Lomdoor-DD
Copyright © MegaSecurity
By Destructive Labs.
Informations
| From | Russia |
| Author | Destructive Labs. |
| Family | Lomdoor-DD |
| Category | Remote Access |
| Version | Lomdoor-DD |
| Language | Delphi, compressed with ASPack |
Additional Information
Dropped files:
c:\WINDOWS\syswin.exe
size: 191.186 bytes
c:\WINDOWS\winoldap.exe
size: 224.982 bytes
c:\WINDOWS\SYSTEM\gdi32.exe
size: 301.249 bytes
c:\WINDOWS\SYSTEM\rundll.exe
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "(Default)"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "(Default)"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "(Default)"
c:\windows\win.ini, [windows] "run"If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.