Galock
Jump to navigation
Jump to search
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Galock | |
---|---|
Alias | |
Group | Police lock |
Parent | |
Sibling | |
Family | |
Relations | Variants: Sibling of: |
Target | |
Origin | |
Distribution vector | RedKit |
UserAgent | |
CCProtocol | |
Activity | 2013-02 / |
Status | |
Language | |
Programming language | |
Operation/Working group |
Introduction
2013-03-21 Files stored in %Appdata% with UID name.
- Jpeg (generated on the fly with hardcoded data) - exe
md5
4b0be767a3c3adb528220756579b1086 - 8e5a21921e2ae8853143bfe84d564232 - 5a483877c0bba2bab9c4510b2c31cd3a 2013-03 244e7918670f01901c9502b5f34a59e1 - 31b1e0ed90dfe17ec959436792c8a99c - 928574ec069404777ad22799d0c96688 2013-03
httpget
194.242.59.55 /get_image?uid=[GUID]&os=5&partner_id=11&hostname=[COMPUTERNAME]&account=[USERNAME]&language=ENU&codepage=1252 /knock?uid=[GUID]&os=5&partner_id=11&hostname=[COMPUTERNAME]&account=[USERNAME]&language=ENU&codepage=1252