0x7d97b:$string4: Keylog Records
- 0x7db97:$string5: do not script -->
- 0x7b7f1:$string6: \pidloc.txt
- 0x7b87f:$string7: BSPLIT
- 0x7b88f:$string7: BSPLIT
|
17.0.Windows Update.exe.d40000.4.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.0.Windows Update.exe.d40000.4.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d40000.4.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d40000.4.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d40000.4.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf1e:$hawkstr1: HawkEye Keylogger
- 0x7cd5f:$hawkstr1: HawkEye Keylogger
- 0x7d08e:$hawkstr1: HawkEye Keylogger
- 0x7d1e9:$hawkstr1: HawkEye Keylogger
- 0x7d34c:$hawkstr1: HawkEye Keylogger
- 0x7d63b:$hawkstr1: HawkEye Keylogger
- 0x7ba90:$hawkstr2: Dear HawkEye Customers!
- 0x7d0e1:$hawkstr2: Dear HawkEye Customers!
- 0x7d238:$hawkstr2: Dear HawkEye Customers!
- 0x7d39f:$hawkstr2: Dear HawkEye Customers!
- 0x7bbb1:$hawkstr3: HawkEye Logger Details:
|
2.0.Keylogger.exe.769c0d.1.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x739fc:$key: HawkEyeKeylogger
- 0x75d32:$salt: 099u787978786
- 0x740b9:$string1: HawkEye_Keylogger
- 0x74f0c:$string1: HawkEye_Keylogger
- 0x75c92:$string1: HawkEye_Keylogger
- 0x744a2:$string2: holdermail.txt
- 0x744c2:$string2: holdermail.txt
- 0x743e4:$string3: wallet.dat
- 0x743fc:$string3: wallet.dat
- 0x74412:$string3: wallet.dat
- 0x75856:$string4: Keylog Records
- 0x75b6e:$string4: Keylog Records
- 0x75d8a:$string5: do not script -->
- 0x739e4:$string6: \pidloc.txt
- 0x73a72:$string7: BSPLIT
- 0x73a82:$string7: BSPLIT
|
2.0.Keylogger.exe.769c0d.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.0.Keylogger.exe.769c0d.1.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
2.0.Keylogger.exe.769c0d.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
2.0.Keylogger.exe.769c0d.1.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x74111:$hawkstr1: HawkEye Keylogger
- 0x74f52:$hawkstr1: HawkEye Keylogger
- 0x75281:$hawkstr1: HawkEye Keylogger
- 0x753dc:$hawkstr1: HawkEye Keylogger
- 0x7553f:$hawkstr1: HawkEye Keylogger
- 0x7582e:$hawkstr1: HawkEye Keylogger
- 0x73c83:$hawkstr2: Dear HawkEye Customers!
- 0x752d4:$hawkstr2: Dear HawkEye Customers!
- 0x7542b:$hawkstr2: Dear HawkEye Customers!
- 0x75592:$hawkstr2: Dear HawkEye Customers!
- 0x73da4:$hawkstr3: HawkEye Logger Details:
|
17.0.Windows Update.exe.d40000.12.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b809:$key: HawkEyeKeylogger
- 0x7db3f:$salt: 099u787978786
- 0x7bec6:$string1: HawkEye_Keylogger
- 0x7cd19:$string1: HawkEye_Keylogger
- 0x7da9f:$string1: HawkEye_Keylogger
- 0x7c2af:$string2: holdermail.txt
- 0x7c2cf:$string2: holdermail.txt
- 0x7c1f1:$string3: wallet.dat
- 0x7c209:$string3: wallet.dat
- 0x7c21f:$string3: wallet.dat
- 0x7d663:$string4: Keylog Records
- 0x7d97b:$string4: Keylog Records
- 0x7db97:$string5: do not script -->
- 0x7b7f1:$string6: \pidloc.txt
- 0x7b87f:$string7: BSPLIT
- 0x7b88f:$string7: BSPLIT
|
17.0.Windows Update.exe.d40000.12.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.0.Windows Update.exe.d40000.12.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
17.0.Windows Update.exe.d40000.12.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.0.Windows Update.exe.d40000.12.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
17.0.Windows Update.exe.d40000.12.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf1e:$hawkstr1: HawkEye Keylogger
- 0x7cd5f:$hawkstr1: HawkEye Keylogger
- 0x7d08e:$hawkstr1: HawkEye Keylogger
- 0x7d1e9:$hawkstr1: HawkEye Keylogger
- 0x7d34c:$hawkstr1: HawkEye Keylogger
- 0x7d63b:$hawkstr1: HawkEye Keylogger
- 0x7ba90:$hawkstr2: Dear HawkEye Customers!
- 0x7d0e1:$hawkstr2: Dear HawkEye Customers!
- 0x7d238:$hawkstr2: Dear HawkEye Customers!
- 0x7d39f:$hawkstr2: Dear HawkEye Customers!
- 0x7bbb1:$hawkstr3: HawkEye Logger Details:
|
2.2.Keylogger.exe.760000.0.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x7b809:$key: HawkEyeKeylogger
- 0x7db3f:$salt: 099u787978786
- 0x7bec6:$string1: HawkEye_Keylogger
- 0x7cd19:$string1: HawkEye_Keylogger
- 0x7da9f:$string1: HawkEye_Keylogger
- 0x7c2af:$string2: holdermail.txt
- 0x7c2cf:$string2: holdermail.txt
- 0x7c1f1:$string3: wallet.dat
- 0x7c209:$string3: wallet.dat
- 0x7c21f:$string3: wallet.dat
- 0x7d663:$string4: Keylog Records
- 0x7d97b:$string4: Keylog Records
- 0x7db97:$string5: do not script -->
- 0x7b7f1:$string6: \pidloc.txt
- 0x7b87f:$string7: BSPLIT
- 0x7b88f:$string7: BSPLIT
|
2.2.Keylogger.exe.760000.0.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
2.2.Keylogger.exe.760000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
2.2.Keylogger.exe.760000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
2.2.Keylogger.exe.760000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
2.2.Keylogger.exe.760000.0.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x7bf1e:$hawkstr1: HawkEye Keylogger
- 0x7cd5f:$hawkstr1: HawkEye Keylogger
- 0x7d08e:$hawkstr1: HawkEye Keylogger
- 0x7d1e9:$hawkstr1: HawkEye Keylogger
- 0x7d34c:$hawkstr1: HawkEye Keylogger
- 0x7d63b:$hawkstr1: HawkEye Keylogger
- 0x7ba90:$hawkstr2: Dear HawkEye Customers!
- 0x7d0e1:$hawkstr2: Dear HawkEye Customers!
- 0x7d238:$hawkstr2: Dear HawkEye Customers!
- 0x7d39f:$hawkstr2: Dear HawkEye Customers!
- 0x7bbb1:$hawkstr3: HawkEye Logger Details:
|
17.2.Windows Update.exe.33faa98.4.raw.unpack | RAT_HawkEye | Detects HawkEye RAT | Kevin Breen <kevin@techanarchy.net> | - 0x5290:$key: HawkEyeKeylogger
- 0x61b8:$salt: 099u787978786
- 0x19594:$string1: HawkEye_Keylogger
- 0x10fee0:$string1: HawkEye_Keylogger
- 0xd9f14:$string2: holdermail.txt
- 0xd9f44:$string2: holdermail.txt
- 0xdb874:$string2: holdermail.txt
- 0xf68c4:$string2: holdermail.txt
- 0x1bee2:$string3: wallet.dat
- 0x1bf0a:$string3: wallet.dat
- 0x1bf30:$string3: wallet.dat
- 0x8b4b4:$string4: Keylog Records
- 0x8b7ea:$string4: Keylog Records
- 0xa93c:$string5: do not script -->
- 0x5268:$string6: \pidloc.txt
- 0x60dc:$string6: \pidloc.txt
- 0x6190:$string6: \pidloc.txt
- 0x5370:$string7: BSPLIT
- 0x5390:$string7: BSPLIT
|
17.2.Windows Update.exe.33faa98.4.raw.unpack | HKTL_NET_GUID_Stealer | Detects c# red/black-team tools via typelibguid | Arnim Rupp | - 0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
- 0x1119af:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
|
17.2.Windows Update.exe.33faa98.4.raw.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
17.2.Windows Update.exe.33faa98.4.raw.unpack | Hawkeye | detect HawkEye in memory | JPCERT/CC Incident Response Group | - 0x19624:$hawkstr1: HawkEye Keylogger
- 0x1c008:$hawkstr1: HawkEye Keylogger
- 0x1c3f4:$hawkstr1: HawkEye Keylogger
- 0x72f10:$hawkstr1: HawkEye Keylogger
- 0x8b48c:$hawkstr1: HawkEye Keylogger
- 0x10ff38:$hawkstr1: HawkEye Keylogger
- 0x19070:$hawkstr2: Dear HawkEye Customers!
- 0x1a674:$hawkstr2: Dear HawkEye Customers!
- 0x1c06c:$hawkstr2: Dear HawkEye Customers!
- 0x1c458:$hawkstr2: Dear HawkEye Customers!
- 0x191a2:$hawkstr3: HawkEye Logger Details:
- 0x1a79e:$hawkstr3: HawkEye Logger Details:
|
Click to see the 253 entries |