[t4L]

Hi,

I'm looking this specific dropper:

1. DarkHotel rootkit dropper.
2. Hash: 77669d11c3248a6553d3c15cd1d8a60e. Other name: csmrs.exe
3. Size: 478.8kb
4. Contains this string: "d:\KerKey\KerKey(일반)\KerKey\release\KerKey.pdb"
5. It is a rootkit dropper which belongs to DarkHotel campaign described by Kaspersky.
6. Drop a driver named ndiskpro.sys md5: 86b18e99072ba72d5d36bce9a00fc052
Thanks,

[malwarelabs]

ndiskpro.sys - 86b18e99072ba72d5d36bce9a00fc052 attached

[t4L]

Thanks a lot @malwarelabs, but I have already gathered that sample :D

[R136a1]

What's the story behind this specific sample? In the last few days, I have seen three people from three different sources asked for this sample...

[t4L]

Nothing specific. It's just a dropper.

[Blaze]

Attached.

[t4L]

Thanks a lot @Blaze :D