Final1stspy

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
Final1stspy is a previously unreported malware family that has been discovered and named based on a pdb string found in the malware. This harmful software, designed to exploit and damage computer systems, is closely related to the NOKKI and DOGCALL malware families, used as a deployment mechanism for the latter. The malware operates through an executable file and a DLL, initiating its process by searching for a specific file. Once inside a system, it can disrupt operations, steal personal information, or even hold data hostage. The modus operandi of Final1stspy involves reading in a %APPDATA%/Microsoft/olevnc.ini file containing various variables such as user-agent, URL, port, and interval counts. It continues its operation by reading and parsing a previously written mib.dat file. Furthermore, it was observed making HTTP requests, indicating its active communication with external servers. The malware's activities can be tracked via the KONNI, NOKKI, Final1stspy, DOGCALL, and Reaper tags on AutoFocus. In conclusion, Final1stspy is a new addition to the growing list of malicious software threats. Its association with the known NOKKI and DOGCALL malware families signifies a complex network of interconnected threats. Users are advised to exercise caution when downloading files or visiting websites to avoid unknowingly installing such malware. Monitoring platforms like AutoFocus provide valuable resources in tracking these threats and understanding their behaviors.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Final1stspy Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT