Trojan.Rmnet.129

Trojan.Rmnet.129

Добавлен в вирусную базу Dr.Web: 2025-02-12

Описание добавлено: 2025-02-13

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,%LOCALAPPDATA%\wwqborfo\brjpsfis.exe'
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'BrjPsfis' = '%LOCALAPPDATA%\wwqborfo\brjpsfis.exe'

Creates or modifies the following files

%APPDATA%\microsoft\windows\start menu\programs\startup\brjpsfis.exe

Sets the following service settings

[HKLM\System\CurrentControlSet\Services\Micorsoft Windows Service] 'ImagePath' = '%TEMP%\mojtqpgl.sys'

Creates the following services

'Micorsoft Windows Service' %TEMP%\mojtqpgl.sys

Malicious functions

To complicate detection of its presence in the operating system,

blocks the following features:

User Account Control (UAC)

Injects code into

the following system processes:

%WINDIR%\syswow64\svchost.exe

the following user processes:

swekxhhylbccsrqv.exe

Modifies file system

Creates the following files

%TEMP%\swekxhhylbccsrqv.exe
%LOCALAPPDATA%\geliattb.log
%LOCALAPPDATA%\wwqborfo\brjpsfis.exe
%TEMP%\mojtqpgl.sys

Sets the 'hidden' attribute to the following files

%APPDATA%\microsoft\windows\start menu\programs\startup\brjpsfis.exe

Deletes the following files

%TEMP%\mojtqpgl.sys

Network activity

Connects to

'google.com':80
'vk#####mlufmqwvvu.com':443
'ju#####sjbveoqfam.com':443
'kf#####qwrnjlmkrl.com':443
'vf###mselcv.com':443
'ex#####hvjwycxpsme.com':443

TCP

Other

'yy#####ygdpkippa.com':443
'kf#####qwrnjlmkrl.com':443
'vf###mselcv.com':443

UDP

DNS ASK google.com
DNS ASK ue#####jhynkscodc.com
DNS ASK bk#####rasvbillu.com
DNS ASK qd###krc.com
DNS ASK ui###gfe.com
DNS ASK of###bnonpg.com
DNS ASK hx####remopog.com
DNS ASK ha####pvawyb.com
DNS ASK uf###nyrlfp.com
DNS ASK xb####buqykdseh.com
DNS ASK wi#####pdnwtucshvk.com
DNS ASK jw####bwnkmry.com
DNS ASK qu#####qwtdeqvlwb.com
DNS ASK va#####edyxygrrvqi.com
DNS ASK wu#####ncyfufyelf.com
DNS ASK fh###jixtfb.com
DNS ASK tj#####iklfubewlnd.com
DNS ASK bd###ihxty.com
DNS ASK wi###jpfb.com
DNS ASK xf###ynams.com
DNS ASK wl###ycen.com
DNS ASK rj####rqemcrhwg.com
DNS ASK jn###bdjkcu.com
DNS ASK ju#####hybypevngin.com
DNS ASK vy####jpetmn.com
DNS ASK fv####gnkdgr.com
DNS ASK oi####aivjpmd.com
DNS ASK ve#####qgifcugyi.com
DNS ASK dc#####bdthwwddg.com
DNS ASK yb#####gmkdlureo.com
DNS ASK et###wehy.com
DNS ASK mx###qte.com
DNS ASK dq###agyhgk.com
DNS ASK xp#####eyefbfofcxqi.com
DNS ASK oc####seopnyhh.com
DNS ASK bc#####dfxhvxdsdx.com
DNS ASK nn####ymbtivx.com
DNS ASK fc#####dqypasmlav.com
DNS ASK rd#####fvejhhfrtkld.com
DNS ASK su#####dqwqavihf.com
DNS ASK mx###sce.com
DNS ASK wb###wgnume.com
DNS ASK ov####wwfiejsv.com
DNS ASK ll#####hwlicvekr.com
DNS ASK pl#####ytmmockwbjeb.com
DNS ASK tn#####sulchxwefk.com
DNS ASK cf####nybdlnh.com
DNS ASK gr#####cbutgcdfnsuv.com
DNS ASK lk#####anxcjsidn.com
DNS ASK ka###fvsf.com
DNS ASK hy####xfaxow.com
DNS ASK nm####ywumbhtp.com
DNS ASK nd####xjnlisu.com
DNS ASK ek#####tbaofoloon.com
DNS ASK vc####pjcheyag.com
DNS ASK mp####qketycp.com
DNS ASK jw####ukacrgpyk.com
DNS ASK tv####buncehk.com
DNS ASK jl#####mdrqipuexn.com
DNS ASK im####jtifnvqna.com
DNS ASK ji####doyejk.com
DNS ASK xy####lorypluq.com
DNS ASK fj#####dihxupipv.com
DNS ASK kh###bkng.com
DNS ASK xt###ubpuyy.com
DNS ASK yg###mfyk.com
DNS ASK sc###wrswp.com
DNS ASK ux###bkg.com
DNS ASK nv###krdb.com
DNS ASK ey####akvjcfnvw.com
DNS ASK gf###edvjwn.com
DNS ASK ge####qvihbryav.com
DNS ASK lj#####efnttelekfl.com
DNS ASK vc#####vqbwornhao.com
DNS ASK dk####jiejuo.com
DNS ASK ni###soqe.com
DNS ASK by####uyorgwoa.com
DNS ASK na###jtcto.com
DNS ASK dq####yvbssx.com
DNS ASK te#####ytesuoxsykc.com
DNS ASK kf####qbtpdh.com
DNS ASK nn####pagyuybj.com
DNS ASK mh####lagjuopwv.com
DNS ASK ep###tiannc.com
DNS ASK po###prloee.com
DNS ASK tt####akjxmhm.com
DNS ASK fx#####xwwqkqbbhcqi.com
DNS ASK cb####rybqehdhy.com
DNS ASK oi####djxwpamce.com
DNS ASK ml#####kspswyfnfbc.com
DNS ASK th###lxurob.com
DNS ASK qh###cyxrqv.com
DNS ASK cp#####dwgbtiuqclsm.com
DNS ASK cb####hktahyrwr.com
DNS ASK bs#####mhfybnugcd.com
DNS ASK qj####lmcjtg.com
DNS ASK wj###lgi.com
DNS ASK cy#####cnstduhribs.com
DNS ASK my#####ckcdfhgci.com
DNS ASK ka###dpo.com
DNS ASK yt###slmp.com
DNS ASK ad###upfbrn.com
DNS ASK se#####vxhqlsafqes.com
DNS ASK fv####qgtfjjyce.com
DNS ASK gg####fqftds.com
DNS ASK ac#####iwldmqlpwku.com
DNS ASK eb####gpnlnm.com
DNS ASK oq####xbnlbi.com
DNS ASK uw###etjdp.com
DNS ASK qh###iukkv.com
DNS ASK wf#####kwrqcmldako.com
DNS ASK af#####gaayynvgfaw.com
DNS ASK qh#####spsnwouayf.com
DNS ASK nw#####tevxlepfuxw.com
DNS ASK ak####ecjnghqtc.com
DNS ASK ns####yruivqvla.com
DNS ASK sl#####shvktbvgdduh.com
DNS ASK lp#####uqxswhkyak.com
DNS ASK pq#####ushsjhiqqxa.com
DNS ASK rm###via.com
DNS ASK pe###olu.com
DNS ASK ej####cajudj.com
DNS ASK qj####opkoipxeq.com
DNS ASK da####edlupjcm.com
DNS ASK ig###tsa.com
DNS ASK wr###yjkf.com
DNS ASK dx###jvfnaw.com
DNS ASK nh####fxvyqnebg.com
DNS ASK vf###mselcv.com
DNS ASK ju#####sjbveoqfam.com
DNS ASK ur####ncfbxsk.com
DNS ASK yy#####ygdpkippa.com
DNS ASK vk#####mlufmqwvvu.com
DNS ASK kp####tppsmtn.com
DNS ASK kf#####qwrnjlmkrl.com
DNS ASK yu#####bkyknsbvrui.com
DNS ASK lk###ore.com
DNS ASK dj####wvgodxa.com
DNS ASK ya####bingmhmaf.com
DNS ASK pj#####iqfqyawojk.com
DNS ASK wy####kaaisyp.com
DNS ASK lu###icrni.com
DNS ASK cm###heuh.com
DNS ASK ya####mootbenii.com
DNS ASK ex#####hvjwycxpsme.com
DNS ASK tp###edi.com
DNS ASK py####uhjofkbbc.com
DNS ASK jn###reo.com
DNS ASK sr####tbguwfet.com
DNS ASK yp####gnusnhhc.com
DNS ASK dd####yenogceql.com
DNS ASK gw###iwlgu.com
DNS ASK jm####usyhombk.com
DNS ASK rd###tcgq.com
DNS ASK lm####hrafvw.com
DNS ASK xt###yrxfcm.com
DNS ASK yc#####pfwsngccpcnm.com
DNS ASK le#####ugiasvirt.com
DNS ASK gp###wsyshd.com
DNS ASK yh#####fisdxornck.com
DNS ASK mc#####mjobninfjna.com
DNS ASK ij#####sljxbtotr.com
DNS ASK hb#####skqcmbrkf.com
DNS ASK pp###ebx.com
DNS ASK pc###fpntuw.com
DNS ASK sc#####mallisjkkag.com
DNS ASK py#####oxlmtgogfiwl.com
DNS ASK rv####otdlfglh.com
DNS ASK sf###cvovnj.com
DNS ASK ew#####rthoadpitts.com
DNS ASK ar#####vchlgpyqgc.com
DNS ASK vw###eynisd.com
DNS ASK ll####kpjpibv.com
DNS ASK gh#####ocmbfjvgkt.com
DNS ASK xo#####mdgppqjgdjaa.com
DNS ASK lj###bhc.com
DNS ASK eg###tqrrh.com
DNS ASK hp#####weoyiamrcpw.com
DNS ASK py###yjydi.com
DNS ASK aw#####molkitdqhwut.com
DNS ASK kf###wugxk.com
DNS ASK xb###mjuqya.com
DNS ASK er#####uqcnbtkubh.com
DNS ASK li###nmmkbi.com
DNS ASK lc###nkpyoj.com
DNS ASK rg###ioiqm.com
DNS ASK nr####xgpkmnxgf.com
DNS ASK ec###ammark.com
DNS ASK wx#####axhkqddbb.com
DNS ASK kf#####oechqgryajnc.com
DNS ASK cc####kuamaths.com
DNS ASK fi####bejrshvu.com
DNS ASK ak####twdfkdc.com
DNS ASK tj###xuxtl.com
DNS ASK ga####ewuuudy.com
DNS ASK gj###rsykbm.com
DNS ASK vx###reb.com
DNS ASK ey###cefrc.com
DNS ASK wy###nvsl.com
DNS ASK oa#####wysnxacmsbow.com
DNS ASK nh#####txoqsstgj.com
DNS ASK wn#####oadriawdy.com

Miscellaneous

Creates and executes the following

'%TEMP%\swekxhhylbccsrqv.exe'

Restarts the analyzed sample

Executes the following

'%WINDIR%\syswow64\svchost.exe'

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней