We keep on fighting against malwares! In the past weeks we added hundreds of malware signatures to the database, below you can find the Top 5 from the past two weeks! Don’t forget that you are able to create your own malware signature too! We experienced that this crowdsourcing method between severals thousands of servers works fantastic in our IP reputation system, so keep on making the internet a safer place together! Thanks to your contribution we already have more than 15 000 malware signatures in our database.
Possible variant of the Hexa Botnet. Uses different hex string (high nibble first) than Variant 0 and 1.
Source code:
The malware downloads the source code to be executed from domainnamespace.top/lf.txt, the script checks and updates itself from this file. The backdoor owner can manipulate the behaviour by changing this file. At the time of the SA signature creation this source contains a complete hacker toolset. The access is protected with password for the hacker.
A simple backdoor. Gets the command via COOKIE. If the message is e, runs the base64 encoded code with eval. If the message is i, returns the phpinfo() output. The script is obfuscated with gzinflate and base64_encode. On VirusTotal, runs by the name of Trojan.Agent.
It is a possible variant of the Hexa botnet which uses hex string (high nibble first). The backdoor’s file name is always 8 random characters and the content is especially obfuscated.
It is a possible variant of the Hexa botnet. Uses different hex string (high nibble first) than Variant 0.
If you haven’t tried BitNinja yet don’t forget to registerfor the 7-day free trial! No credit card needed!
Sign up for a free trial
For our subscribers we also provide valuable information about malwares and the most recent news from the cybersecurity world.
Start the 7-day free trial with full functionality without spending a cent.
After the “Hello, Peppa!” zero-day botnet, our Attack Vector Miner detected another zero-day...
At the end of the last year, we made...
