API tools faq
paste
Advertisement
HerbieZimmerman

2019-07-23-Amadey-Hancitor

HerbieZimmerman
Jul 23rd, 2019
291
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.61 KB | None | 0 0
raw download clone embed print report
  1. MD5 Hashes:
  2. ===========
  3. MD5 (0) = d41d8cd98f00b204e9800998ecf8427e
  4. MD5 MD5 (0cdfe991b7/kntd.exe) = f83d03095067d0155c36311c259b19fb
  5. MD5 (21347976566547_5194481500343.vbs) = 7a932aa015f4c0da5ac4de90685c88af
  6. MD5 (3.exe) = d47612c3c48cb18b7b2620c97a9593ea
  7. MD5 (7767.bin) = 7ea90f22b7ca6b54de6e213cf6f0ba99
  8. MD5 (1BE.bin) = 6833db0181a98622028323a774aa2252
  9. MD5 (fVkDJhq) = fb89b055d351ec5dccf4e76084c4a71d
  10. MD5 (uFqmcspqI.exe) = f83d03095067d0155c36311c259b19fb
  11.  
  12. Munin Results:
  13. ==============
  14. Online Hash Checker for Virustotal and Other Services
  15. Florian Roth - 0.13.0 April 2019
  16.  
  17. [+] Writing results to new file: check-results_Desktop.csv
  18. [ ] Processing kntd.exe ...
  19. [ ] Processing 3.exe ...
  20. [ ] Processing 0 ...
  21. [ ] Processing fVkDJhq ...
  22. [ ] Processing 1BE.bin ...
  23. [ ] Processing 21347976566547_5194481500343.vbs ...
  24. [ ] Processing 7767.bin ...
  25. [ ] Processing uFqmcspqI.exe ...
  26. [+] Processing 8 lines ...
  27.  
  28. 1 / 8 > Unknown
  29. HASH: 47623100c9c9b63dc5782e5510e695f1ae274b2c70e6a1f0215409bfc38d46ae COMMENT: kntd.exe
  30. RESULT: - / -
  31. [!] Sample on ANY.RUN URL: https://any.run/report/47623100c9c9b63dc5782e5510e695f1ae274b2c70e6a1f0215409bfc38d46ae
  32.  
  33. 2 / 8 > Malicious
  34. HASH: 416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980 COMMENT: 3.exe
  35. VIRUS: Microsoft: Trojan:Win32/Wacatac.B!ml / CrowdStrike: win/malicious_confidence_90% (D) / Symantec: ML.Attribute.HighConfidence
  36. TYPE: - FILENAMES: -
  37. FIRST: - LAST: 2019-07-23 18:14:26 COMMENTS: 0 USERS: -
  38. RESULT: 19 / 67
  39. [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980/
  40. [!] URLHaus info TYPE: exe FIRST_SEEN: 2019-07-23 18:18:04 LAST_SEEN: 2019-07-23 20:37:07 URL_COUNT: 1
  41. [!] URLHaus STATUS: online URL: http://nanohair.com.au/wp-content/plugins/wordpress-seo/inc/3.exe
  42. [!] Sample on ANY.RUN URL: https://any.run/report/416c77f478a5fa168eeaaa733d806076f1698d2ca4a3678b586a576cedf4b980
  43.  
  44. 3 / 8 > Clean
  45. HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 COMMENT: Desktop/0
  46. TYPE: - FILENAMES: -
  47. FIRST: - LAST: 2019-07-23 20:25:58 COMMENTS: 0 USERS: -
  48. RESULT: 0 / 62
  49. [!] Sample on URLHaus Download: https://urlhaus-api.abuse.ch/v1/download/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/
  50. [!] URLHaus info TYPE: unknown FIRST_SEEN: 2018-03-21 05:29:38 LAST_SEEN: 2018-07-11 15:20:02 URL_COUNT: 576
  51. [!] URLHaus STATUS: offline URL: http://46.161.40.93/alpine/svchost.exe
  52. [!] URLHaus STATUS: offline URL: http://tehranring.com/Greeting-messages/
  53. [!] URLHaus STATUS: offline URL: http://www.dnaadv.org/u6/
  54. [!] URLHaus STATUS: offline URL: http://www.dnaadv.org/apcfNQgg/
  55. [!] URLHaus STATUS: offline URL: http://dnaadv.org/u6/
  56. [!] URLHaus STATUS: offline URL: http://www.lddspt.com/Congratulations/
  57. [!] Sample on ANY.RUN URL: https://any.run/report/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
  58. [!] Sample on CAPE sandbox URL: https://cape.contextis.com/analysis/84959/
  59.  
  60. 4 / 8 > Unknown
  61. HASH: 15277d0deb8a33290f90c65c9667c98e9fadb50250449826c496b286ce061a23 COMMENT: fVkDJhq
  62. RESULT: - / -
  63.  
  64. 5 / 8 > Unknown
  65. HASH: 580eb7b45a7b90c82f4efab3f7fe43f8f48b077e6e490e9c1a061e0173c2e78b COMMENT: 1BE.bin
  66. RESULT: - / -
  67.  
  68. 6 / 8 > Unknown
  69. HASH: 93c16093653078cdc57697e5e316295ef06ce84acb28d6695ce3662f3df98ca3 COMMENT: 21347976566547_5194481500343.vbs
  70. RESULT: - / -
  71.  
  72. 7 / 8 > Unknown
  73. HASH: 55bf42c2c94d6dd990656bbb192e23b058ba8477357c0f0d7cbd879474051823 COMMENT: 7767.bin
  74. RESULT: - / -
  75.  
  76. 8 / 8 > Unknown
  77. HASH: 47623100c9c9b63dc5782e5510e695f1ae274b2c70e6a1f0215409bfc38d46ae COMMENT: uFqmcspqI.exe
  78. RESULT: - / -
  79. [!] Sample on ANY.RUN URL: https://any.run/report/47623100c9c9b63dc5782e5510e695f1ae274b2c70e6a1f0215409bfc38d46ae
  80.  
  81.  
  82. $ tshark -nr /2019-07-23-Amadey-Hancitor.pcap -T fields -e ip.src -e http.host -e tls.handshake.extensions_server_name -e http.request.full_uri -Y "http.request or tls.handshake.extensions_server_name" | sort | uniq -c
  83.  
  84. 3 192.168.1.105 129.226.63.136 http://129.226.63.136/favicon.ico
  85. 1 192.168.1.105 cd.pranahat.at http://cd.pranahat.at/jvassets/o1/s64.dat
  86. 25 192.168.1.105 forrolrestons.ru http://forrolrestons.ru/f5lkB/index.php
  87. 24 192.168.1.105 hersdintfortho.ru http://hersdintfortho.ru/f5lkB/index.php
  88. 1 192.168.1.105 nanohair.com.au http://nanohair.com.au/wp-content/plugins/wordpress-seo/inc/3.exe
  89. 2 192.168.1.105 nanohair.com.au http://nanohair.com.au/wp-content/plugins/wordpress-seo/inc/p.exe
  90. 26 192.168.1.105 retredmuchwas.com http://retredmuchwas.com/f5lkB/index.php
  91. 1 192.168.1.105 retredmuchwas.com http://retredmuchwas.com/mlu/forum.php
  92. 3 192.168.1.105 www.bing.com http://www.bing.com/favicon.ico
  93. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/6vyzxmDr/aCYlRHp3PAkcPYUc6KSe9NF/ouHM_2F3pl/JUs_2F2Rundotz28k/H5ZBPuLOrBGK/LuYJyiIhHtN/BeFWJXJoKHVdc2/0LeLEo3ePGJ3OiH341S7D/soJNl8miHhA3GV0t/JvO56fDtLatdkxB/8PN0_2BA1FGGNyy08M/yaqk1X4w6/14OVushP6iOFQ1uamAFA/w0xWXbvCDts1DadMBOC/xY7kOuL
  94. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/7Ih0tWYT8BqcM0/2mFnY5o38EQJWdUGM3Wa6/XpPCOykF9XYDYJqh/UjVeUzmYzSxeDeH/D2anPOSOZo4AXX6MS_/2B6NWtquh/zungTOJv9n1KZTckcJof/N34U1puUtqYfhA5KT_2/BoYnkEUt00xxlujKCnBuYV/LbUDajfyNq0xd/1_2BLNRQ/RZDz7F6lAkE6BGiQN5bFvsW/NcuXpPcpYi/sBc5LRowYOAygmDo0/PLwlAsptOjit/KtSZ
  95. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/F6imATubsjTwQpFEziRK2K/azWu0fJ5xs5LZ/KA9AYdG9/pUIalQE5_2FmB3wElP4vXYB/TKEDk6wqdv/2SFgIdZ55HA4BUiB6/aCqA1WTOnwwX/_2Beki_2FT4/fbVUITgudKHgRO/PYGD2o7r9lbQl55g8z_2F/pwMQko4f7vPbfsmN/B_2F15q0CVDoaUI/qpG7KSUGQy0s5x5BC7/u9DCavDHZ/RvSqnU_2BTu3ZCGSBzKq/tc2744isnWk0SU2oU5e/3ZCVJw4T9M6pghsL_0A_0D/yDIa
  96. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/H50URNOMDpOZnnjh5Wq_/2FG_2BreHCTkdAzuIRH/AwrDorZOVR3Y5OSiXtFpoT/o3EwJQyazoQ8t/EcGAQvDI/10OGBd3R1PjW2RW4RJMiIJu/ly29UZFgy9/G3O6VMDJ2JoKDLG6f/wSIOzFssQqKO/FnvN9Qpu_2B/WKwt7rab6k_2Fw/sB4E3tIPjOoZ0vQkN9T8c/93PVIzmcRpi_2Fwi/hXavF8SFnCQAELe/cCb2YGTUUcwKARVInh/jxyPfn2fl/Iydu5TAHr1xdec_0A_0D/yyLk
  97. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/HKo3cpLjRW7SZygE_2B81E/XlDhziAN8xOuk/bhyJCVGY/LJgQoOlOS6wjx0u8V8w9pnU/xDn2viiBSG/PETvDxRAIUf7y7P0O/Bz7Y_2BtOT8n/4PjQI2D0bxG/XxZ_2FNhM3Ufjz/cChi2l3rD6NBfi1sd0usE/jWIa7UEy9BplhLPy/BEJA21Fud_2Boji/Ammk_2Batl7IgAs8w3/V33manwBo/bwls3CeY/qc47p9o
  98. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/PugKgziiAU5/XrvRNRxdvEFEoT/2TH_2BD5YFY_2FH4A_2BM/KlN04HCbmY1dZiYy/PSnxgGa8yjvOLBh/Xr4OHsqQhAhfe0PFSP/ttadHYZLQ/1paRXnlWlexdEPlBrPRm/feUewxl_2FWL3jAlhDv/MLig_2BL3RBysp_2BBsnP6/1MAsseAkDFD_2/FaEuyWvi/NKAK8JLzIw3tWuVGo7CWGBJ/PST6m9KKqu/Wd6oNa_2BHL4ujBnS/xHN2_2BHx7Lm/OKQGrr_2BrG/KoNpBBnU/lRjzU_0A_0/Dz1ZX
  99. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/fWBy18rG_2Bog9uY/RX9LJuRS3pKkq_2/FICMcvBAWpJDGgGZTZ/g4KDbU2GH/TVyBl8_2F8iGuq_2Blfe/4N8Hdy0pU52D_2BpCvT/ppkvVybnJZ0Zr_2FlR_2Fl/_2FX0hD56_2FC/dtPt2rhu/BJjlkHYeVPEEhbJf5eyS6YQ/x1raUzUxd_/2FesJA3qqLNB2unRh/Pw9Q5I564MWC/qpzx9_2Fyiu/woUl_2FE1TlqZJ/qIDSXzVDfn8BKsVaVJa5F/kAWQWzHGyJM7_2BF/VKnUxldQSVmgH7_/0A_0Dpbr/x
  100. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/guz_2BQzd4KBsEP/rdEbMAzLSH9BDLLFW5/RuUSs_2BZ/FsinaSR8ELClTm_2BcbD/j8v3r0VI7fddcA_2Fjp/JKlNzgrqu_2Ft6Q6jge4FI/73uVlHHKNfQZG/i31DX6Ka/XVDIrkwYiph5behTeYviFfh/cmhKFDchv_/2FeDhlmtSCTh1lw11/C9LLZ2xSBgD8/W6JAgLJ9oy7/p35erywJVIvAoC/gpwv8uGh4vZ_2FI7ZtxWF/qib43ylM/ykvZ6wrW/m
  101. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/mZep6BMxMGXlEhdu/uChDlwglbxP3wFC/qzpPcOcMp2JTPxwRvV/WUQL20Myu/kZDG9SFiN_2BHQFkz5s0/f6_2BJukrxEFrF1iYGx/Us1Hga15pSUbkltZIgI4_2/BZXoRjJoW5_2F/SIJfCRRc/Om5oYqCUKhGWCOEl_2FivQL/KUv1xqhpBJ/DP3gKgZLL5amScBuD/XCAwwBCoiI_2/Fw6iCryIu4e/fApUn2Iz9k0pU_/2B4IfN3ggfpWAATGb2LPp/N8Gq8uO4Aeuyg9Kz/bK_0A_0DxAm/Y
  102. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/qM6LO_2BTWLFlo/k1fY3gICYFo1bSmvYpXHG/ggq8Dh9qPr45Ga40/IunfSKoDGhUFLOk/xlH03Jy_2F_2B0OPv7/D2Vg9xU4l/FUnYTSUSncXfOj6A4ddO/c1uGMC9JWShRWkTBIEC/J2bNJzffqK_2F1nIDyJe4f/IbiGXQYbao4x9/lYc5COBm/12B_2FOvWYFZHTkTTvNvNJM/gmVjRvTu3G/IHtWctv1Ry_2BE_2B/fn6TiQ8bcc_2/BSC1dCpz7RM/r_2F7alpSJnKmu/GA8qQKBy_0A_0/DLw_2BB
  103. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/wHmhL0VF/mM1zNlPXmVtMvSRl6Gn6tAz/rzVDaIgOcd/z_2FBkOAExFOA5q_2/B35vS0UpU2AO/gm7R5jv_2Fn/jcahxt2Zi0lRmA/yknlNnMnDXtDb3DZei6xj/58NK_2BrSuqWpO4i/CfdxFJ2jkClDIhR/SWI5LZ4mxXST_2BIKy/UsNq6CwDO/5AyaU3aU8oKIbx5NR54S/kMFbmWgsZ8CKFaWjf0b/X_2B5bhjWOH762Vn5Q_2BQ/ULyFI5N1zAJTI/iNBj_2FF/D8jghNqTg0T1_0A_0D_2BdV/8
  104. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/y3aBfqd5pYXkb7jWCJcP/X9XNLtyAEgOCH_2FvRY/gZt5M6jKKpp_2F56HgCbKc/rZPNJ8zfEq2Tv/iK_2BjwU/H1Q3sxCPixcs5_2BbmScOM9/PMlupGosLV/YqVesrLmHP7THuO4l/78OC28Dw1LfV/h3rHe9rb4_2/FGoxF7O9AYTvNI/iAwD4_2B7rSvrih8_2FBR/beYKSe84vvkmHKB1/kdXFJg6UWih_2FQ/fFKQIMlxyAMXDEcJE6/7c5XNNZWi/ufudGgof1H_2Br1VBXH3/9u_0A_0DWBH/0
  105. 1 192.168.1.105 x1.narutik.at http://x1.narutik.at/webstore/yxAyKXl6j6cD6AzH/kR2Fw29f3NdmWpf/a_2FbB4IJpJfH9dJlV/orTN5y4Bn/h_2FEy8cThTHuMg6nU4t/_2BZY8uJ3_2BhQff8RV/UYcppfduDbJPTRdp0LMiVo/kdesg4XBGvC_2/FpQ8rnYr/vhdLEokB8RK0wATtZ1NIv_2/BGSNT8S8o7/Pvzg4rXfHZfV4o7Mm/tyrkJrecBUfJ/V1Q0Rukc_2F/MW8fUpqGQLPzGw/BdCSDOGmx7XCxURt_2BeC/mJbjyYWFiJuRX4nc/CSWt_0A_0Dk/lJl
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!