bullguard09.wm01.to(Injector.DSCE Hosted In Portugal Lisbon Dotsi Unipessoal Lda.)

Resolved [ bullguard09.wm01.to ] To [ 5.206.227.248 ]

Malware activity :


Reads terminal service related keys (often RDP related)
Sets a global windows hook to intercept keystrokes
Creates a fake system process
Modifies auto-execute functionality by setting/creating a value in the registry
Writes data to a remote process
Reads the active computer name
Reads the cryptographic machine GUID
Opens the MountPointManager (often used to detect additional infection locations)


Sample here hxxps://www.multiup.eu/b5f25a49310dc36ca128a3947f566ae6

Hosting Infos :
http://whois.domaintools.com/5.206.227.248



0 comments:

Post a Comment