Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum


New Ransomware Shows Off Its Abilities:

0 Replies, 1621 Views

[Image: getty_622184706_401840.jpg]

                              A new type of ransomware called "SectopRAT" that was first discovered by MalwareHunterTeam stated in a November 15th tweet, that this new ransomware was able to create a second "hidden" desktop that was able to fully control the chosen browser. 

             According to an article by ZDNet: 
             "The first SectopRAT sample is signed by Sectigo RSA Code Signing CA and uses a Flash icon, whereas the second is not signed. Both samples of the Remote Access Trojan (RAT) use arbitrary characters in their names, have write/execute characteristics, and make use of ConfuserEx for obfuscation. 
According to the researchers, the malware contains a RemoteClient.Config class with four valuables for configuration -- IP, retip, filename, and mutexName. 
The IP variable relates to the Trojan's command-and-control (C2) server, whereas the retip variable has been designed to set up new C2 IPs that the server can override using the "set IP" command."

             The article goes on:

             "Filename and mutexName, however, are set but not in active use. 
The hardcoded filename spoolsvc.exe is added to the registry for persistence, a mimicry of the legitimate Microsoft service spoolsv.exe.
Once connected with its C2, the Trojan can be commanded to either stream an active desktop session or create a secondary one, hardcoded as "sdfsddfg," which is hidden from view. The researchers say that operators of the malware are able to use the "Init browser" command to initiate a browser session through the secondary desktop. "


             As far as this goes, its been stated by the team at MalwareHunter that the sample they received seems to show that the malware isn't finished, and is merely out in the wild for testing purposes. 

             Original article can be found here.

             That was the news folks, have a good day, and stay safe out there.


01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
(This post was last modified: 11-21-2019, 05:19 PM by Mad-Architect.)

Possibly Related Threads…
Thread Author Replies Views Last Post
  News Mexican Based Petrol Giant Hit With Ransomware: Mad-Architect 0 1,112 11-13-2019, 03:20 PM
Last Post: Mad-Architect
  News SmarterASP.NET Hit With Massive Ransomware Attack: Mad-Architect 0 1,196 11-11-2019, 04:43 PM
Last Post: Mad-Architect
  News Ransomware Gang Breached: Decryption Keys Released Mad-Architect 0 1,249 10-07-2019, 03:47 PM
Last Post: Mad-Architect
  News Multiple Dentist Offices Hit By Ransomware: Mad-Architect 0 1,266 08-30-2019, 01:31 PM
Last Post: Mad-Architect
  News Group Behind Ransomware Hit On Texas Make Demands: Mad-Architect 0 1,115 08-23-2019, 01:57 PM
Last Post: Mad-Architect
  News EuroFins Pays Ransom Amid Encounter With Ransomware: Mad-Architect 0 1,110 07-06-2019, 12:22 PM
Last Post: Mad-Architect
  News Alert Issued for Ryuk Ransomware: Global Organizations Targeted. Mad-Architect 0 1,214 06-30-2019, 11:35 AM
Last Post: Mad-Architect
  News Infamous Ransomware Operation Shuts Down: Mad-Architect 0 1,204 06-02-2019, 12:53 PM
Last Post: Mad-Architect
  News PewDiePie Ransomware Runs Amok in Battle for YouTube Supremacy Mad-Architect 0 1,227 03-25-2019, 10:14 AM
Last Post: Mad-Architect
  News Two US Based Chemical Companies Hit With Ransomware Mad-Architect 0 1,113 03-24-2019, 02:55 PM
Last Post: Mad-Architect

Users browsing this thread: 1 Guest(s)