Ad blocker with miner included
Tags
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID 1c2aae24-bd77-47b9-9054-96f8e1f5ddb6
Fingerprint 97a5213985a5a6db
Analysis status DONE
Considered CTI value 2
Text language
Published March 10, 2021, 10 a.m.
Added to db Feb. 18, 2023, 12:29 a.m.
Last updated Nov. 16, 2024, 6:24 a.m.
Headline Ad blocker with miner included
Title Ad blocker with miner included
Detected Hints/Tags/Attributes 32/1/25
Source URLs
Redirection Url
Details Source https://securelist.com/ad-blocker-with-miner-included/101105/
URL Provider
Details Provider Source level domain
Details securelist.com securelist.com
Attributes
Details Type #Events CTI Value
Details File 2 
flock.exe
Details File 2 
lic.dat
Details File 2 
bxsdk64.dll
Details File 22 
find.exe
Details File 1 
c:\windows\system32\find.exe
Details File 1 
qtwinextras.dll
Details md5 1 
5aa0cda743e5fbd1d0315b686e5e6024
Details md5 1 
81BC965E07A0D6C9E3EB0124CDF97AA2
Details md5 1 
ac9e74ef5ccab1d5c2bdd9c74bb798cc
Details md5 1 
9E989EF2A8D4BC5BA1421143AAD59A47
Details md5 1 
2156F6E4DF941600FE3F44D07109354E
Details IPv4 1 
142.4.214.15
Details IPv4 1 
185.201.47.42
Details IPv4 1 
176.31.103.74
Details IPv4 1 
37.59.58.122
Details IPv4 1 
185.192.111.210
Details Domain 1 
adshield.pro
Details Domain 17 
malwarebytes.com
Details Domain 1 
transmissionbt.org
Details Domain 4 
transmissionbt.com
Details Domain 1 
lic.data
Details Domain 2 
netshieldkit.com
Details Domain 1 
opendns.info
Details File 175 
update.exe
Details File 52 
updater.exe