BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • DotRunpeX is able to deliver an extensive list of malware to target computers

    The new malicious software, called “dotRunpeX”, is used to spread many famous families of malware, such as Agent Tesla, Ave Maria, Bitrat, Formbook, Lokibot, Netwire, Raccoon Stealer, Redline Stealer, Remcos, Rhadamanthys and Vidar.

    “DotRunpeX is a new injector written on .NET using Process Hollowing technology. It is used by attackers to infect targeted systems with various well-known families of harmful programs,” says the comprehensive report of CheckPoint.

    DotRunpeX samples studied by researchers are malicious in the second stage, often deployed through the bootloader, which is delivered to the victim’s computer through phishing emails in the form of malicious attachments.

    In addition, it is known that attackers use in their campaign the harmful advertising of Google ADS. Such an advertisement redirects unsuspecting users looking for popular software by the AnyDesk and LastPass type, on sites on which Trojan installers are posted.

    The Check Point analysis showed that “each sample of dotRunpeX has a built-in useful load of a certain family of malicious programs,” while a rigid list of operating system processes is spelled out in the injector, which automatically end with the activation of malicious software to avoid detection. And the latest dotRunpeX samples also use KoiVM virtualization means for these purposes.

    Checkpoint specialists also found some signs that dotRunpeX can be associated with Russian-speaking hackers. This is indicated by the presence of the Cyrillic alphabet in the drivers used.

    The most commonly distributed families of malicious programs delivered by a new threat include Redline, Raccoon, Vidar and Agent Tesla.

    Checkpoint researchers predict the further development of dotRunpeX, including the addition of new functions, support for a larger number of malicious programs for implementation in the target system, as well as improved algorithms for detection.

    Author DeepWeb
    Chinese RedGolf hackers use KeyPlug backdoor in their latest attacks
    MageCart hackers inject skimmers into payment processing modules of WordPress online stores

    Comments 0

    Add comment