[ikolor]

mercenary

https://www.virustotal.com/en/file/e058 ... 491664880/

https://www.virustotal.com/en/file/39b7 ... 491656592/

[ikolor]

thank you brother

https://www.virustotal.com/en/file/dfe2 ... 499540073/

https://www.virustotal.com/en/file/b9e2 ... 499530197/

[Antelox]

thank you brother

https://www.virustotal.com/en/file/dfe2 ... 499540073/

https://www.virustotal.com/en/file/b9e2 ... 499530197/

SHA25: dfe22eeb0eef4340604d4f7886bf58e980fd0ac2b72f50b10aad7fb8055d1340

AdWare that connects to a domain which hosts HasOffer ads tracking platform.

ET TROJAN Backdoor User-Agent (InstallCapital)

Code: Select all

Domain: http://fun.losscook.bid

SHA256: b9e2390f54ebfe328452d8b79d84b0d1869d27ade8c8819f519ad2100bfb46d5

A downloader which downloads Adware/InstallMonster.umbt from combinatorial.respection.ru

The AdWare phones home to:

Code: Select all

http://hiss.apprises.ru/tracking/installer?iid=

BR,

Antelox

[ikolor]

Thanks you a lot for analyze this website .

https://www.virustotal.com/en/file/fd9e ... 499946518/

[Antelox]

Thanks you a lot for analyze this website .

https://www.virustotal.com/en/file/fd9e ... 499946518/

Same shit as the one with SHA256: b9e2390f54ebfe328452d8b79d84b0d1869d27ade8c8819f519ad2100bfb46d5

BR,

Antelox