OSX/NetWrdRC-A is a remote access and data stealing tool.
When run, OSX/NetWrdRC-A enables remote access to the system. OSX/NetWrdRC-A can monitor running processes, send shell commands, take screenshots, download and run files and identify frontmost window titles.
OSX/NetWrdRC-A provides functionality to harvest stored and encrypted usernames and passwords from Opera, Firefox, SeaMonkey and Thunderbird browsers and mail clients.
When run, OSX/NetWrdRC-A installs an application bundle at ~/WIFIADAPT.app.app and launches it. This process then creates and opens an empty file at /tmp/.lbOOjfsO
OSX/NetWrdRC-A also creates a login item for the current user, but the entry opens ~/ (the user's home directory) instead of ~/WIFIADAPT.app.app
Finally, OSX/NetWrdRC-A attempts to connect to a dedicated server in the Netherlands on port 4141 and listen for instructions from the remote server.
Examples of OSX/NetWrdRC-A include:
Example 1
File Information
- Size
- 77K
- SHA-1
- 1f0a890b3ac0daf93e6de8f7e93559355780ba84
- MD5
- 50d4f0da2e38874e417bd13b59f4c067
- CRC-32
- b23ccfd3
- File type
- Unspecified binary - probably data
- First seen
- 2012-11-03
Example 2
File Information
- Size
- 77K
- SHA-1
- 311029c907a137f045478b8b80cc10a13b6905c7
- MD5
- a91012e1727cbd7db9a5dce65b4859c9
- CRC-32
- 68f5d25e
- File type
- Unspecified binary - probably data
- First seen
- 2013-01-20
Example 3
File Information
- Size
- 77K
- SHA-1
- 56abae0864220fc56ede6a121fde676b5c22e2e9
- MD5
- 3db8c530f18fa27440e7e960f582f193
- CRC-32
- 91f4cab1
- File type
- Unspecified binary - probably data
- First seen
- 2012-12-26