BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • DotRunpeX is able to deliver an extensive list of malware to target computers

    The new malicious software, called “dotRunpeX”, is used to spread many famous families of malware, such as Agent Tesla, Ave Maria, Bitrat, Formbook, Lokibot, Netwire, Raccoon Stealer, Redline Stealer, Remcos, Rhadamanthys and Vidar.

    “DotRunpeX is a new injector written on .NET using Process Hollowing technology. It is used by attackers to infect targeted systems with various well-known families of harmful programs,” says the comprehensive report of CheckPoint.

    DotRunpeX samples studied by researchers are malicious in the second stage, often deployed through the bootloader, which is delivered to the victim’s computer through phishing emails in the form of malicious attachments.

    In addition, it is known that attackers use in their campaign the harmful advertising of Google ADS. Such an advertisement redirects unsuspecting users looking for popular software by the AnyDesk and LastPass type, on sites on which Trojan installers are posted.

    The Check Point analysis showed that “each sample of dotRunpeX has a built-in useful load of a certain family of malicious programs,” while a rigid list of operating system processes is spelled out in the injector, which automatically end with the activation of malicious software to avoid detection. And the latest dotRunpeX samples also use KoiVM virtualization means for these purposes.

    Checkpoint specialists also found some signs that dotRunpeX can be associated with Russian-speaking hackers. This is indicated by the presence of the Cyrillic alphabet in the drivers used.

    The most commonly distributed families of malicious programs delivered by a new threat include Redline, Raccoon, Vidar and Agent Tesla.

    Checkpoint researchers predict the further development of dotRunpeX, including the addition of new functions, support for a larger number of malicious programs for implementation in the target system, as well as improved algorithms for detection.

    Author DeepWeb
    Chinese RedGolf hackers use KeyPlug backdoor in their latest attacks
    MageCart hackers inject skimmers into payment processing modules of WordPress online stores

    Comments 0

    Add comment