Malware Analysis: Utntweep

MD5 hash: 5b53eab7edc13c1db7c066d96b64ddc6
Virus Total Link: https://www.virustotal.com/gui/file/226962a910ce28aca0c4b8f3f9275254d7b2057aa17bfab0c67b8aa93417d29a/details

Intro:

Analysis:

Sourcejob.dat, Feelcat.ini, Tupix.ini
Start of Malware Code
Continuation of code for explorer.exe
svchost.exe string, if compare successful malware continues
Delete feelcat.ini after process complete
Decrypted Strings via OlyDbg

Conclusion:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ben Lee

I focus on Malware, RE, DFIR. This blog is used to improve my understanding of these concepts and show my progress.