Description
Ransomware which is a variant of the STOP family.
bd313f9102739a231c214b4fe4f6c3a3.exe
233KB
211020-g4xe8sgfc8
bd313f9102739a231c214b4fe4f6c3a3
728aea2174af79ab9e03cc3d31ec069d5ceb513c
c95d04ae659ff27da971c970ec072ffbec37551120fe8c395d5455fba4139d0d
a5074f21dc6cf3575facb4817d31165606eb0bc539477cc67ab8af1f165b38c8925c796d68a5ce8a21754d54b313afe75a74d7a5f33ac5012c194914f4c4036e
Family | smokeloader |
Version | 2020 |
C2 |
http://nusurtal4f.net/ http://netomishnetojuk.net/ http://escalivrouter.net/ http://nick22doom4.net/ http://wrioshtivsio.su/ http://nusotiso4.su/ http://rickkhtovkka.biz/ http://palisotoliso.net/ |
rc4.i32 |
|
rc4.i32 |
|
Family | vidar |
Version | 41.5 |
Botnet | 706 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 706 |
Family | vidar |
Version | 41.5 |
Botnet | 517 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 517 |
Family | djvu |
C2 |
http://rlrz.org/lancer |
bd313f9102739a231c214b4fe4f6c3a3.exe
bd313f9102739a231c214b4fe4f6c3a3
233KB
728aea2174af79ab9e03cc3d31ec069d5ceb513c
c95d04ae659ff27da971c970ec072ffbec37551120fe8c395d5455fba4139d0d
a5074f21dc6cf3575facb4817d31165606eb0bc539477cc67ab8af1f165b38c8925c796d68a5ce8a21754d54b313afe75a74d7a5f33ac5012c194914f4c4036e
Ransomware which is a variant of the STOP family.
Modular backdoor trojan in use since 2014.
Vidar is an infostealer based on Arkei stealer.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.