ioc[.]one - OSINT Cyber Threat Intelligence Database

Toss a Coin to your Helper (Part 2 of 2) - Avast Threat Labs

Tags

cmtmf-attack-pattern:	Process Injection
country:	Kazakhstan Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Models Botnet - T1583.005 Botnet - T1584.005 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Process Injection - T1631 Scheduled Task - T1053.005 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 System Checks - T1633.001 System Checks - T1497.001 Tool - T1588.002 Process Injection - T1055 Scheduled Task - T1053 Screen Capture - T1113 Screen Capture

Show in Graph

Common Information

Type	Value
UUID	d0eb5408-c7af-4641-91db-bfc6f7ce875a
Fingerprint	a5241d1fad7b06d1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 1, 2021, 2:26 p.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Toss a Coin to your Helper (Part 2 of 2)
Title	Toss a Coin to your Helper (Part 2 of 2) - Avast Threat Labs
Detected Hints/Tags/Attributes	97/4/192

Source URLs

	Redirection	Url
Details	Source	https://decoded.avast.io/janrubin/toss-a-coin-to-your-helper

URL Provider

Details	Provider	Source level domain
Details	avast.io	decoded.avast.io

Attributes

Details	Type	#Events	Value
Details	Domain	6	yadi.sk
Details	Domain	15	2no.co
Details	Domain	1	2qepteituvpy42gggxxqaaeozppjagsu5xz2zdsbugt3425t2mbjvbad.onion
Details	Domain	1	jbadd74iobimuuuvsgm5xdshpzk4vxuh35egd7c3ivll3wj5lc6tjxqd.onion
Details	Domain	1	mn.pid
Details	Domain	1	gmn.pid
Details	Domain	1	windows-program.com
Details	Domain	1	softmania.net
Details	Domain	1	megaseed.kz
Details	File	16	launcher.exe
Details	File	13	start.exe
Details	File	4	asacpiex.dll
Details	File	5	cl_debug_log.txt
Details	File	18	chromesetup.exe
Details	File	31	helper.exe
Details	File	3	cr_debug_log.txt
Details	File	9	32.exe
Details	File	16	64.exe
Details	File	2	fuck.exe
Details	File	1	helperr.exe
Details	File	1122	svchost.exe
Details	File	46	system.exe
Details	File	8	system32.exe
Details	File	1	dj.exe
Details	File	1	workerb.exe
Details	File	1	%windir%\system32\attrib.exe
Details	File	7	libcrypto-1_1-x64.dll
Details	File	1	libevent-2-1-7.dll
Details	File	1	libevent_core-2-1-7.dll
Details	File	1	libevent_extra-2-1-7.dll
Details	File	2	libgcc_s_seh-1.dll
Details	File	5	libssl-1_1-x64.dll
Details	File	7	libssp-0.dll
Details	File	4	libwinpthread-1.dll
Details	File	33	tor.exe
Details	File	16	zlib1.dll
Details	File	2	upd.txt
Details	File	2	64.txt
Details	File	2	32.txt
Details	File	2	amd.txt
Details	File	1	nvidia.txt
Details	File	1	sysbackup.txt
Details	File	1	sysbackupa.txt
Details	File	1	sysbackupn.txt
Details	File	1	xmrig-cuda.dll
Details	File	4	aida64.exe
Details	File	4	anvir.exe
Details	File	4	anvir64.exe
Details	File	3	gpu-z.exe
Details	File	3	hwinfo32.exe
Details	File	3	hwinfo64.exe
Details	File	3	i7realtempgt.exe
Details	File	3	openhardwaremonitor.exe
Details	File	11	pchunter64.exe
Details	File	18	perfmon.exe
Details	File	56	processhacker.exe
Details	File	4	processlasso.exe
Details	File	64	procexp.exe
Details	File	40	procexp64.exe
Details	File	3	realtemp.exe
Details	File	3	realtempgt.exe
Details	File	3	speedfan.exe
Details	File	5	systemexplorer.exe
Details	File	117	taskmgr.exe
Details	File	4	virustotalupload2.exe
Details	File	1	windows_11_client_consumer_x64fre_en-us.iso
Details	File	208	setup.exe
Details	File	41	avastui.exe
Details	File	41	avastsvc.exe
Details	File	36	egui.exe
Details	File	53	ekrn.exe
Details	File	119	avp.exe
Details	File	27	avpui.exe
Details	File	3	avguix.exe
Details	File	27	avgui.exe
Details	File	23	dwengine.exe
Details	File	5	adawaretray.exe
Details	File	3	adawaredesktop.exe
Details	File	1	secureaplus.exe
Details	File	1	secureaplusui.exe
Details	File	1	arcabit.exe
Details	File	1	arcamenu.exe
Details	File	2	seccenter.exe
Details	File	42	bdagent.exe
Details	File	4	bdwtxag.exe
Details	File	1	agentcontroller.exe
Details	File	9	onlinent.exe
Details	File	9	scanner.exe
Details	File	11	cis.exe
Details	File	12	vkise.exe
Details	File	2	cybereasonransomfree.exe
Details	File	8	a2guard.exe
Details	File	8	a2start.exe
Details	File	4	escanmon.exe
Details	File	4	trayicos.exe
Details	File	3	escanpro.exe
Details	File	5	fprottray.exe
Details	File	4	fpwin.exe
Details	File	8	avktray.exe
Details	File	3	gdkbfltexe32.exe
Details	File	3	gdsc.exe
Details	File	4	guardxkickoff.exe
Details	File	3	virusutilities.exe
Details	File	8	k7tsecurity.exe
Details	File	4	k7tsmain.exe
Details	File	1	k7talert.exe
Details	File	4	gadget.exe
Details	File	1	maxprocscn.exe
Details	File	1	maxsdtray.exe
Details	File	1	maxsdui.exe
Details	File	1	maxusbproc.exe
Details	File	1	mcdireg.exe
Details	File	3	mcpvtray.exe
Details	File	5	mcuicnt.exe
Details	File	1	mpfalert.exe
Details	File	1	modulecoreservice.exe
Details	File	1	uihost.exe
Details	File	1	delegate.exe
Details	File	24	msseces.exe
Details	File	1	psuaconsole.exe
Details	File	3	psuamain.exe
Details	File	3	ptsessionagent.exe
Details	File	6	uiseagnt.exe
Details	File	3	uiwinmgr.exe
Details	File	1	housecalllauncher.exe
Details	File	1	housecall.bin
Details	File	1	housecallx.exe
Details	File	5	sbamtray.exe
Details	File	3	vipreui.exe
Details	File	20	wrsa.exe
Details	File	3	zatray.exe
Details	File	3	asdcli.exe
Details	File	1	asdup.exe
Details	File	1	mudate.exe
Details	File	1	v3upui.exe
Details	File	1	v3ui.exe
Details	File	14	avgnt.exe
Details	File	11	avira.sys
Details	File	11	tray.exe
Details	File	10	ngen.exe
Details	File	5	notifier.exe
Details	File	269	msiexec.exe
Details	File	1	bkavhome.exe
Details	File	4	bka.exe
Details	File	2	bkavsystemserver.exe
Details	File	3	blupro.exe
Details	File	12	fshoster32.exe
Details	File	1	kvprescan.exe
Details	File	2	kislive.exe
Details	File	14	kxetray.exe
Details	File	4	nanoav.exe
Details	File	1	efutil.exe
Details	File	1	desktopplus.exe
Details	File	1	popwndlog.exe
Details	File	1	promoutil.exe
Details	File	3	qhsafemain.exe
Details	File	6	qhsafetray.exe
Details	File	2	softmgrlite.exe
Details	File	1	popwndexe.exe
Details	File	1	rsmain.exe
Details	File	11	rstray.exe
Details	File	9	superantispyware.exe
Details	File	20	qqpctray.exe
Details	File	1	qqpcupdateavlib.exe
Details	File	2	tencentdl.exe
Details	File	1	tpkupdate.exe
Details	File	1	vba32ldrgui.exe
Details	File	1	vbascheluder.exe
Details	File	1	bavpro_setup_mini_c1.exe
Details	File	1	hvrsetup.exe
Details	File	1	hvrtray.exe
Details	File	1	hvrscan.exe
Details	File	1	hvrcontain.exe
Details	File	1	zts.exe
Details	File	18	msascui.exe
Details	File	14	msascuil.exe
Details	File	15	smartscreen.exe
Details	sha256	1	c1a4565052f27a8191676afc9db9bfb79881d0a5111f75f68b35c4da5be1f385
Details	sha256	1	83a64c598d9a10f3a19eabed41e58f0be407ecbd19bb4c560796a10ec5fccdbf
Details	sha256	1	cc36bb34332e2bc505da46ca2f17206a8ae3e4f667d9bdfbc500a09e77bab09c
Details	sha256	1	ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d
Details	sha256	1	126d8e9e03d7b656290f5f1db42ee776113061dbd308db79c302bc79a5f439d3
Details	sha256	1	7a3ad620b117b53faa19f395b9532d3db239a1d6b46432033cc0ef6a8d2377cd
Details	sha256	1	7387e57e5ecfdba01f0ad25eeb49abf52fa0b1c66db0b67e382d3b9c057f51a8
Details	sha256	1	ff5aa6390ed05c887cd2db588a54e6da94351eca6f43a181f1db1f9872242868
Details	sha256	1	6753d1a408e085e4b6243bfd5e8b44685e8930a81ec27795ccd61f8d54643c4e
Details	sha256	1	93dd8ef915ca39f2a016581d36c0361958d004760a32e9ee62ff5440d1eee494
Details	IPv4	1441	127.0.0.1
Details	IPv4	1	10.1.219.1
Details	IPv4	1	88.204.193.34
Details	Url	2	https://yadi.sk/d/cqrski0591kwog
Details	Url	1	https://2no.co/1wbyc7