Final1stspy

Final1stspy is a previously unreported malware family that has been discovered and named based on a pdb string found in the malware. This harmful software, designed to exploit and damage computer systems, is closely related to the NOKKI and DOGCALL malware families, used as a deployment mechanism for the latter. The malware operates through an executable file and a DLL, initiating its process by searching for a specific file. Once inside a system, it can disrupt operations, steal personal information, or even hold data hostage. The modus operandi of Final1stspy involves reading in a %APPDATA%/Microsoft/olevnc.ini file containing various variables such as user-agent, URL, port, and interval counts. It continues its operation by reading and parsing a previously written mib.dat file. Furthermore, it was observed making HTTP requests, indicating its active communication with external servers. The malware's activities can be tracked via the KONNI, NOKKI, Final1stspy, DOGCALL, and Reaper tags on AutoFocus. In conclusion, Final1stspy is a new addition to the growing list of malicious software threats. Its association with the known NOKKI and DOGCALL malware families signifies a complex network of interconnected threats. Users are advised to exercise caution when downloading files or visiting websites to avoid unknowingly installing such malware. Monitoring platforms like AutoFocus provide valuable resources in tracking these threats and understanding their behaviors.