際際滷

際際滷Share a Scribd company logo

Hta w23

S
SelectedPresentations

This document contains session information for an advanced hacking tool analysis session. It includes the organization name and address of the registered domain for several malicious websites, IP addresses visited, a list of encrypted handshake requests and commands, and URLs related to banking credential theft and malware installation. The document provides technical details that could help analyze the capabilities and activities of banking trojans and ransomware.

1 of 34
Download to read offline
Session ID: Session Classification: HTA-W23 Advanced
Session ID: Session Classification:
Hta w23
Hta w23
Hta w23
Hta w23
Hta w23
Hta w23
Hta w23
Hta w23
AS21437 org-name:PE Skurykhin Mukola Volodumurovuchor address:61015, Ukraine, Kharkiv, Donbasivskiy alley, 17, of. 59 phone:+38(057)720-9518 Registrar: GODADDY.COM, LLC http://50ed8c64a88e7.wakeup123.com http://50ed81cc8353f.warning123.com http://50ed7a89d621b.worldwidebusinessmodel.com 31.131.27.114
Based on F-Secure Security Cloud data
75079041672e56ee6198c82da76165dbc47d00f0
Hta w23
Handshake Request for lock.dll + Location information ZLIB compressed stream
Handshake SEND_LOCALIZED_LOCK_DLL (0x1f) SEND_VICTIM_EXPLORER (0x1e) VERIFY_CARD_NUMBER (0x20) SHOULD_DISINFECT (0x2d)
Hta w23
Hta w23
Hta w23
Hta w23
VERIFY_CARD_NUMBER (0x20) SHOULD_DISINFECT (0x2d) Unlock Switch back to user default desktop Stop self-protection threads Remove startup .lnk
WS_FTP CuteFTP FlashFXP FileZilla FTPCommander BProofFTP SmartFTP TurboFTP FFFTP CoffeeCup CoreFTP FTPExplorer Frigate3 SecureFX UltraFXP_Base UltraFXP FTPRush WebSitePublisher BitKinex ExpanDrive ClassicFTP Fling SoftX DOpus FTPUploader FreeFTP LeapFTP WinSCP 32bit WebDrive FTPControl NetDrive IM_Abstract ICQ2003 Miranda RQ Trillian ICQ99 MSN Yahoo AIM Gaim_Base Gaim QIP Odigo IM2x9L SIM GTalk PSI Faim MySpace LiveMessenger PalTalk Excite Gizmo Pidgin AIMPRO Pandion QIPOnline JAJC Digsby Astra DMaster_Abstract DMasterh IDA GetRight FlashGet Poker FullTiltPoker PokerStars TitanPoker PartyPoker CakePoker AbsoluteCommon AbsolutePoker SinglePassword SysInfo WinVNC ScreenSaver RDP PCRemoteControlRC FreeCall CamFrog ASPNET NetCache CiscoVPN CredentialsSVWUQ FTP_Abstract FAR WTCl
Outlook Eudora Gmail MRA4 IncrediMail GroupMailFree VypressAuvis PocoMail ForteAgent Scribe POPPeepert MailCommander Windows_Mail_Base Windows_Mail_Live Windows_Mail_Vista UBPoker 888Poker Opera Mozilla_Base MozillaD IE Firefox Safari Chrome Flock SeaMonkey ThunderbirdU Email Becky The_Bat
Hta w23
http://www.xylibox.com/2012/03/gema-fakepolicealert.html
Hta w23
Hta w23
cf3ccf49b142c8fd2bf55a798ae077fdfb3fa646
Hta w23
Hta w23

More Related Content

Hta w23