bullguard09.wm01.to(Injector.DSCE Hosted In Portugal Lisbon Dotsi Unipessoal Lda.)

Resolved [ bullguard09.wm01.to ] To [ ]

Malware activity :

Reads terminal service related keys (often RDP related)
Sets a global windows hook to intercept keystrokes
Creates a fake system process
Modifies auto-execute functionality by setting/creating a value in the registry
Writes data to a remote process
Reads the active computer name
Reads the cryptographic machine GUID
Opens the MountPointManager (often used to detect additional infection locations)

Sample here hxxps://www.multiup.eu/b5f25a49310dc36ca128a3947f566ae6

Hosting Infos :

Categories: Uncategorized