This can allow the malware to run with Admin privileges, or allow remote logon (RDP) with full Admin privileges.ĥ2072a8f99dacd5c293fccd051eab95516d8b880cd2bc5a7e0f4a30d008e22a7 Tags The program is also capable of bypassing User Account Controls (UAC) on the system by disabling Admin Approval Mode in User Account Controls Group Policy in HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System. The file is used to side-load the malicious dynamic-link library (DLL), vftrace.dll. This artifact is a version of vf_host.exe from Viewfinity. PE Metadata Compile DateĬopyright © 1999-2016 CyberArk Software Ltd. The files creates a backdoor program that is capable of uploading and downloading files to and from the system. CISA obtained HyperBro malware samples during an on-site incident response engagement at a Defense Industrial Base (DIB) Sector organization compromised by advanced persistent threat (APT) actors.ĬISA analyzed 4 files associated with HyperBro malware. This Malware Analysis Report (MAR) is the result of analytic efforts by the Cybersecurity and Infrastructure Security Agency (CISA) to provide detailed analysis of files associated with HyperBro, a Remote Access Trojan (RAT).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |