Search
Keyword: os2first
User Name domain - Domain is_admin - (YES/NO) os - OS Version qbot_version - QBOT Version install_time - Install Time exe - Execution Name and Path prod_id - ID It terminates itself if the following DLL
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes then deletes itself afterward. It connects
\CurrentVersion\Policies\ Explorer\Run Internet Explorer = "%User Profile%\InternetExplorer.lnk" - If OS version is lower than Windows Vista HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\policies
{BLOCKED}.216.148:80/ss64.msi -> If OS is found as Windows cmd.exe /c pinc -n 2 127.0.0.1 -> if OS is found as Windows bash -c chmod +x /tmp/bash ; setsid /tmp/bash -> If OS is found as Linux bash -c sleep 3
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\googleupdate Start = "2" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\googleupdate ImagePath = "%Windows%\{random file name}.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\googleupdate
}/0/ http://{BLOCKED}2.{BLOCKED}3.35.133:{random port}/1401_11/{computer name of affected system}/{value}/{value}/{value} It reports the following information of the affected system: Computer Name OS
" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\googleupdate Start = "2" It adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
keyboard and mouse activities Logs the user off Manipulate registry Get OS Version Get Host Name Shutdown Computer Open/Close a printer - Print a document Send stolen information It connects to the following