BELLHOP

Description

BELLHOP is a JavaScript backdoor interpreted using the native Windows Scripting Host (WSH). After performing some basic host information gathering, the BELLHOP dropper downloads a base64-encoded blob of JavaScript to disk and sets up persistence in three ways: • Creating a Run key in the Registry • Creating a RunOnce key in the Registry • Creating a persistent named scheduled task • BELLHOP communicates using HTTP and HTTPS with primarily benign sites such as Google Docs and PasteBin.

Names

Name
BELLHOP

Type

Backdoor
Downloader

Information

https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/js.bellhop

Other Information

Uuid

d4b98d7f-6fe7-4cee-9e84-dc702c41bab5

Last Card Change

2020-05-13

Threat Intelligence Garden

Explorer

BELLHOP

BELLHOP

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks