Collects information to fingerprint the system.CAPE detected the RemoteUtilitiesRAT malware family.Created a process from a suspicious location.Uses Windows utilities for basic functionality. Unconventionial language used in binary resources: Russian.Expresses interest in specific running processes.Dynamic (imported) function loading detected.Anomalous file deletion behavior detected (10+). Possible date expiration check, exits too soon after checking local time.Yara rule detections observed from a process memory dump/dropped files/CAPE.
0 Comments
Leave a Reply. |