Grinju Downloader: Anti-analysis (on steroids) | Part 2
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Software - T1592.002 Rundll32 - T1085 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID c32f203e-667e-4b72-bca9-7118ca2dee92
Fingerprint 3c341b17657d02cd
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 6, 2020, 12:09 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Grinju Downloader: Anti-analysis (on steroids) | Part 2
Title Grinju Downloader: Anti-analysis (on steroids) | Part 2
Detected Hints/Tags/Attributes 28/2/25
Source URLs
Redirection Url
Details Source https://medium.com/@vishal_thakur/grinju-downloader-anti-analysis-on-steroids-part-2-8d76f427c0ce
URL Provider
Details Provider Source level domain
Details medium.com medium.com
Attributes
Details Type #Events CTI Value
Details Domain 96 
malpedia.caad.fkie.fraunhofer.de
Details Domain 372 
wscript.shell
Details Domain 1 
channelmelabd.com
Details Domain 1 
ezy.id
Details Domain 1 
ksuengineering.com
Details Domain 1 
laserdoctor.com.br
Details Domain 1 
yp9.open
Details Domain 74 
adodb.stream
Details Domain 1 
t1aeo.open
Details File 2 
app.max
Details File 1 
nvf.vbs
Details File 1 
fp70.txt
Details File 1 
wjfcrjhw.reg
Details File 1260 
explorer.exe
Details File 1 
wp-keys.php
Details File 1 
c:\users\ragnar lothbrok\appdata\local\temp\zsqrgsu.html
Details File 1 
zsqrgsu.html
Details File 1018 
rundll32.exe
Details File 1 
tymg.doc
Details Url 2 
https://malpedia.caad.fkie.fraunhofer.de/details/vbs.grinju
Details Url 1 
https://channelmelabd.com/wp-keys.php
Details Url 1 
https://ezy.id/wp-keys.php
Details Url 1 
https://ksuengineering.com/wp-keys.php
Details Url 1 
https://laserdoctor.com.br/wp-keys.php
Details Windows Registry Key 18 
HKCU\Software\Microsoft\Office