hxxps://eblast[.]ewu[.]edu/t/y-l-xtdkiut-dkhilywdt-r/ | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://eblast.ewu.e...

ubuntu-18.04-amd64

7

Resubmissions

08/04/2024, 20:43

240408-zhmb9abd65 7

07/04/2024, 00:53

240407-a8vzmsgb5x 7

07/04/2024, 00:50

240407-a7e7ssga9t 7

06/04/2024, 22:31

240406-2fj58adf36 7

05/04/2024, 19:34

240405-x997aaca5z 7

05/04/2024, 15:42

240405-s5sn8agd82 7

05/04/2024, 15:40

240405-s36s3afh2x 7

05/04/2024, 06:27

240405-g72jcsec45 7

05/04/2024, 06:26

240405-g7g5qadg3w 1

05/04/2024, 06:23

240405-g5fh4sec24 7

Sharing

General

Target

https://eblast.ewu.edu/t/y-l-xtdkiut-dkhilywdt-r/
Sample

240407-a8vzmsgb5x

Score

7^/10

antivm linux spyware stealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://eblast.ewu.edu/t/y-l-xtdkiut-dkhilywdt-r/

Resource

ubuntu1804-amd64-20240226-en

antivm spyware stealer

ubuntu-18.04-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  https://eblast.ewu.edu/t/y-l-xtdkiut-dkhilywdt-r/
Score

7^/10

antivm spyware stealer
- Changes its process name
- Reads user data of web browsers
  Reads stored browser data which can include saved credentials.
  spyware stealer
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Reads CPU attributes
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

antivmspywarestealer

© 2018-2025

Terms | Privacy