Skip to main content



THREAT: Russian ManStealer Warrior

Introduction I would like to tell you about an interesting malware vendor and malware processes that I have been working on for months. At first sight he saw it differently from any other stealer I have come across. However, as they progressed, I realized that my mind had changed. I want to share them with you. In malware, I was expecting management via a panel ( C2 ) as usual from the Russian stealer vendor. But I saw the vendor generate these from a client application. Let's start looking at the vendor and malware right away... The malware is first time on this forum " hxxps://skynetzone[.net/threads/manhvnc-hvnc-stealer-and-loader-native[.24580/ "  The seller then continued to offer it for sale in different forums at indefinite intervals. First Date October 6, 2020 When I first saw the malware, it was obvious that it was a normal RAT (Remote Administration Tools) . By entering the specified group mostly via telegram . We can see that this group is closed to regular us

Latest posts

Sodinokibi Analysis Process

THREAT: Russian Fox Stealer

Riskli API Çağrılarını Engelleyerek Kötü Amaçlı Makroları Engelleme