Source: locatedblsoqp.shop |
URL Reputation: Label: phishing |
Source: locatedblsoqp.shop |
URL Reputation: Label: phishing |
Source: traineiwnqo.shop |
URL Reputation: Label: malware |
Source: traineiwnqo.shop |
URL Reputation: Label: malware |
Source: condedqpwqm.shop |
URL Reputation: Label: phishing |
Source: caffegclasiqwp.shop |
URL Reputation: Label: malware |
Source: millyscroqwp.shop |
URL Reputation: Label: malware |
Source: stagedchheiqwo.shop |
URL Reputation: Label: phishing |
Source: https://locatedblsoqp.shop/api |
URL Reputation: Label: malware |
Source: stamppreewntnq.shop |
URL Reputation: Label: phishing |
Source: https://tenseddrywsqio.shop/api |
Avira URL Cloud: Label: malware |
Source: https://traineiwnqo.shop/api_ |
Avira URL Cloud: Label: malware |
Source: https://locatedblsoqp.shop/6 |
Avira URL Cloud: Label: phishing |
Source: https://traineiwnqo.shop/api |
Avira URL Cloud: Label: malware |
Source: https://locatedblsoqp.shop/ |
Avira URL Cloud: Label: phishing |
Source: https://traineiwnqo.shop/apibul |
Avira URL Cloud: Label: malware |
Source: https://traineiwnqo.shop/fXx |
Avira URL Cloud: Label: malware |
Source: https://traineiwnqo.shop/apiK |
Avira URL Cloud: Label: malware |
Source: https://traineiwnqo.shop/. |
Avira URL Cloud: Label: malware |
Source: https://traineiwnqo.shop:443/apii |
Avira URL Cloud: Label: malware |
Source: https://traineiwnqo.shop/ |
Avira URL Cloud: Label: malware |
Source: 1.2.BitLockerToGo.exe.400000.0.unpack |
Malware Configuration Extractor: LummaC {"C2 url": ["stamppreewntnq.shop", "stagedchheiqwo.shop", "locatedblsoqp.shop", "tenseddrywsqio.shop", "millyscroqwp.shop", "traineiwnqo.shop", "condedqpwqm.shop", "caffegclasiqwp.shop", "evoliutwoqm.shop"], "Build id": "LPnhqo--nlczjrpfwadf"} |
Source: tenseddrywsqio.shop |
Virustotal: Detection: 14% |
Perma Link |
Source: tenseddrywsqio.shop |
Virustotal: Detection: 14% |
Perma Link |
Source: https://tenseddrywsqio.shop/api |
Virustotal: Detection: 16% |
Perma Link |
Source: https://traineiwnqo.shop/api |
Virustotal: Detection: 21% |
Perma Link |
Source: https://locatedblsoqp.shop/ |
Virustotal: Detection: 16% |
Perma Link |
Source: https://traineiwnqo.shop:443/apii |
Virustotal: Detection: 11% |
Perma Link |
Source: https://traineiwnqo.shop/ |
Virustotal: Detection: 19% |
Perma Link |
Source: https://traineiwnqo.shop/. |
Virustotal: Detection: 19% |
Perma Link |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: caffegclasiqwp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stamppreewntnq.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stagedchheiqwo.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: millyscroqwp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: evoliutwoqm.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: condedqpwqm.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: traineiwnqo.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: locatedblsoqp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: tenseddrywsqio.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: caffegclasiqwp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stamppreewntnq.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stagedchheiqwo.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: millyscroqwp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: evoliutwoqm.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: condedqpwqm.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: traineiwnqo.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: locatedblsoqp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: tenseddrywsqio.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: caffegclasiqwp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stamppreewntnq.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stagedchheiqwo.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: millyscroqwp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: evoliutwoqm.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: condedqpwqm.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: traineiwnqo.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: locatedblsoqp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: tenseddrywsqio.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: caffegclasiqwp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stamppreewntnq.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: stagedchheiqwo.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: millyscroqwp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: evoliutwoqm.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: condedqpwqm.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: traineiwnqo.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: locatedblsoqp.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: tenseddrywsqio.shop |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: LPnhqo--nlczjrpfwadf |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_004321F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_004323E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
1_2_00419040 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, word ptr [ecx+esi*2] |
1_2_0042D070 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, dword ptr [esp] |
1_2_00434030 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000280h] |
1_2_0040D0D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
1_2_004208E0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [eax], dl |
1_2_0040D978 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
1_2_00434110 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, dword ptr [esp] |
1_2_00434110 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx esi, byte ptr [edx+eax-01h] |
1_2_004089F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [ebx], 00000022h |
1_2_00420980 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [ebx] |
1_2_00435990 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
1_2_00413A4A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then add edi, 02h |
1_2_00413A4A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ecx, dword ptr [esp] |
1_2_0041FACE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
1_2_0041FACE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h |
1_2_00435280 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
1_2_00403290 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [esp] |
1_2_004312A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+1Ch] |
1_2_0040B310 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [esi], cx |
1_2_0041BB22 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, word ptr [ecx] |
1_2_0041BB22 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edi, dword ptr [esp+40h] |
1_2_0041BB22 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, 00008000h |
1_2_004043C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 84AA3BD1h |
1_2_004353C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_0043238A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [ebp-1Ch] |
1_2_00433BA8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, dword ptr [esp] |
1_2_00433C40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, dword ptr [esp] |
1_2_00434450 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
1_2_004324BC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
1_2_00429540 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov edx, dword ptr [ebp-1Ch] |
1_2_004335D2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
1_2_00418DE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
1_2_0040FDEB |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebp, eax |
1_2_0041EDFE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, dword ptr [esp] |
1_2_00433D90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esi+08h], eax |
1_2_004235B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], al |
1_2_004235B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], dl |
1_2_004235B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
1_2_0042F6F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [eax+edx] |
1_2_00431E80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov esi, dword ptr [esp] |
1_2_00433F40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
1_2_00412F50 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp cl, 0000002Eh |
1_2_0041D752 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ecx], al |
1_2_00414770 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
1_2_00412FA0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000000B0h] |
1_2_0040F7AA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then lea ebx, dword ptr [esp+08h] |
1_2_0041F7B2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp eax |
1_2_004197B7 |
Source: Network traffic |
Suricata IDS: 2055479 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop) : 192.168.2.4:65410 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2055483 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (traineiwnqo .shop) : 192.168.2.4:64510 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.4:49733 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.4:49732 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.4:49731 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49733 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49732 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.69.149:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.69.149:443 |
Source: Malware configuration extractor |
URLs: stamppreewntnq.shop |
Source: Malware configuration extractor |
URLs: stagedchheiqwo.shop |
Source: Malware configuration extractor |
URLs: locatedblsoqp.shop |
Source: Malware configuration extractor |
URLs: tenseddrywsqio.shop |
Source: Malware configuration extractor |
URLs: millyscroqwp.shop |
Source: Malware configuration extractor |
URLs: traineiwnqo.shop |
Source: Malware configuration extractor |
URLs: condedqpwqm.shop |
Source: Malware configuration extractor |
URLs: caffegclasiqwp.shop |
Source: Malware configuration extractor |
URLs: evoliutwoqm.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: tenseddrywsqio.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: locatedblsoqp.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: traineiwnqo.shop |
Source: global traffic |
HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=3xk4E.2nDymKStRO43vRDjy22JgE06_vJkNrLPyvrcg-1725131410-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 54Host: traineiwnqo.shop |
Source: l5u4ezxr.u51.exe |
String found in binary or memory: https://api.loganalytics.iohttps://api.loganalytics.usencountered |
Source: l5u4ezxr.u51.exe |
String found in binary or memory: https://datalake.azure.net/https://graph.microsoft.us/servicebus.chinacloudapi.cndocuments.microsoft |
Source: l5u4ezxr.u51.exe |
String found in binary or memory: https://gallery.usgovcloudapi.net/mariadb.database.usgovcloudapi.netdev.azuresynapse.usgovcloudapi.n |
Source: BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://locatedblsoqp.shop/ |
Source: BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://locatedblsoqp.shop/6 |
Source: BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://locatedblsoqp.shop/api |
Source: l5u4ezxr.u51.exe |
String found in binary or memory: https://login.microsoftonline.com/METRIC_AZURERM_API_REQUEST_BUCKETSlabel |
Source: l5u4ezxr.u51.exe |
String found in binary or memory: https://management.azure.comfailed |
Source: l5u4ezxr.u51.exe |
String found in binary or memory: https://ossrdbms-aad.database.chinacloudapi.cned25519: |
Source: BitLockerToGo.exe, 00000001.00000003.1768083504.00000000027FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://tenseddrywsqio.shop/M |
Source: BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/ |
Source: BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/. |
Source: BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1797722828.00000000027F1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/api |
Source: BitLockerToGo.exe, 00000001.00000002.1797722828.00000000027F1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/apiK |
Source: BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/api_ |
Source: BitLockerToGo.exe, 00000001.00000002.1797722828.00000000027F1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/apibul |
Source: BitLockerToGo.exe, 00000001.00000002.1797722828.00000000027D2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop/fXx |
Source: BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://traineiwnqo.shop:443/apii |
Source: l5u4ezxr.u51.exe |
String found in binary or memory: https://vault.azure.net/mysql.database.azure.comhttps://cosmos.azure.comNtQuerySystemInformationAllo |
Source: l5u4ezxr.u51.exe |
String found in binary or memory: https://vault.azure.netusgovtrafficmanager.netvault.usgovcloudapi.nethttps://vault.azure.cn/vault.mi |
Source: BitLockerToGo.exe, 00000001.00000003.1785814274.0000000002871000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1786075321.0000000002850000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: BitLockerToGo.exe, 00000001.00000003.1786075321.0000000002870000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1786075321.00000000027FD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49731 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49731 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: 00000000.00000002.1761754559.0000000002786000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth |
Source: Process Memory Space: l5u4ezxr.u51.exe PID: 6528, type: MEMORYSTR |
Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004321F0 |
1_2_004321F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0040C223 |
1_2_0040C223 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004323E3 |
1_2_004323E3 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0042D702 |
1_2_0042D702 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00404000 |
1_2_00404000 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0041F011 |
1_2_0041F011 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00434030 |
1_2_00434030 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0042C890 |
1_2_0042C890 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0040D978 |
1_2_0040D978 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0040B900 |
1_2_0040B900 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00434110 |
1_2_00434110 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004061F0 |
1_2_004061F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004089F0 |
1_2_004089F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00420980 |
1_2_00420980 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00435990 |
1_2_00435990 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00413A4A |
1_2_00413A4A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0040E20B |
1_2_0040E20B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0041CA10 |
1_2_0041CA10 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00419A1F |
1_2_00419A1F |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00407A30 |
1_2_00407A30 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00401AD5 |
1_2_00401AD5 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0041D290 |
1_2_0041D290 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0041BB22 |
1_2_0041BB22 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0041A330 |
1_2_0041A330 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004043C0 |
1_2_004043C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004353C0 |
1_2_004353C0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0043238A |
1_2_0043238A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00433BA8 |
1_2_00433BA8 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00433C40 |
1_2_00433C40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00434450 |
1_2_00434450 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00402410 |
1_2_00402410 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00414420 |
1_2_00414420 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00411CDA |
1_2_00411CDA |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004324BC |
1_2_004324BC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0041AD70 |
1_2_0041AD70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004335D2 |
1_2_004335D2 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00404DE0 |
1_2_00404DE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0041EDFE |
1_2_0041EDFE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00433D90 |
1_2_00433D90 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004235B0 |
1_2_004235B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00420E60 |
1_2_00420E60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0040FE01 |
1_2_0040FE01 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00401618 |
1_2_00401618 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00406ED0 |
1_2_00406ED0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00407EE0 |
1_2_00407EE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00431E80 |
1_2_00431E80 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004096A0 |
1_2_004096A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_004356B0 |
1_2_004356B0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00433F40 |
1_2_00433F40 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0041D752 |
1_2_0041D752 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_0040CF60 |
1_2_0040CF60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00414770 |
1_2_00414770 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00431710 |
1_2_00431710 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 1_2_00405780 |
1_2_00405780 |
Source: l5u4ezxr.u51.exe, 00000000.00000002.1759379021.00000000015E4000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameLauncher!.exe pP vs l5u4ezxr.u51.exe |
Source: l5u4ezxr.u51.exe, 00000000.00000002.1761754559.000000000274C000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs l5u4ezxr.u51.exe |
Source: l5u4ezxr.u51.exe |
Binary or memory string: OriginalFilenameLauncher!.exe pP vs l5u4ezxr.u51.exe |
Source: 00000000.00000002.1761754559.0000000002786000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research |
Source: 00000000.00000002.1761754559.0000000002496000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research |
Source: Process Memory Space: l5u4ezxr.u51.exe PID: 6528, type: MEMORYSTR |
Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research |