Details
Malware Family AlienSpy
Date Added May 16, 2016, 6:46 a.m.
MD5 5632961e750de4c1398a830df3cb4416
Sha256 b08a2dcf1d8c994400c5d1f22012ad7205bf111c51f54fd40d470a03f0994bda
Robot Robots lovingly delivered by robohash.org
Config Sections
PLUGIN_FOLDER iGmuucOxECK
PLUGIN_EXTENSION GSAww
NETWORK [{u'PORT': 1234, u'DNS': u'127.0.0.1'}, {u'PORT': 9998, u'DNS': u'emenike.no-ip.info'}, {u'PORT': 9997, u'DNS': u'emenike.no-ip.info'}]
DELAY_INSTALL 1
JAR_NAME 6YPyQ4CyL8P
JAR_FOLDER oZODdmrfAYJ
VBOX False
JAR_REGISTRY vysixtdSK4W
INSTALL True
JAR_EXTENSION HlZJcl
SECURITY [{u'PROCESS': [u'UserAccountControlSettings.exe'], u'REG': [{u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]', u'VALUE': u'"ConsentPromptBehaviorAdmin"=dword:00000000\r\n"ConsentPromptBehaviorUser"=dword:00000000\r\n"EnableLUA"=dword:00000000\r\n'}], u'NAME': u'User Account Control'}, {u'PROCESS': [u'Taskmgr.exe'], u'REG': [{u'KEY': u'[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]', u'VALUE': u'"DisableTaskMgr"=dword:00000002\r\n'}], u'NAME': u'Task Manager'}, {u'REG': [{u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore]', u'VALUE': u'"DisableConfig"=dword:00000001\r\n"DisableSR"=dword:00000001\r\n'}], u'NAME': u'Restore System'}, {u'PROCESS': [u'ProcessHacker.exe'], u'NAME': u'Process Hacker'}, {u'PROCESS': [u'procexp.exe'], u'NAME': u'MsConfig'}, {u'PROCESS': [u'MSASCui.exe', u'MsMpEng.exe', u'MpUXSrv.exe', u'MpCmdRun.exe'], u'NAME': u'Windows Defender'}, {u'PROCESS': [u'procexp.exe'], u'NAME': u'Process Explorer'}, {u'PROCESS': [u'wireshark.exe', u'tshark.exe', u'text2pcap.exe', u'rawshark.exe', u'mergecap.exe', u'editcap.exe', u'dumpcap.exe', u'capinfos.exe'], u'NAME': u'Wireshark'}, {u'PROCESS': [u'mbam.exe', u'mbamscheduler.exe', u'mbamservice.exe'], u'NAME': u'MalwareBytes'}, {u'PROCESS': [u'AdAwareService.exe', u'AdAwareTray.exe', u'WebCompanion.exe', u'AdAwareDesktop.exe'], u'NAME': u'Ad-Aware Antivirus'}, {u'PROCESS': [u'V3Main.exe', u'V3Svc.exe', u'V3Up.exe', u'V3SP.exe', u'V3Proxy.exe', u'V3Medic.exe'], u'NAME': u'Ahnlab V3 Internet Security 8.0'}, {u'PROCESS': [u'BgScan.exe', u'BullGuard.exe', u'BullGuardBhvScanner.exe', u'BullGuarScanner.exe', u'LittleHook.exe', u'BullGuardUpdate.exe'], u'NAME': u'Bull Guard Antivirus'}, {u'PROCESS': [u'clamscan.exe', u'ClamTray.exe', u'ClamWin.exe'], u'NAME': u'ClamWin Antivirus'}, {u'PROCESS': [u'cis.exe', u'CisTray.exe', u'cmdagent.exe', u'cavwp.exe', u'dragon_updater.exe'], u'NAME': u'COMODO Ant
SECURITY_TIMES 3
NICKNAME MyGod-indeed-is-alive
JRE_FOLDER m8ahD7
VMWARE False
DELAY_CONNECT 1
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
127.0.0.1 0
emenike.no-ip.info 0.0.0.0 0
emenike.no-ip.info 0.0.0.0 0
Geo Location
Yara Rules
Comments
comments powered by Disqus