@gi7w0rm : Quck analysis of new #ToolShell payload observed by @leak_ix: Paylaod is a .dll executed in memory. Sha-256: 3461da3a2ddcced4a500f87dcd7650af48f97998a3ac9ca649d7ef3b7332bd997 It collects System Info and the sensitive machine key. Sends back in response. Single Request takeover. • TwiCopy

Gi7w0rm

@gi7w0rm

+ Follow

Threat Intelligence Analyst |
See my Linktree for other socials |
In case I post false intel, contact me!
Support me: ko-fi.com/gi7w0rm
🇪🇺🇩🇪🇺🇦🌈

ID: 1058319953739333632

linkhttps://linktr.ee/gi7w0rm calendar_today02-11-2018 11:28:34

9,9K Tweet

17,17K Takipçi

787 Takip Edilen

Gi7w0rm

@gi7w0rm

20 days ago

Quck analysis of new #ToolShell payload observed by LeakIX: Paylaod is a .dll executed in memory. Sha-256: 3461da3a2ddcced4a00f87dcd7650af48f97998a3ac9ca649d7ef3b7332bd997 It collects System Info and the sensitive machine key. Sends back in response. Single Request takeover.

Quck analysis of new #ToolShell payload observed by <a href="/leak_ix/">LeakIX</a>:
Paylaod is a .dll executed in memory.
Sha-256: 3461da3a2ddcced4a00f87dcd7650af48f97998a3ac9ca649d7ef3b7332bd997

It collects System Info and the sensitive machine key.
Sends back in response. Single Request takeover.

thumb_up_off_alt146

chat_bubble_outline4

repeat47

shareShare