Search
Keyword: URL
downloaded file using the following file name: /tmp/sh However, the URL is already inaccessible during analysis. It performs self cleanup by deleting the following files: /tmp/.a /tmp/.b.c /tmp/.c /tmp/.d
by a user while visiting malicious websites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}.{BLOCKED
website and run when a user accesses the said website. Download Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
retrieves the game session ticket by getting the value of "-t" argument from running RobloxPlayerBeta.exe process. It uses Discord Webhook URL to send the Roblox Cookie as an automated message to its Discord
file://{BLOCKED}.{BLOCKED}.150.66/icon.png It also connects to the following URL to download file: http://{BLOCKED}.{BLOCKED}.116.217/images/logo/info_zKfSmJ+voZNLPQjPedpd2G7aRb9tf+gPVKNRffjd+XE=.png
checks the MAC address of the computer and generates an MD5 hash of it then compares it to a list. if found on the list, the malware downloads from the URL https://{BLOCKED}tfix.com/logo2.jpg?{MD5hash}. if
information-stealing capability. Other Details This Trojan does the following: It connects to the following URL upon execution: https://bit.ly/{BLOCKED}H which redirects to http://vip.{BLOCKED}heet.com:8080/open?id
Profile%\Pictures Internet login credentials such as Google Chrome It connects to the following URL to obtain the control server information from Pastebin: https://pastebin.com/raw/{BLOCKED}J
connects to the following URL to receive data using HTTP GET: http://sl.{BLOCKED}r.org/cj/?msg NOTES: However, as of this writing, the said sites are inaccessible. This malware arrives to the system as an
Displays a window when executed: Reads data from config file for the URL and Filename to be used in its download routine Trojan.Win32.Badur.htyo (Baidu-International), Trojan.Badur! (Agnitum),
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" This report is generated via an automated analysis system. PWS:Win32/Magania.BQ (Microsoft); PWS-Gamania.gen.e (McAfee); Trojan.Gen
Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the