HackTool.Win64.FRP.R


 ALIASES:

HEUR:NetTool.Win64.FRP.gen

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Dropped by other malware, Downloaded from the Internet

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

5,053,440 bytes

File Type:

EXE

File Compression:

UPX

Memory Resident:

No

Initial Samples Received Date:

28 Jun 2024

Payload:

Acts as a proxy server

Arrival Details

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Other Details

This Hacking Tool does the following:

  • It is used for setting up a reverse proxy
  • It requires the following files for the configuration of the proxy server:
    • frpc.ini

It accepts the following parameters:

  • Usage:
    • frpc [flags]
    • frpc [command]
  • Commands:
    • completion → Generate the autocompletion script for the specified shell
    • help → Help about any command
    • http → Run frpc with a single http proxy
    • https → Run frpc with a single https proxy
    • nathole → Actions about nathole
    • reload → Hot-Reload frpc configuration
    • status → Overview of all proxies status
    • stcp → Run frpc with a single stcp proxy
    • stop → Stop the running frpc
    • sudp → Run frpc with a single sudp proxy
    • tcp → Run frpc with a single tcp proxy
    • tcpmux → Run frpc with a single tcpmux proxy
    • udp → Run frpc with a single udp proxy
    • verify → Verify that the configures is valid
    • xtcp → Run frpc with a single xtcp proxy
  • Flags:
    • -c, --config {string} → config file of frpc (default "./frpc.ini")
    • --config-dir {directory} → config directory, run one frpc service for each file in config directory
    • -h, --help → help for frpc
    • --strict-config → strict config parsing mode, unknown fields will cause an errors (default true)
    • -v, --version → version of frpc

  SOLUTION

Minimum Scan Engine:

9.800

SSAPI PATTERN File:

2.743.00

SSAPI PATTERN Date:

11 Jul 2024

Step 1

Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.

Step 2

Scan your computer with your Trend Micro product to delete files detected as HackTool.Win64.FRP.R. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:


Did this description help? Tell us how we did.