SYMBOLCOMMON_NAMEaka. SYNONYMS
win.gazavat (Back to overview)

Gazavat

Gazavat (which is often tagged as Expiro by AV vendors) is a multi-functional backdoor that has code overlaps with the POS malware DMSniff. Functionality includes:
- Loading other executables
- Load hash cracking plugin
- Load DMSniff plugin
- Perform webinjection and webfakes
- Form grabbing
- Command execution
- Download file from infected system
- Convert infection into proxy
- DDOS
- Spreading and EXE infecting

References
2023-08-30Medium walmartglobaltechJason Reaves
Gazavat / Expiro DMSniff connection and DGA analysis
DMSniff Expiro Gazavat

There is no Yara-Signature yet.