Kavach Setup Download For Pc
Kandyce Harper
Pivoting further, we can see that the function prparingsiej() is parsing data from the tng() class. This class contains a single IP address (155.133.23[.]244) and three ports (3309,3310,3311) that are used by the previous function to establish and exfiltrate the kavach.db file. The IP address hard coded into the binary file is the same used to download the file from the original JScript code. It would appear that the ports are chosen at random by called functions.
Other binary files containing very similar code were also discovered being leveraged by the same group. This year alone we were able to find nine unique samples used by the threat actors this year alone. The primary function of each of the .exe files was to act as a RAT. In this particular case, mm1.exe also functions as a RAT with the added functionality of looking for the MFA db file, kavach.db on carefully selected targets. Additional binary file names and hashes are listed at the end of the article.
Overall, it is clear that this is a very targeted attack towards the Indian government. We know that the binary file mm1.exe is looking for a very particular database file (kavach.db) which means that the attacker had inside knowledge as to their intended target. Some of this knowledge includes its security controls, such as which MFA client was being used by employees.
Your safety is our utmost priority. We ensure to give you maximum coverage under the coronavirus policy. Below are the benefits that are covered under corona kavach health insurance by Care Health Insurance: -
You should buy covid kavach health insurance policy from Care Health Insurance to avoid last minute hassle of arranging funds due to covid related contingencies. Covid kavach policy comes with extensive benefits such as cashless hospitalisation, at home treatment facility, pre and post hospitalisation,etc.
df19127ead