Autocrat 1.26.59
Copyright © MegaSecurity
Informations
| Family | Autocrat |
| Category | Remote Access |
| Version | Autocrat 1.26.59 |
| Language | Visual Basic, compressed with PECompact |
Additional Information
Server:
dropped files:
C:\WINDOWS\SYSTEM\SRVSUPP.EXE
C:\WINDOWS\SYSTEM\wupdmgr32.exe
size 102.912 bytes
port: 8535, 8536 TCP
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Service Support"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Microsoft Windows Update Service"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Service Support"
HKCR\batfile\shell\open\command "(Default)"
HKCR\comfile\shell\open\command "(Default)"
HKCR\exefile\shell\open\command "(Default)"
HKCR\scrfile\shell\open\command "(Default)"
added:
registry:
HKLM\System\CurrentControlSet\Services\MSUpdate\Enum
files:
c:\WINDOWS\vbevents.log
c:\WINDOWS\SYSTEM\autocrat_log.log
c:\WINDOWS\SYSTEM\wsock32l.dll
c:\WINDOWS\SYSTEM\wsock32p.dll
c:\WINDOWS\SYSTEM\wsock32s.dllIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.