Tonnerre

Description

(Check Point) The malware contains 5 Delphi forms, with each one responsible for a different capability: Form1 – Malware Installation and upgrading process. Form2 – Collects files from predefined folders – Documents, Downloads, Pictures and more. Form3 – Connects to an FTP server to exfiltrate collected data and get further commands. Form4 – Collects files from removable devices for exfiltration. Form5 – Uses the lame command line tool to record sound.

Names

Name
Tonnerre

Type

Backdoor
Info stealer
Exfiltration

Information

https://research.checkpoint.com/2021/after-lightning-comes-thunder/
https://download.bitdefender.com/resources/files/News/CaseStudies/study/393/Bitdefender-Whitepaper-Iranian-APT-Makes-a-Comeback-with-Thunder-and-Lightning-Backdoor-and-Espionage-Combo.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.tonnerre

Other Information

Uuid

bdbeb269-24c2-494e-a6c0-aba5a0cb6e59

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

Tonnerre

Tonnerre

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks