Backdoor.Win32.Wollf.16 Hardcoded Password

Posted on 25 January 2021

Backdoor.Win32.Wollf.16 malware creates and runs a service named contime.exe with SYSTEM integrity and listens on port 5240. The malware uses a weak hardcoded password of 12345678 which can easily be viewed in the binary using strings utility.