Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/5aa81ddc996be64116754efac0e4f55d_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.GateHell.21
Vulnerability: Port Bounce Scan
Description: The malware runs an FTP server on TCP ports
5301,5432,5300,5299,5298,5297,5296 and 5295. Third-party adversaries who
successfully logon can abuse the backdoor FTP server as…

Read More

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/5aa81ddc996be64116754efac0e4f55d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.GateHell.21
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP ports
5301,5432,5300,5299,5298,5297,5296 and 5295. Third-party attackers who can
reach infected systems can logon using any…

Read More

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9acdbfc9f7c1f6e589485b30aa91bfd2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.zn
Vulnerability: Insecure Credential Storage
Description: The default credentials for the backdoor are stored in
cleartext within the “Firefly.ini” file.
Family: Delf
Type: PE32
MD5: 9acdbfc9f7c1f6e589485b30aa91bfd2…

Read More

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/4b9a42ca1e65cf0a7febbe18f397ef24.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Psychward.03.a
Vulnerability: Weak Hardcoded Password
Description: The malware listens on TCP port 13013. Authentication is
required, however the password “m4sturb4t10n” is weak and hardcoded in
cleartext within the PE…

Read More

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/d9542df20f8df457747451dd9e16d1c0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.haqj
Vulnerability: Insecure Service Path
Description: The malware creates a service with an unquoted path. Third
party attackers who can place an arbitrary executable under c: drive can
potentially undermine the integrity…

Read More

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9d18d318e017b513b9c6cd193ccdc6ff.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.TScash.c
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the executable…

Read More

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9a8150938bff3a17fa0169c3dc6dae85.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Loselove
Vulnerability: Denial of Service
Description: The malware listens on UDP ports 9329, 8329, 8322, 8131 and
8130. Attackers can send a large junk payload to UDP port 8131 causing it
to crash.
Family: Loselove
Type: PE32
MD5:…

Read More

Posted by malvuln on Apr 18

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/92f7f9495ffd56d05a5acf395c9e0097.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HackTool.Win32.Delf.vs
Vulnerability: Insecure Credential Storage
Description: The malware credentials are stored in cleartext within the
sysinfo.ini file.
Family: Delf
Type: PE32
MD5: 92f7f9495ffd56d05a5acf395c9e0097
Vuln ID: MVID-2022-0553…

Read More