19.0.vbc.exe.400000.4.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.4.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.3.RegAsm.exe.4a9b8f2.0.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x11bb0:$a1: logins.json
- 0x11b10:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x12334:$s4: \mozsqlite3.dll
- 0x115a4:$s5: SMTP Password
|
1.3.RegAsm.exe.4a9b8f2.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
19.0.vbc.exe.400000.3.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x147b0:$a1: logins.json
- 0x14710:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x14f34:$s4: \mozsqlite3.dll
- 0x137a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.0.vbc.exe.400000.3.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.3.RegAsm.exe.4a9b8f2.0.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
1.3.RegAsm.exe.4a9b8f2.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.0.vbc.exe.400000.5.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.RegAsm.exe.522834a.3.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
1.2.RegAsm.exe.522834a.3.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
19.0.vbc.exe.400000.2.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x147b0:$a1: logins.json
- 0x14710:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x14f34:$s4: \mozsqlite3.dll
- 0x137a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.3.RegAsm.exe.4a435a8.2.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x696fa:$a1: logins.json
- 0x6965a:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x69e7e:$s4: \mozsqlite3.dll
- 0x686ee:$s5: SMTP Password
|
1.3.RegAsm.exe.4a435a8.2.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.3.RegAsm.exe.4a435a8.2.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
19.0.vbc.exe.400000.5.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.5.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
19.0.vbc.exe.400000.0.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.0.vbc.exe.400000.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
19.0.vbc.exe.400000.1.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.1.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.2.vbc.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
19.0.vbc.exe.400000.2.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.2.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
19.2.vbc.exe.400000.0.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x147b0:$a1: logins.json
- 0x14710:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x14f34:$s4: \mozsqlite3.dll
- 0x137a4:$s5: SMTP Password
|
19.2.vbc.exe.400000.0.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.3.RegAsm.exe.4a435a8.2.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x6b4fa:$a1: logins.json
- 0x6b45a:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x6bc7e:$s4: \mozsqlite3.dll
- 0x6a4ee:$s5: SMTP Password
|
1.3.RegAsm.exe.4a435a8.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.3.RegAsm.exe.4a435a8.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
19.2.vbc.exe.400000.0.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
19.2.vbc.exe.400000.0.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.RegAsm.exe.51d0345.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.0.vbc.exe.400000.5.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.0.vbc.exe.400000.3.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.RegAsm.exe.400000.0.unpack | MAL_HawkEye_Keylogger_Gen_Dec18 | Detects HawkEye Keylogger Reborn | Florian Roth | - 0x87c2e:$s1: HawkEye Keylogger
- 0x87c97:$s1: HawkEye Keylogger
- 0x81071:$s2: _ScreenshotLogger
- 0x8103e:$s3: _PasswordStealer
|
1.2.RegAsm.exe.400000.0.unpack | SUSP_NET_NAME_ConfuserEx | Detects ConfuserEx packed file | Arnim Rupp | - 0x87601:$name: ConfuserEx
- 0x8630e:$compile: AssemblyTitle
|
1.2.RegAsm.exe.400000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
1.2.RegAsm.exe.400000.0.unpack | HawkEyev9 | HawkEye v9 Payload | ditekshen | - 0x87c2e:$id1: HawkEye Keylogger - Reborn v9 - {0} Logs - {1} \ {2}
- 0x87c97:$id2: HawkEye Keylogger - Reborn v9{0}{1} Logs{0}{2} \ {3}{0}{0}{4}
- 0x8103e:$str1: _PasswordStealer
- 0x8104f:$str2: _KeyStrokeLogger
- 0x81071:$str3: _ScreenshotLogger
- 0x81060:$str4: _ClipboardLogger
- 0x81083:$str5: _WebCamLogger
- 0x81198:$str6: _AntiVirusKiller
- 0x81186:$str7: _ProcessElevation
- 0x8114d:$str8: _DisableCommandPrompt
- 0x81253:$str9: _WebsiteBlocker
- 0x81263:$str9: _WebsiteBlocker
- 0x81139:$str10: _DisableTaskManager
- 0x811b4:$str11: _AntiDebugger
- 0x8123e:$str12: _WebsiteVisitorSites
- 0x81163:$str13: _DisableRegEdit
- 0x811c2:$str14: _ExecutionDelay
- 0x810e7:$str15: _InstallStartupPersistance
|
1.0.RegAsm.exe.400000.0.unpack | MAL_HawkEye_Keylogger_Gen_Dec18 | Detects HawkEye Keylogger Reborn | Florian Roth | - 0x87c2e:$s1: HawkEye Keylogger
- 0x87c97:$s1: HawkEye Keylogger
- 0x81071:$s2: _ScreenshotLogger
- 0x8103e:$s3: _PasswordStealer
|
1.0.RegAsm.exe.400000.0.unpack | SUSP_NET_NAME_ConfuserEx | Detects ConfuserEx packed file | Arnim Rupp | - 0x87601:$name: ConfuserEx
- 0x8630e:$compile: AssemblyTitle
|
1.0.RegAsm.exe.400000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
1.0.RegAsm.exe.400000.0.unpack | HawkEyev9 | HawkEye v9 Payload | ditekshen | - 0x87c2e:$id1: HawkEye Keylogger - Reborn v9 - {0} Logs - {1} \ {2}
- 0x87c97:$id2: HawkEye Keylogger - Reborn v9{0}{1} Logs{0}{2} \ {3}{0}{0}{4}
- 0x8103e:$str1: _PasswordStealer
- 0x8104f:$str2: _KeyStrokeLogger
- 0x81071:$str3: _ScreenshotLogger
- 0x81060:$str4: _ClipboardLogger
- 0x81083:$str5: _WebCamLogger
- 0x81198:$str6: _AntiVirusKiller
- 0x81186:$str7: _ProcessElevation
- 0x8114d:$str8: _DisableCommandPrompt
- 0x81253:$str9: _WebsiteBlocker
- 0x81263:$str9: _WebsiteBlocker
- 0x81139:$str10: _DisableTaskManager
- 0x811b4:$str11: _AntiDebugger
- 0x8123e:$str12: _WebsiteVisitorSites
- 0x81163:$str13: _DisableRegEdit
- 0x811c2:$str14: _ExecutionDelay
- 0x810e7:$str15: _InstallStartupPersistance
|
1.2.RegAsm.exe.51d0000.2.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x6b4fa:$a1: logins.json
- 0x6b45a:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x6bc7e:$s4: \mozsqlite3.dll
- 0x6a4ee:$s5: SMTP Password
|
1.2.RegAsm.exe.51d0000.2.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.RegAsm.exe.51d0000.2.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.RegAsm.exe.51d0345.1.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x6b1b5:$a1: logins.json
- 0x6b115:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x6b939:$s4: \mozsqlite3.dll
- 0x6a1a9:$s5: SMTP Password
|
1.2.RegAsm.exe.51d0345.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.RegAsm.exe.51d0345.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.0.vbc.exe.400000.4.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.RegAsm.exe.522834a.3.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x11bb0:$a1: logins.json
- 0x11b10:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x12334:$s4: \mozsqlite3.dll
- 0x115a4:$s5: SMTP Password
|
1.2.RegAsm.exe.522834a.3.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
19.0.vbc.exe.400000.3.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.3.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.RegAsm.exe.6d55bd0.5.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0xaf1f0:$a1: logins.json
- 0xaf150:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0xaf974:$s4: \mozsqlite3.dll
- 0xae1e4:$s5: SMTP Password
|
1.2.RegAsm.exe.6d55bd0.5.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.RegAsm.exe.6d55bd0.5.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
0.3.SecuriteInfo.com.Trojan.AutoIt.316.10986.exe.ff0000.0.unpack | MAL_HawkEye_Keylogger_Gen_Dec18 | Detects HawkEye Keylogger Reborn | Florian Roth | - 0x87c2e:$s1: HawkEye Keylogger
- 0x87c97:$s1: HawkEye Keylogger
- 0x81071:$s2: _ScreenshotLogger
- 0x8103e:$s3: _PasswordStealer
|
0.3.SecuriteInfo.com.Trojan.AutoIt.316.10986.exe.ff0000.0.unpack | SUSP_NET_NAME_ConfuserEx | Detects ConfuserEx packed file | Arnim Rupp | - 0x87601:$name: ConfuserEx
- 0x8630e:$compile: AssemblyTitle
|
0.3.SecuriteInfo.com.Trojan.AutoIt.316.10986.exe.ff0000.0.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
0.3.SecuriteInfo.com.Trojan.AutoIt.316.10986.exe.ff0000.0.unpack | HawkEyev9 | HawkEye v9 Payload | ditekshen | - 0x87c2e:$id1: HawkEye Keylogger - Reborn v9 - {0} Logs - {1} \ {2}
- 0x87c97:$id2: HawkEye Keylogger - Reborn v9{0}{1} Logs{0}{2} \ {3}{0}{0}{4}
- 0x8103e:$str1: _PasswordStealer
- 0x8104f:$str2: _KeyStrokeLogger
- 0x81071:$str3: _ScreenshotLogger
- 0x81060:$str4: _ClipboardLogger
- 0x81083:$str5: _WebCamLogger
- 0x81198:$str6: _AntiVirusKiller
- 0x81186:$str7: _ProcessElevation
- 0x8114d:$str8: _DisableCommandPrompt
- 0x81253:$str9: _WebsiteBlocker
- 0x81263:$str9: _WebsiteBlocker
- 0x81139:$str10: _DisableTaskManager
- 0x811b4:$str11: _AntiDebugger
- 0x8123e:$str12: _WebsiteVisitorSites
- 0x81163:$str13: _DisableRegEdit
- 0x811c2:$str14: _ExecutionDelay
- 0x810e7:$str15: _InstallStartupPersistance
|
19.0.vbc.exe.400000.5.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x147b0:$a1: logins.json
- 0x14710:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x14f34:$s4: \mozsqlite3.dll
- 0x137a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.5.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
19.0.vbc.exe.400000.4.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x147b0:$a1: logins.json
- 0x14710:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x14f34:$s4: \mozsqlite3.dll
- 0x137a4:$s5: SMTP Password
|
19.0.vbc.exe.400000.4.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.0.vbc.exe.400000.4.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.RegAsm.exe.6df1c10.4.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x11bb0:$a1: logins.json
- 0x11b10:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x12334:$s4: \mozsqlite3.dll
- 0x115a4:$s5: SMTP Password
|
1.2.RegAsm.exe.6df1c10.4.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.RegAsm.exe.6df1c10.4.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x131b0:$a1: logins.json
- 0x13110:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x13934:$s4: \mozsqlite3.dll
- 0x121a4:$s5: SMTP Password
|
1.2.RegAsm.exe.6df1c10.4.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
3.0.vbc.exe.400000.2.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.3.RegAsm.exe.4a438ed.1.raw.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x6b1b5:$a1: logins.json
- 0x6b115:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x6b939:$s4: \mozsqlite3.dll
- 0x6a1a9:$s5: SMTP Password
|
1.3.RegAsm.exe.4a438ed.1.raw.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.3.RegAsm.exe.4a438ed.1.raw.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.3.RegAsm.exe.4a438ed.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.0.RegAsm.exe.400000.1.unpack | MAL_HawkEye_Keylogger_Gen_Dec18 | Detects HawkEye Keylogger Reborn | Florian Roth | - 0x87c2e:$s1: HawkEye Keylogger
- 0x87c97:$s1: HawkEye Keylogger
- 0x81071:$s2: _ScreenshotLogger
- 0x8103e:$s3: _PasswordStealer
|
1.0.RegAsm.exe.400000.1.unpack | SUSP_NET_NAME_ConfuserEx | Detects ConfuserEx packed file | Arnim Rupp | - 0x87601:$name: ConfuserEx
- 0x8630e:$compile: AssemblyTitle
|
1.0.RegAsm.exe.400000.1.unpack | JoeSecurity_HawkEye | Yara detected HawkEye Keylogger | Joe Security | |
1.0.RegAsm.exe.400000.1.unpack | HawkEyev9 | HawkEye v9 Payload | ditekshen | - 0x87c2e:$id1: HawkEye Keylogger - Reborn v9 - {0} Logs - {1} \ {2}
- 0x87c97:$id2: HawkEye Keylogger - Reborn v9{0}{1} Logs{0}{2} \ {3}{0}{0}{4}
- 0x8103e:$str1: _PasswordStealer
- 0x8104f:$str2: _KeyStrokeLogger
- 0x81071:$str3: _ScreenshotLogger
- 0x81060:$str4: _ClipboardLogger
- 0x81083:$str5: _WebCamLogger
- 0x81198:$str6: _AntiVirusKiller
- 0x81186:$str7: _ProcessElevation
- 0x8114d:$str8: _DisableCommandPrompt
- 0x81253:$str9: _WebsiteBlocker
- 0x81263:$str9: _WebsiteBlocker
- 0x81139:$str10: _DisableTaskManager
- 0x811b4:$str11: _AntiDebugger
- 0x8123e:$str12: _WebsiteVisitorSites
- 0x81163:$str13: _DisableRegEdit
- 0x811c2:$str14: _ExecutionDelay
- 0x810e7:$str15: _InstallStartupPersistance
|
1.2.RegAsm.exe.6d55bd0.5.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.0.vbc.exe.400000.0.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
3.0.vbc.exe.400000.1.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
1.2.RegAsm.exe.51d0000.2.unpack | APT_NK_BabyShark_KimJoingRAT_Apr19_1 | Detects BabyShark KimJongRAT | Florian Roth | - 0x696fa:$a1: logins.json
- 0x6965a:$s3: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_login
- 0x69e7e:$s4: \mozsqlite3.dll
- 0x686ee:$s5: SMTP Password
|
1.2.RegAsm.exe.51d0000.2.unpack | JoeSecurity_MailPassView | Yara detected MailPassView | Joe Security | |
1.2.RegAsm.exe.51d0000.2.unpack | JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | |
Click to see the 83 entries |