Galock

From Botnets.fr
Jump to navigation Jump to search

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Galock
Alias
Group Police lock
Parent
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target
Origin
Distribution vector RedKit
UserAgent
CCProtocol
Activity 2013-02 /
Status
Language
Programming language
Operation/Working group

Introduction

2013-03-21 Files stored in %Appdata% with UID name.

- Jpeg (generated on the fly with hardcoded data)
- exe

md5

 4b0be767a3c3adb528220756579b1086 - 8e5a21921e2ae8853143bfe84d564232 - 5a483877c0bba2bab9c4510b2c31cd3a 2013-03
 244e7918670f01901c9502b5f34a59e1 - 31b1e0ed90dfe17ec959436792c8a99c  -  928574ec069404777ad22799d0c96688 2013-03

httpget

  194.242.59.55 
  /get_image?uid=[GUID]&os=5&partner_id=11&hostname=[COMPUTERNAME]&account=[USERNAME]&language=ENU&codepage=1252
  /knock?uid=[GUID]&os=5&partner_id=11&hostname=[COMPUTERNAME]&account=[USERNAME]&language=ENU&codepage=1252

Features

Associated images

Checksums / AV databases

Publications