Author Topic: Is this remote access trojan detected?  (Read 367 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33519
  • malware fighter
Is this remote access trojan detected?
« on: August 06, 2022, 10:20:18 PM »
See: https://urlhaus.abuse.ch/url/2267409/
The malware detected is being detected as njRAT

For detection see: https://www.virustotal.com/gui/url/6d2faa8f8472d39ef168e3233569ed42a6cd484592c914cb378a461d36c4b4d2/details

Among those that do not detect is sucuri's: https://sitecheck.sucuri.net/results/https/wtools.io/paste-code/bDTb

Medium risk and cookie settings error given here:
Insecure cookie setting: missing Secure flag
Confirmed
Collapse panel
URL
htxps://wtools.io/paste-code/bDTb
COOKIE NAME
_csrf-frontend
EVIDENCE
Set-Cookie: _csrf-frontend=e70a5dbbfd9a3d849f9648a72832a3118dbf6dee1beab39ba63bb3ca3a31108ea%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22ZoWKzryhVZ1q3TZMMe5ZXaFOwb3mNar6%22%3B%7D; path=/; samesite=Lax

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!