小心你的加密货币,针对加密货币的窃密样本详细分析 | CTF导航
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 8e16d717-a6e9-4de1-9cf2-3538cfd2c2f5 |
| Fingerprint | 2bbf834bdb65db74 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Oct. 7, 2024, midnight |
| Added to db | Oct. 15, 2024, 4:50 a.m. |
| Last updated | Nov. 16, 2024, 11:18 a.m. |
| Headline | 小心你的加密货币,针对加密货币的窃密样本详细分析 |
| Title | 小心你的加密货币,针对加密货币的窃密样本详细分析 | CTF导航 |
| Detected Hints/Tags/Attributes | 1/0/18 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.ctfiot.com/209873.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 83 | xz.aliyun.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | File | 1 | 会下载一个压缩包文件installer.zip |
|
| Details | File | 1 | 通过loadlibrary加载dbghelp.dll |
|
| Details | File | 1 | 修改dbghelp.dll |
|
| Details | File | 1 | 将shellcode数据写入到dbghelp.dll |
|
| Details | File | 1 | 还原dbghelp.dll |
|
| Details | File | 1 | 跳转执行dbghelp.dll |
|
| Details | File | 1 | 通过loadlibrary加载pla.dll |
|
| Details | File | 3 | 修改pla.dll |
|
| Details | File | 1 | 跳转执行到pla.dll |
|
| Details | File | 4 | 启动cmd.exe |
|
| Details | File | 1 | 然后将shellcode代码注入到cmd.exe |
|
| Details | File | 1 | 注入到cmd.exe |
|
| Details | File | 1 | 将恶意代码注入到explorer.exe |
|
| Details | Url | 1 | https://xz.aliyun.com/t/15811先知社区 |
|
| Details | Url | 1 | https://xz.aliyun.com/t/15811 |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/gp3sscma87e05zx-ta_uda |