RAT Delivered Through FODHelper - SANS Internet Storm Center
Tags
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 60c76419-53c8-40d3-9374-857736ddde42
Fingerprint fc851e1c1124471a
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 22, 2022, midnight
Added to db Oct. 24, 2023, 1:38 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Internet Storm Center
Title RAT Delivered Through FODHelper - SANS Internet Storm Center
Detected Hints/Tags/Attributes 29/1/25
Source URLs
Redirection Url
Details Source https://isc.sans.edu/diary/rss/29078
URL Provider
Details Provider Source level domain
Details sans.edu isc.sans.edu
Attributes
Details Type #Events CTI Value
Details Domain 96 
malpedia.caad.fkie.fraunhofer.de
Details Email 1 
zu@e.jpeg
Details File 16 
2.bat
Details File 1 
%temp%\2.bat
Details File 226 
certutil.exe
Details File 93 
curl.exe
Details File 1 
%userprofile%\links\puedo.ps1
Details File 1 
puedo.ps1
Details File 1 
%userprofile%\links\adhd.bat
Details File 1 
adhd.bat
Details File 1 
%userprofile%\links\net.vbs
Details File 1 
net.vbs
Details File 1 
%temp%\adhd - copia.bat
Details File 1 
e.jpeg
Details File 1 
papero.exe
Details File 1 
zoey.exe
Details File 7 
isass.exe
Details File 13 
logs.dat
Details sha256 1 
6e83574ed73d798183a1555a910dcc118ac05cf1eac77306ab6edfdcab9207c3
Details IPv4 1 
171.22.30.120
Details IPv4 1 
171.22.30.7
Details Url 1 
http://171.22.30.120/puedo.ps1
Details Url 1 
http://171.22.30.120/adhd.bat
Details Url 1 
http://171.22.30.120/net.vbs
Details Url 5 
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos