MALICIOUS (1) campaign cataloged at 2024-10-03(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2024-10-alfooou¶
Running the module triggers obfuscated code that downloads a DLL containing reverse shell and injects it to a benign process.
Abuse categories¶
backdoor
Campaign uses backdoor.
obfuscation
Campaign uses obfuscation.
References¶
Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
hxxp://ec2-3-84-149-132.compute-1.amazonaws.com:3232/windows_dll