Incident Response
Risk Assessment
- Spyware
- Accesses potentially sensitive information from local browsers
- Credential Stealer
- Tries to steal FTP credentials
- Persistence
- Modifies auto-execute functionality by setting/creating a value in the registry
- Fingerprint
- Reads privazer donate active computer name
- Evasive
- Possibly checks for the presence of an Antivirus engine
- Spreading
- Tries to access unusual system drive letters
- Network Behavior
- Contacts 2 domains and 1 host. View all details
Additional Context
Related Sandbox Artifacts
- Associated URLs
- hxxp://africanamericanchildrenbooks.com
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details, privazer donate.
- External Systems
- Detected Emerging Threats Alert
- details
- Detected alert "ET TROJAN Suspicious User-Agent (Mozilla/ (compatible))" (SID:Rev: 7, privazer donate, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)
- source
- Suricata Alerts
- relevance
- 10/10
- Detected Emerging Threats Alert
- Installation/Persistance
- Loads the task scheduler COM API
- details
- "<Input Sample>" loaded module "%WINDIR%\System32\africanamericanchildrenbooks.com" at 71C
- source
- Loaded Module
- relevance
- 5/10
- Loads the task scheduler COM API
- Spyware/Information Retrieval
- Tries to steal FTP credentials
- details
- "HKCU *.down" (Indicator: "youtube")
"ProgramFilesDir africanamericanchildrenbooks.com"
Heuristic match: "LocalAppDataPath DVDVideoSoft
';} ?>
- Tries to steal FTP credentials
0 Comments