Avast has been monitoring a new crypter, dropper, and password stealer that they have labeled "Meh". Meh is composed of two main parts. The first part is a crypter and the second part is a a password stealer. Meh is a compiled AutoIt script that is prepended with a randomly generated string sequence.
Assembly of the base.au3 shellcode with the beginning of the second shellcodeIOC Details :
| Indicator | |||
| 43bfa7e8b83b54b18b6b48365008b2588a15ccebb3db57b2b9311f257e81f34c | |||
| 34684e4c46d237bfd8964d3bb1fae8a7d04faa6562d8a41d0523796f2e80a2a6 | |||
| 657ea4bf4e591d48ee4aaa2233e870eb99a17435968652e31fc9f33bbb2fe282 | |||
| 2256801ef5bfe8743c548a580fefe6822c87b1d3105ffb593cbaef0f806344c5 | |||
| 66de6f71f268a76358f88dc882fad2d2eaaec273b4d946ed930b8b7571f778a8 | |||
| http://83.171.237.233/s2/autoit.exe | |||
| http://83.171.237.233/s2/base.au3 | |||
| http://83.171.237.233/s2/pe.bin |
VT Engine Detection :
No comments:
Post a Comment