The Internet Storm Center shares excellent analysis of Vimditator Trojan that poses as 1 year free subscription of ESET’s NOD32 Anti-virus.  The actual malware downloaded is a Swiss army knife of tools including password brute force crackers & mining tools that can create compromise user safety.

I have not seen much Fake AntiVirus lately.  But this weekend, I received a few identical spam messages with slightly different subjects advertising that I had won a licensed copy of ESET’s NOD32 Anti Virus. Many anti-malware products are offering free or highly discounted initial licenses to lure buyers, so this email may seem legitimate to some, even though it wasn’t done terribly convincing (I am using a script to defang HTML in all email I receive which may account for some of the formatting issues):

The executables in this folder are triggering various malware signatures. Other files appear to include simple password brute force utilities supporting the guess that this drive was compromised using a simple password.  The first directory contains a number of password protected zip files with various tools (based on the ZIP file listing) including openvpn configuration files.  Oracle.rar includes the obligatory xmrig miner which is still part of pretty much any compromised system I am running into.