Details
Malware Family AlienSpy
Date Added July 1, 2016, 3 a.m.
MD5 8ddedbf36a4674b6db1b82a2a276f0a0
Sha256 e20076d04649947b8b5eea9c1451e34ddf56bbf58f25a0aa25ffe3c1e7a86d80
Robot Robots lovingly delivered by robohash.org
Config Sections
PLUGIN_FOLDER zAnlTbzoLuq
PLUGIN_EXTENSION 3ChlP
NETWORK [{u'PORT': 2011, u'DNS': u'felixres015js.zapto.org'}]
DELAY_INSTALL 1
JAR_NAME remitt
JAR_FOLDER 90PJUArElQS
VBOX True
JAR_REGISTRY mKF7T0Jtg0c
INSTALL True
JAR_EXTENSION EWCeq4
SECURITY [{u'PROCESS': [u'UserAccountControlSettings.exe'], u'REG': [{u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]', u'VALUE': u'"ConsentPromptBehaviorAdmin"=dword:00000000\r\n"ConsentPromptBehaviorUser"=dword:00000000\r\n"EnableLUA"=dword:00000000\r\n'}], u'NAME': u'User Account Control'}, {u'PROCESS': [u'Taskmgr.exe'], u'REG': [{u'KEY': u'[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]', u'VALUE': u'"DisableTaskMgr"=dword:00000002\r\n'}], u'NAME': u'Task Manager'}, {u'REG': [{u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore]', u'VALUE': u'"DisableConfig"=dword:00000001\r\n"DisableSR"=dword:00000001\r\n'}], u'NAME': u'Restore System'}, {u'PROCESS': [u'ProcessHacker.exe'], u'NAME': u'Process Hacker'}, {u'PROCESS': [u'procexp.exe'], u'NAME': u'MsConfig'}, {u'PROCESS': [u'MSASCui.exe', u'MsMpEng.exe', u'MpUXSrv.exe', u'MpCmdRun.exe'], u'NAME': u'Windows Defender'}, {u'PROCESS': [u'procexp.exe'], u'NAME': u'Process Explorer'}, {u'PROCESS': [u'wireshark.exe', u'tshark.exe', u'text2pcap.exe', u'rawshark.exe', u'mergecap.exe', u'editcap.exe', u'dumpcap.exe', u'capinfos.exe'], u'NAME': u'Wireshark'}, {u'PROCESS': [u'mbam.exe', u'mbamscheduler.exe', u'mbamservice.exe'], u'NAME': u'MalwareBytes'}, {u'PROCESS': [u'AdAwareService.exe', u'AdAwareTray.exe', u'WebCompanion.exe', u'AdAwareDesktop.exe'], u'NAME': u'Ad-Aware Antivirus'}, {u'PROCESS': [u'V3Main.exe', u'V3Svc.exe', u'V3Up.exe', u'V3SP.exe', u'V3Proxy.exe', u'V3Medic.exe'], u'NAME': u'Ahnlab V3 Internet Security 8.0'}, {u'PROCESS': [u'BgScan.exe', u'BullGuard.exe', u'BullGuardBhvScanner.exe', u'BullGuarScanner.exe', u'LittleHook.exe', u'BullGuardUpdate.exe'], u'NAME': u'Bull Guard Antivirus'}, {u'PROCESS': [u'clamscan.exe', u'ClamTray.exe', u'ClamWin.exe'], u'NAME': u'ClamWin Antivirus'}, {u'PROCESS': [u'cis.exe', u'CisTray.exe', u'cmdagent.exe', u'cavwp.exe', u'dragon_updater.exe'], u'NAME': u'COMODO Ant
SECURITY_TIMES 5
NICKNAME FelixP
JRE_FOLDER PR5A6H
VMWARE True
DELAY_CONNECT 1
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
felixres015js.zapto.org 0.0.0.0 0
Geo Location
Yara Rules
Comments
comments powered by Disqus