FedSearch - Federated network search engine

FedSearch

Query documentation
API Documentation
Privacy
Server opt-out
Contact

CIRCL - Old account · @circl

117 followers · 607 posts · Server mastodon.opencloud.lu

2019-12-28: #TrickBot Loader #Malware -> '1079' Core Bot
Cert: [LIT-DAN UKIS UAB] #Sectigo
Crypter
CryptStringToBinaryA -> malloc -> window (hide)-> memcpy -> resource -> VirtualAllocExNuma -> Crypto Key Decrypt
Same '1079'

https://twitter.com/VK_Intel/status/1204673384539475968 …
h/t @malwrhunterteampic.twitter.com/Ow9ZZIktEr

#Sectigo #malware #TrickBot

Last updated 5 years ago

Original post