![]() ![]() The final payload of this binary is an IRC bot, which the authors named TNTbotinger. The AES key and initialization vector (IV) are hard-coded in the binary. This is dynamically loaded during execution, and the same packer with the Go version of LaufzeitCrypter is used. This binary is Go-compiled and contains an AES-encrypted ELF file. We suspect that the collected information will serve as a knowledge base for the improvement of subsequent attacks. The malicious actors will then upload this stolen information using a TGZ (tar.gz) file via an HTTP POST request to an attacker-provided URL. /etc group, /etc/passwd, /etc/shadow, /etc/gshadow. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |