Posted by malvuln on May 18

Discovery / credits: Malvuln – malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/e85a1028a52fcc723353a236ada54fee_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.cy
Vulnerability: Insecure Transit
Description: The malware listens on TCP port 1111, drops an executable
named “Spoolsw.exe” under SysWOW64 that runs with SYSTEM integrity. The
malware passes logon credentials in…
Read More – Full Disclosure


By |2021-05-18T18:19:00-04:00May 18th, 2021|