![]() It is immense (~ 12MB) as it has most of the code to impair the defences. The ‘mdnsFULLHD.exe’ file is PE32 executable for MS Windows, and it is Delphi compiled. Malware also disables real-time protection by setting values by 1.ĪllaKore Rat is an open-source simple Remote Access Tool written in Delphi and has a very high resemblance with code found on GitHub.īabuk Downloader launches the Allakore Rat, and it makes TCP requests, as shown below. It also disables windows defender by setting the value of DisableAntiSpyware by 1. reg file disables user account control by setting the value of EnableLUA by 0. All the dropped files in the startup folder are executed through PowerShell and their activity in the background.Īnydesk. Clean Anydesk application is dropped at the desktop, and it gets installed. Reg is fallen in the Startup folder without user interaction. The above image shows an Allakore Rat client named bthudtaskt.exe, a Babuk downloader called mdnsFULLHD.exe, and one registry file named Anydesk. ![]() When a user clicks on the downloaded archive, which pretends to be an Anydesk software application, other files in the bundle get dropped silently. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |