Dustin wrote:
> > If anyone wants this sample, let me know. I have no idea if
> > Dustin has been doing anything with the samples I've been posting.
>
> I've been downloading them as I have the time and taking them apart,
> as I have the time. So far, it's general boring ####, trivial really.
If you've taken them apart, why don't you submit to VT the
random-named.exe file that these droppers create and link to in the
registry run keys?
Submit a few of them to VT and post the link, so we can see how well the
internal payload of these droppers is detected.
Here, try this one:
http://www.filedropper.com/copyofdocumentoct-31-2014-3
The anubis report in my previous post says it creates the file
dotsfhre.exe (although it's probably a random name so what-ever you come
up with would have a different name).
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|