Crackonosh: A New Malware Distributed in Cracked Software
In this posting they analyze Crackonosh. They look first at how Crackonosh is installed. In their analysis they found that it drops three key files winrmsrv.exe, winscomrssrv.dll and winlogui.exe which are analyze. they also include information on the steps it takes to disable Windows Defender and Windows Update as well as anti-detection and anti-forensics actions. They include information on how to remove Crackonosh. And, they include indicators of compromised systems for Crackonosh.
