Details
Malware Family AlienSpy
Date Added Sept. 22, 2018, 6:25 a.m.
MD5 c3ea3ac0e09ae046261d51bd21e71c8c
Sha256 2b70a181ddc593f141bdaa4c402137c2cd35468b88f9b8d91a4c55f6f7397cb2
Robot Robots lovingly delivered by robohash.org
Config Sections
PLUGIN_FOLDER h61g51XaqiM
PLUGIN_EXTENSION iVqvu
NETWORK [{u'PORT': 7777, u'DNS': u'127.0.0.1'}]
DELAY_INSTALL 2
JAR_NAME 0JYGyQds4r6
JAR_FOLDER IJQMTf7zZXU
VBOX True
JAR_REGISTRY kJJl8fDTe67
INSTALL True
JAR_EXTENSION EDESq8
SECURITY [{u'PROCESS': [u'UserAccountControlSettings.exe'], u'REG': [{u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]', u'VALUE': u'"ConsentPromptBehaviorAdmin"=dword:00000000\r\n"ConsentPromptBehaviorUser"=dword:00000000\r\n"EnableLUA"=dword:00000000\r\n'}], u'NAME': u'User Account Control'}, {u'PROCESS': [u'Taskmgr.exe'], u'REG': [{u'KEY': u'[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]', u'VALUE': u'"DisableTaskMgr"=dword:00000002\r\n'}], u'NAME': u'Task Manager'}, {u'REG': [{u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore]', u'VALUE': u'"DisableConfig"=dword:00000001\r\n"DisableSR"=dword:00000001\r\n'}], u'NAME': u'Restore System'}, {u'PROCESS': [u'ProcessHacker.exe'], u'NAME': u'Process Hacker'}, {u'PROCESS': [u'procexp.exe'], u'NAME': u'MsConfig'}, {u'PROCESS': [u'MSASCui.exe', u'MsMpEng.exe', u'MpUXSrv.exe', u'MpCmdRun.exe'], u'NAME': u'Windows Defender'}, {u'PROCESS': [u'procexp.exe'], u'NAME': u'Process Explorer'}, {u'PROCESS': [u'wireshark.exe', u'tshark.exe', u'text2pcap.exe', u'rawshark.exe', u'mergecap.exe', u'editcap.exe', u'dumpcap.exe', u'capinfos.exe'], u'NAME': u'Wireshark'}, {u'PROCESS': [u'mbam.exe', u'mbamscheduler.exe', u'mbamservice.exe'], u'NAME': u'MalwareBytes'}, {u'PROCESS': [u'AdAwareService.exe', u'AdAwareTray.exe', u'WebCompanion.exe', u'AdAwareDesktop.exe'], u'NAME': u'Ad-Aware Antivirus'}, {u'PROCESS': [u'V3Main.exe', u'V3Svc.exe', u'V3Up.exe', u'V3SP.exe', u'V3Proxy.exe', u'V3Medic.exe'], u'NAME': u'Ahnlab V3 Internet Security 8.0'}, {u'PROCESS': [u'BgScan.exe', u'BullGuard.exe', u'BullGuardBhvScanner.exe', u'BullGuarScanner.exe', u'LittleHook.exe', u'BullGuardUpdate.exe'], u'NAME': u'Bull Guard Antivirus'}, {u'PROCESS': [u'clamscan.exe', u'ClamTray.exe', u'ClamWin.exe'], u'NAME': u'ClamWin Antivirus'}, {u'PROCESS': [u'cis.exe', u'CisTray.exe', u'cmdagent.exe', u'cavwp.exe', u'dragon_updater.exe'], u'NAME': u'COMODO Ant
SECURITY_TIMES 3
NICKNAME JSocket
JRE_FOLDER 872Ddz
VMWARE True
DELAY_CONNECT 2
Advertising
VirusTotal

33 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus