Reminder


Malware Info

Name Supreme++
Written in C++
Tags miner loader

Network Info

POST /gate/create.php
POST /gate/config.php
POST /gate/update.php
POST /v1/checkLicense.php
POST /v1/saveLicence.php
POST /v1/updateLicense.php

Files

%PROGRAMDATA%\{MACHINE_GUID}\%random%.exe

Commands

schtask /Create /SC MINUTE /MO 15 /TN "%HWID" /TR "MALWARE_PATH" /F
cmd /c taskkill /im %PAYLOAD_PROCESS% /f & erase "PAYLOAD_PATH" & exit

Yara

        rule SupremePlusPlus {
           meta:
              description = "Yara rule to detect Supreme++"
              author = "Fumik0_"
              date = "12/01/2019"

           strings:
              $mz = { 4D 5A }
              $s1 = "[Supreme Logger] Started" wide ascii
              $s2 = "&soft=supreme" wide ascii

           condition:
              $mz at 0 and all of ($s*)
        }
      

Links / Paper / Data

Rarog Fork

Samples of this malware on Haruko

One day... (before half-life 3 launch...)