Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts
Common Information
| Type | Value |
|---|---|
| UUID | 105773d6-d228-417b-8a48-cd2e6ae7f6f3 |
| Fingerprint | 54afbcf38c9094591d8fcf43a3f0636e609e2ee1403395afd3efba974369b861 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 22, 2019, 5:01 p.m. |
| Added to db | April 14, 2024, 9:43 a.m. |
| Last updated | Aug. 31, 2024, 7:01 a.m. |
| Headline | Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts |
| Title | Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts |
| Detected Hints/Tags/Attributes | 21/1/135 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | trojan.ps1.msaiha.sm |
|
| Details | Domain | 1 | aaaaaxxmonnmx.zip |
|
| Details | Domain | 1 | alpdtqrnmppz9.zip |
|
| Details | Domain | 1 | kj8hfswn.zip |
|
| Details | Domain | 1 | alcoolismo.com.br |
|
| Details | Domain | 1 | smcvxxmomx.zip |
|
| Details | Domain | 1 | barbosaoextra.com.br |
|
| Details | Domain | 1 | beppo.com.br |
|
| Details | Domain | 1 | capitalefigenia.com.br |
|
| Details | Domain | 1 | capitaltotal.com.br |
|
| Details | Domain | 1 | casanov309.online |
|
| Details | Domain | 1 | kjhgdrftejk.zip |
|
| Details | Domain | 1 | cumpy7.zip |
|
| Details | Domain | 1 | gtflux.zip |
|
| Details | Domain | 1 | clinicasaoangelo.com.br |
|
| Details | Domain | 1 | mlpxtsmcvxxmomx.zip |
|
| Details | Domain | 1 | cntusestudos.site |
|
| Details | Domain | 1 | xmaoim2m.zip |
|
| Details | Domain | 1 | sewdeaq.zip |
|
| Details | Domain | 1 | www.cupom100.kinghost.net |
|
| Details | Domain | 1 | dyar.com.br |
|
| Details | Domain | 1 | focustributos.com.br |
|
| Details | Domain | 1 | mxwjmibnrknx.zip |
|
| Details | Domain | 1 | hnhu.gob.pe |
|
| Details | Domain | 1 | 5s6pa4ljc.zip |
|
| Details | Domain | 1 | ilfratello.com.br |
|
| Details | Domain | 1 | joaovicente.com.br |
|
| Details | Domain | 1 | krika.com.br |
|
| Details | Domain | 1 | xzolxmjlumody.zip |
|
| Details | Domain | 1 | macil.com.br |
|
| Details | Domain | 1 | menegatti.net.br |
|
| Details | Domain | 1 | nhh5uz.zip |
|
| Details | Domain | 1 | mktcomunicacao.com.br |
|
| Details | Domain | 1 | mudeagora.com.br |
|
| Details | Domain | 1 | nevesai.com.br |
|
| Details | Domain | 2 | s3.eu-west-2.amazonaws.com |
|
| Details | Domain | 2 | modpumms2003.zip |
|
| Details | Domain | 2 | s3.eu-west-3.amazonaws.com |
|
| Details | Domain | 2 | modpmabrilzada.zip |
|
| Details | Domain | 2 | mod1803xrd.zip |
|
| Details | Domain | 13 | s3-eu-west-1.amazonaws.com |
|
| Details | Domain | 7 | s3-us-west-2.amazonaws.com |
|
| Details | Domain | 1 | abrilmodpum.zip |
|
| Details | Domain | 1 | abrilmodxr.zip |
|
| Details | Domain | 1 | image2.pn |
|
| Details | Domain | 1 | sertaomax003.kinghost.net |
|
| Details | Domain | 1 | hfmacttpo.zip |
|
| Details | Domain | 1 | sistemadecontagems-com.umbler.net |
|
| Details | Domain | 1 | soot.com.br |
|
| Details | Domain | 1 | compactador.zip |
|
| Details | Domain | 1 | sppdms.com.br |
|
| Details | Domain | 1 | topgretr.com.br |
|
| Details | Domain | 1 | tupiratinsnaweb.com.br |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | File | 52 | trojan.js |
|
| Details | File | 38 | trojan.ps1 |
|
| Details | File | 20 | trojan.vbs |
|
| Details | IPv4 | 1 | 3.91.64.111 |
|
| Details | IPv4 | 1 | 35.247.253.135 |
|
| Details | IPv4 | 1 | 45.77.17.129 |
|
| Details | IPv4 | 1 | 149.56.244.167 |
|
| Details | IPv4 | 1 | 149.56.180.167 |
|
| Details | IPv4 | 1 | 177.153.227.196 |
|
| Details | IPv4 | 1 | 191.252.109.43 |
|
| Details | Url | 1 | http://3.91.64.111/index.php |
|
| Details | Url | 1 | http://35.247.253.135/initld.php |
|
| Details | Url | 1 | http://45.77.17.129/coringa/fsdgtrgerhet.php |
|
| Details | Url | 1 | http://149.56.244.167 |
|
| Details | Url | 1 | http://149.56.180.167/cont1 |
|
| Details | Url | 1 | http://177.153.227.196/~mudeagoracom/atualizacao/xxxx/aaaaaxxmonnmx.zip |
|
| Details | Url | 1 | http://177.153.227.196/~capitalefigeniac/eletros/xxx/alpdtqrnmppz9.zip |
|
| Details | Url | 1 | http://177.153.227.196 |
|
| Details | Url | 1 | http://177.153.227.196/~mhphostcom/team/best/kj8hfswn.zip |
|
| Details | Url | 1 | http://191.252.109.43/initld.php |
|
| Details | Url | 1 | http://alcoolismo.com.br/smcvxxmomx.zip |
|
| Details | Url | 1 | http://barbosaoextra.com.br/fonts/initld.php |
|
| Details | Url | 1 | http://barbosaoextra.com.br/dados/noticia/7/imagem/initld.php |
|
| Details | Url | 1 | http://beppo.com.br/yaya |
|
| Details | Url | 1 | http://capitalefigenia.com.br/nuvens/aaaaaxxmonnmx.zip |
|
| Details | Url | 1 | https://capitaltotal.com.br/vestiarios/modelos |
|
| Details | Url | 1 | https://casanov309.online/jurtfgd/kjhgdrftejk.zip |
|
| Details | Url | 1 | https://casanov309.online/mod9087/cumpy7.zip |
|
| Details | Url | 1 | https://casanov309.online/yainc/gtflux.zip |
|
| Details | Url | 1 | http://clinicasaoangelo.com.br/atualizacao/mlpxtsmcvxxmomx.zip |
|
| Details | Url | 1 | https://cntusestudos.site/bargihudon/xmaoim2m.zip |
|
| Details | Url | 1 | https://cntusestudos.site/ariegua/sewdeaq.zip |
|
| Details | Url | 1 | https://coringa.painelcoringav5.site/mortolino/gerador/load/msi/idfasnfhsaifudhasfklasfjaksljkgjlk |
|
| Details | Url | 1 | http://www.cupom100.kinghost.net/semestre/initld.php |
|
| Details | Url | 1 | http://dyar.com.br/rpm |
|
| Details | Url | 1 | http://focustributos.com.br/mxwjmibnrknx.zip |
|
| Details | Url | 1 | http://hnhu.gob.pe/portal/documentos/wp-content/plugins/hello_dolly/5s6pa4ljc.zip |
|
| Details | Url | 1 | http://ilfratello.com.br/rdr/mlpxtsmcvxxmomx.zip |
|
| Details | Url | 1 | http://joaovicente.com.br/pnl |
|
| Details | Url | 1 | http://krika.com.br/lpot/xzolxmjlumody.zip |
|
| Details | Url | 1 | http://krika.com.br/pnl |
|
| Details | Url | 1 | http://krika.com.br/lpot |
|
| Details | Url | 1 | http://macil.com.br/mlpxtsmcvxxmomx.zip |
|
| Details | Url | 1 | http://menegatti.net.br/nhh5uz.zip |
|
| Details | Url | 1 | http://mktcomunicacao.com.br/cn |
|
| Details | Url | 1 | http://mudeagora.com.br/atualizacao/xxx/smcvxxmomx.zip |
|
| Details | Url | 1 | http://nevesai.com.br/cnt |
|
| Details | Url | 2 | https://s3.eu-west-2.amazonaws.com/stocksoftbr/modpumms2003.zip |
|
| Details | Url | 2 | https://s3.eu-west-3.amazonaws.com/abrilgeralll/modpmabrilzada.zip |
|
| Details | Url | 2 | https://s3.eu-west-2.amazonaws.com/stocksoftbr/mod1803xrd.zip |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/mortobas/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/frezzado/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/zebriudo/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/caddeeaotk/image2.png |
|
| Details | Url | 1 | https://s3-us-west-2.amazonaws.com/stacklayer/abrilmodpum.zip |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/coringaudo/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/cadiadorls/image2.png |
|
| Details | Url | 1 | https://s3-us-west-2.amazonaws.com/stacklayer/abrilmodxr.zip |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/robootiza/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/gjueuirzebrakkjsda/image2.pn |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/hkjtrobotsjd/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/riejardalkj/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/lkjrcadeadfikjg/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/gsdjrmortosdfa/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/cofge5hrtyheujhsgrfdsg/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/zebthdergeh54eghe5rye5hr56/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/cagf4yh5rtjyek796l78jrhrdhg65e/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/jarhfgjr56t5ghrtdfggherhjd/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/robtjkl86ol6i7rhtdsvfsfegd/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/mou56ytsdgsgbdt6jdfg/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/jtruy56ygdfx/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/bdthertyhed6/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/fgdh65yeghfg/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/hr6tur5ysdgh/image2.png |
|
| Details | Url | 1 | https://s3-eu-west-1.amazonaws.com/gsdgrjtyityh/image2.png |
|
| Details | Url | 1 | http://sertaomax003.kinghost.net/yak1009/hfmacttpo.zip |
|
| Details | Url | 1 | https://sistemadecontagems-com.umbler.net/nova |
|
| Details | Url | 1 | http://soot.com.br/compactador.zip |
|
| Details | Url | 1 | http://sppdms.com.br/mrw/procedimento/investigatorio/intimacao/compactador.zip |
|
| Details | Url | 1 | http://topgretr.com.br/initld.php |
|
| Details | Url | 1 | http://tupiratinsnaweb.com.br/comeco2123/compactador.zip |