UNKNOWN
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 6591b4a3-920b-4c74-86ff-20eae02f0e3c |
| Fingerprint | 79cb7d1927838c6a |
| Analysis status | IN_PROGRESS |
| Considered CTI value | 0 |
| Text language | |
| Published | None |
| Added to db | Dec. 19, 2024, 4:49 p.m. |
| Last updated | Dec. 21, 2024, 3:06 a.m. |
| Headline | UNKNOWN |
| Title | UNKNOWN |
| Detected Hints/Tags/Attributes | 6/0/96 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.secrss.com/articles/54776 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | frp.freefrp.net |
|
| Details | Domain | 1 | info.0a305ffb2a1d41f6870eac02f9afce89.xyz |
|
| Details | Domain | 5 | datacache.cloudservicesdevc.tk |
|
| Details | Domain | 2 | imgcache.cloudservicesdevc.tk |
|
| Details | Domain | 2 | nbs2012.novadector.xyz |
|
| Details | Domain | 2 | luthj.sbs |
|
| Details | Domain | 1 | swqe.sbs |
|
| Details | Domain | 1 | ajvloi.com |
|
| Details | Domain | 1 | mrty.sbs |
|
| Details | Domain | 1 | iyhf.sbs |
|
| Details | Domain | 1 | bhre.sbs |
|
| Details | Domain | 1 | klianvpn.xyz |
|
| Details | Domain | 1 | www.cuoso.vip |
|
| Details | Domain | 6752 | 163.com |
|
| Details | File | 1 | 你看看.zip |
|
| Details | File | 1 | 交易对接总额详细报表.rar |
|
| Details | File | 1 | usdt回款清单.exe |
|
| Details | File | 1 | 2023年国务院税务总局最新政策计划.zip |
|
| Details | File | 1 | 下发明细.exe |
|
| Details | File | 1 | 出入款对接报表.rar |
|
| Details | File | 1 | 官方中文语言包.exe |
|
| Details | File | 1 | letsvpn-latest最新vpn客户端电脑版.zip |
|
| Details | File | 1 | 点击安装简体中文语言包.exe |
|
| Details | File | 1 | telegram_zh_cn.rar |
|
| Details | File | 169 | 1.exe |
|
| Details | File | 1 | tu_rt.exe |
|
| Details | File | 1 | 读取下载的setting.ini |
|
| Details | File | 1 | 恶意程序解码出指令将下载的两个载荷文件合并为tasloginbase.dll |
|
| Details | File | 2 | taslogin.exe |
|
| Details | File | 1 | 执行tasloginbase.dll |
|
| Details | File | 1 | 并执行25638.exe |
|
| Details | File | 3 | setting.ini |
|
| Details | File | 1 | %programfiles(x86)%\\25638\\25638.exe |
|
| Details | File | 1 | %programfiles(x86)%\\25638\\25638.dat |
|
| Details | File | 1 | _tuproj.dat |
|
| Details | File | 1 | %programfiles(x86)%\\25638\\media.xml |
|
| Details | File | 1 | %programfiles(x86)%\\svchost\\svchost.exe |
|
| Details | File | 1 | 与25638.exe |
|
| Details | File | 1 | %programfiles(x86)%\\svchost\\svchost.dat |
|
| Details | File | 1 | 与25638.dat |
|
| Details | File | 1 | %programfiles(x86)%\\svchost\\media.xml |
|
| Details | File | 1 | 用于对update.log |
|
| Details | File | 1 | %programfiles(x86)%\\svchost\\update.log |
|
| Details | File | 1 | 25638.exe |
|
| Details | File | 1 | 原名称tu_rt.exe |
|
| Details | File | 1 | 恶意shellcode执行后读取同路径中media.xml |
|
| Details | File | 1 | 25638文件夹和svchost文件夹中的media.xml |
|
| Details | File | 1 | 后者经过还原后读取同路径中的update.log |
|
| Details | File | 1 | 用于执行dllhosts.exe |
|
| Details | File | 1 | %public%\\documents\\dllhosts.exe |
|
| Details | File | 1 | %public%\\documents\\mz.txt |
|
| Details | File | 1 | 经过合并后变成恶意的tasloginbase.dll |
|
| Details | File | 1 | %public%\\documents\\tas.txt |
|
| Details | File | 1 | %public%\\documents\\update.log |
|
| Details | File | 1 | 恶意程序解码出指令将下载的mz.txt |
|
| Details | File | 1 | 和tas.txt |
|
| Details | File | 1 | 文件合并为tasloginbase.dll |
|
| Details | File | 1 | lnk快捷方式执行dllhosts.exe |
|
| Details | File | 1 | 该程序的原名称为taslogin.exe |
|
| Details | File | 1 | 的方式加载同路径下恶意的tasloginbase.dll |
|
| Details | File | 1 | 读取update.log |
|
| Details | File | 1 | 读取setting.ini |
|
| Details | File | 20 | home.html |
|
| Details | md5 | 1 | 0a305ffb2a1d41f6870eac02f9afce89 |
|
| Details | md5 | 1 | FAC6A0419C8288B58B1EDB0BF6E017B8 |
|
| Details | md5 | 1 | 9DBE476CAFD45CC08AE2B1E6E5ED1739 |
|
| Details | md5 | 1 | 9050AC019B4C8DDDBC5E250BB87CF9F2 |
|
| Details | md5 | 1 | 4AE5E8BDD68861DF10F01FE268859588 |
|
| Details | md5 | 1 | 3668799602E1E5B94BF893141B4B76E6 |
|
| Details | md5 | 1 | AABD7D9DE6C3C6FC4F639B8D664AE87C |
|
| Details | md5 | 1 | 8C4862A32095D0B71FCF8FB0B244161A |
|
| Details | md5 | 1 | E22B83F968D67EC368D899246FF8CAB7 |
|
| Details | md5 | 1 | 66557B2BD93E70A2804E983B279AB473 |
|
| Details | md5 | 1 | AC6AD5D9B99757C3A878F2D275ACE198 |
|
| Details | md5 | 1 | B1B63759909A89F90F736CB35F188747 |
|
| Details | md5 | 1 | EFBB79C0088E0F0E41D42BECBCF2CA87 |
|
| Details | md5 | 1 | 8305B3AAA33FB9CA2E07E165B2030A33 |
|
| Details | IPv4 | 2 | 61.160.221.100 |
|
| Details | IPv4 | 2 | 154.13.6.172 |
|
| Details | IPv4 | 3 | 43.154.83.246 |
|
| Details | IPv4 | 2 | 123.99.198.123 |
|
| Details | IPv4 | 2 | 154.39.239.48 |
|
| Details | IPv4 | 4 | 45.204.2.166 |
|
| Details | Url | 1 | http://frp.freefrp.net/images |
|
| Details | Url | 1 | http://info.0a305ffb2a1d41f6870eac02f9afce89.xyz/images |
|
| Details | Url | 1 | http://datacache.cloudservicesdevc.tk/picturess/2023 |
|
| Details | Url | 1 | http://imgcache.cloudservicesdevc.tk/picturess/2023 |
|
| Details | Url | 1 | http://nbs2012.novadector.xyz/picturess/2023 |
|
| Details | Url | 1 | http://luthj.sbs/home.html |
|
| Details | Url | 1 | http://swqe.sbs/home.html |
|
| Details | Url | 1 | http://ajvloi.com/home.html |
|
| Details | Url | 1 | http://mrty.sbs/home.html |
|
| Details | Url | 1 | http://iyhf.sbs/home.html |
|
| Details | Url | 1 | http://bhre.sbs/home.html |
|
| Details | Url | 1 | https://klianvpn.xyz |
|
| Details | Url | 1 | http://www.cuoso.vip |