Awesome leak !
I will try it now
Thank you for sharing
Infected with njRat.
Drops C:\Users\admin\AppData\Roaming\n7XIZjOAKBqHr89A\IzigUkt3JDCd.exe (md5: 575e1fb9e3452965fecd8d42978f622f).
Drops C:\Users\admin\AppData\Local\Temp\7OCtGrcaAjFL6Qcg.exe (md5: 07867cd18b6cfb6c5eebf8a2cc7d3120).
Drops a copy of IzigUkt3JDCd.exe in the same folder, named mLNqCcIL0DYM.exe.
Adds IzigUkt3JDCd.exe to the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon autorun key.
Reads C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Login Data to store Opera browser stored credentials.
Connects to pastebin.com and 167.99.189.114 port 17808, hosted by Digital Ocean in Canada.
Spoiler
called it
Infected with njRat.
Drops C:\Users\admin\AppData\Roaming\n7XIZjOAKBqHr89A\IzigUkt3JDCd.exe (md5: 575e1fb9e3452965fecd8d42978f622f).
Drops C:\Users\admin\AppData\Local\Temp\7OCtGrcaAjFL6Qcg.exe (md5: 07867cd18b6cfb6c5eebf8a2cc7d3120).
Drops a copy of IzigUkt3JDCd.exe in the same folder, named mLNqCcIL0DYM.exe.
Adds IzigUkt3JDCd.exe to the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon autorun key.
Reads C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Login Data to store Opera browser stored credentials.
Connects to pastebin.com and 167.99.189.114 port 17808, hosted by Digital Ocean in Canada.
Spoiler
tnx man
PHP Web Designer
Users browsing this thread: