Source: priooozekw.shop |
Avira URL Cloud: Label: malware |
Source: surroundeocw.shop |
Avira URL Cloud: Label: malware |
Source: https://racedsuitreow.shop/api |
Avira URL Cloud: Label: malware |
Source: https://racedsuitreow.shop/api$& |
Avira URL Cloud: Label: malware |
Source: racedsuitreow.shop |
Avira URL Cloud: Label: malware |
Source: https://racedsuitreow.shop/xy |
Avira URL Cloud: Label: malware |
Source: covvercilverow.shop |
Avira URL Cloud: Label: malware |
Source: pianoswimen.shop |
Avira URL Cloud: Label: malware |
Source: https://racedsuitreow.shop/api= |
Avira URL Cloud: Label: malware |
Source: abortinoiwiam.shop |
Avira URL Cloud: Label: malware |
Source: pumpkinkwquo.shop |
Avira URL Cloud: Label: malware |
Source: defenddsouneuw.shop |
Avira URL Cloud: Label: malware |
Source: deallyharvenw.shop |
Avira URL Cloud: Label: malware |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: covvercilverow.shop |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: surroundeocw.shop |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: abortinoiwiam.shop |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: pumpkinkwquo.shop |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: priooozekw.shop |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: deallyharvenw.shop |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: defenddsouneuw.shop |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: racedsuitreow.shop |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: pianoswimen.shop |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 00000000.00000002.1860600994.000000C000800000.00000004.00001000.00020000.00000000.sdmp |
String decryptor: tLYMe5--rui333 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_0296D1A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_0296D1A0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [ecx+eax] |
5_2_0296F860 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
5_2_0299FCBC |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_029AA2AE |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
5_2_0299B3F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_029AA310 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
5_2_0298A324 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_029880AF |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh |
5_2_029A90F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_029A90F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi+60h] |
5_2_02993024 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [ecx], al |
5_2_02993024 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h |
5_2_0298E19C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
5_2_029871F0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
5_2_0297B130 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, ecx |
5_2_02974166 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [edi+029B6029h], 00000000h |
5_2_029736C9 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
5_2_029736C9 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 54CA534Eh |
5_2_029A8650 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, ecx |
5_2_0297E669 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], CECD21FDh |
5_2_0298C720 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh |
5_2_0298C720 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
5_2_02973756 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h |
5_2_0298E740 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp dword ptr [029B33A4h] |
5_2_0298E740 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
5_2_029904D0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], al |
5_2_0298E419 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
5_2_02987450 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then jmp edx |
5_2_02988446 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+18h] |
5_2_0297F467 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1B788DCFh |
5_2_029A4590 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_029A7BB0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
5_2_02965BC0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
5_2_029A5B00 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
5_2_02964B70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
5_2_029AAB60 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 0633C81Dh |
5_2_029A5850 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+58h] |
5_2_0297590B |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h |
5_2_0298EE86 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h |
5_2_029AAE70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 81105F7Ah |
5_2_029AAE70 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp byte ptr [esi], 00000000h |
5_2_02973F86 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
5_2_02984FD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov byte ptr [edi], al |
5_2_02991FE0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_0298BF1C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], dx |
5_2_02980F10 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000004B0h] |
5_2_0297DCD0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 7E28BDA7h |
5_2_029AACF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h |
5_2_0298ECF4 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then inc edi |
5_2_02973C2A |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then movzx ecx, word ptr [esi+eax] |
5_2_029A1DF0 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
5_2_02988D10 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov word ptr [eax], cx |
5_2_02988D10 |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
5_2_0298CD0C |
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh |
5_2_029A4D00 |
Source: Network traffic |
Suricata IDS: 2056079 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (racedsuitreow .shop in TLS SNI) : 192.168.2.9:49709 -> 104.21.37.97:443 |
Source: Network traffic |
Suricata IDS: 2056079 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (racedsuitreow .shop in TLS SNI) : 192.168.2.9:49708 -> 104.21.37.97:443 |
Source: Network traffic |
Suricata IDS: 2056078 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (racedsuitreow .shop) : 192.168.2.9:54044 -> 1.1.1.1:53 |
Source: Network traffic |
Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.9:49709 -> 104.21.37.97:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49709 -> 104.21.37.97:443 |
Source: Network traffic |
Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49708 -> 104.21.37.97:443 |
Source: Network traffic |
Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49708 -> 104.21.37.97:443 |
Source: Malware configuration extractor |
URLs: racedsuitreow.shop |
Source: Malware configuration extractor |
URLs: priooozekw.shop |
Source: Malware configuration extractor |
URLs: defenddsouneuw.shop |
Source: Malware configuration extractor |
URLs: pianoswimen.shop |
Source: Malware configuration extractor |
URLs: surroundeocw.shop |
Source: Malware configuration extractor |
URLs: abortinoiwiam.shop |
Source: Malware configuration extractor |
URLs: pumpkinkwquo.shop |
Source: Malware configuration extractor |
URLs: covvercilverow.shop |
Source: Malware configuration extractor |
URLs: deallyharvenw.shop |
Source: BitLockerToGo.exe, 00000005.00000003.1862939480.0000000002F4C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.m |
Source: BitLockerToGo.exe, 00000005.00000003.1862939480.0000000002F4C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.microsoft.co |
Source: iq2HxA0SLw.exe |
String found in binary or memory: https://github.com/golang/protobuf/issues/1609): |
Source: BitLockerToGo.exe, 00000005.00000002.1874166391.0000000002F09000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.1862501942.0000000002F0A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.1862501942.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000002.1874166391.0000000002F36000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://racedsuitreow.shop/api |
Source: BitLockerToGo.exe, 00000005.00000003.1862501942.0000000002F0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://racedsuitreow.shop/api$& |
Source: BitLockerToGo.exe, 00000005.00000002.1874166391.0000000002F36000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://racedsuitreow.shop/api= |
Source: BitLockerToGo.exe, 00000005.00000002.1874166391.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://racedsuitreow.shop/xy |
Source: BitLockerToGo.exe, 00000005.00000003.1862795729.0000000002F36000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.1862478504.0000000002F81000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000002.1874166391.0000000002EFB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: BitLockerToGo.exe, 00000005.00000003.1862939480.0000000002F4C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000005.00000003.1862795729.0000000002F36000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |