{%hackmd C76nuH1pTfedlTW7n2cwbQ %} | Submission | Details | Verdict | Date | Tags | | | | ------------------------ |:-------------------------------------------------------------------------------------- |:--------------------- | ---------------- | -------------------- |:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --- | | PartyRoyale.exe | 0aef1e1f5f8cef19c63977278ca550ae4196d6ea13d51bc706bb64f03ea64ec6 application/x-dosexec | application/x-dosexec | Likely malicious | 05/02/2024, 04:13:01 | [peexe](https://www.filescan.io/search-result?tag=peexe)[txt](https://www.filescan.io/search-result?tag=txt)[xml](https://www.filescan.io/search-result?tag=xml)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | | AppDFSetup.exe | 593c83930d6f0ca5e300b1728ed0a793d71ade9bbf3ab5ca6a4c38769c093a36 | application/x-dosexec | Likely malicious | 05/02/2024, 03:57:35 | [peexe](https://www.filescan.io/search-result?tag=peexe)[html](https://www.filescan.io/search-result?tag=html)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | | Wion Setup.exe | 67900fd8ba19d8be310f7db1a55073da24a4ba8b719c50520840fc77e571216b | application/x-dosexec | Likely malicious | 05/01/2024, 23:09:21 | [peexe](https://www.filescan.io/search-result?tag=peexe)[html](https://www.filescan.io/search-result?tag=html)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | | Vortax App Setup.exe | f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843 | application/x-dosexec | Likely malicious | 04/30/2024, 20:49:06 | [peexe](https://www.filescan.io/search-result?tag=peexe)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | | MeetHub.exe | d96dd19f1fcd20277cee365d5fda7ecd1a776c046b2468d89f5f6a80a7d85c9f | application/x-dosexec | Malicious | 04/30/2024, 20:47:05 | [peexe](https://www.filescan.io/search-result?tag=peexe)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | | VDeck Setup.exe | c29f6ca9ca0cbe27b9da4499d70add923459d23e69a701772530331a43cd71f8 | application/x-dosexec | Likely malicious | 04/30/2024, 20:46:16 | [peexe](https://www.filescan.io/search-result?tag=peexe)[html](https://www.filescan.io/search-result?tag=html)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | | Cozy World Setup.exe | 4cd4f861a3294923fc97f741927c8b67543ac54cfde6692c9e151920b1f61a19 | application/x-dosexec | Likely malicious | 04/30/2024, 09:01:10 | [peexe](https://www.filescan.io/search-result?tag=peexe)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | | Goheard.exe | 0ea35162ffccf5939f70fd8a932abe357cc4b84c96eb203ccc24bddbc08fc9ab | application/x-dosexec | Likely malicious | 04/29/2024, 20:24:19 | [peexe](https://www.filescan.io/search-result?tag=peexe)[txt](https://www.filescan.io/search-result?tag=txt)[xml](https://www.filescan.io/search-result?tag=xml)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | | Segwit Setup.exe | 7c6543af2eea8ed933e0898bdbcfc642f0c11bece904b366ca939da9e76465eb | application/x-dosexec | Likely malicious | 04/29/2024, 07:20:28 | [peexe](https://www.filescan.io/search-result?tag=peexe)[html](https://www.filescan.io/search-result?tag=html)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | | Spectra Setup.exe | c4b3a3f21ad54d5c3370669ce1ff6c39f2affbaa02fdd42acfbd844c9c4074f9 | application/x-dosexec | Likely malicious | 04/29/2024, 07:17:58 | [peexe](https://www.filescan.io/search-result?tag=peexe)[xml](https://www.filescan.io/search-result?tag=xml)<br />[packed](https://www.filescan.io/search-result?tag=packed)<br />[lolbin](https://www.filescan.io/search-result?tag=lolbin)<br />[overlay](https://www.filescan.io/search-result?tag=overlay)<br />[shell32](https://www.filescan.io/search-result?tag=shell32) | | `Host: 79.137.197.159` Units via Port 443; correlated url script rotates on interaction | IP Address | PHP Loader Filename | Correlated URL | Reference URL | |:----------------------- |:-------------------------- |:----------------------------------------------------------------------- |:--------------------------------------- | | `79.137.197.159/22` | `/process.php` | `https://piloje.com/script_664d125032ea42.69559009.php` | `https://goheard.io` | | `79.137.197.159/22` | `/process.php` | `https://lajolladaily.com/script_664b972b9f5581.65045588.php` | `https://spectra.land/preload.js` | | `79.137.197.159:443` | `/process.php` | `https://rtptuwagaslot.com/script_6650246cea6405.40486903.php` | `https://vdeck.app/download.php` | | `79.137.197.159/22` | `/process.php` | `https://plumbonwater.com/script_6646ffe42b2354.95375623.php` | `https://vorion.io/download` | | `79.137.197.159/22` | `/process.php` | `https://hypergrail.com/script_665014505c5e11.98910042.php` | `https://vorion.io/download` | | `79.137.197.159/22` | `/process.php` | `https://123mllhasbrasil.com/script_6631c3eb8ebc68.62508384.php` | `http://wionworld.com/app` | | `79.137.197.159:443` | `/process.php` | `https://elhasnaouitravel.com/script_66502e76636393.28572352.php` | `https://cozymeta.fun/join-metaverse` | | `79.137.197.159:443` | `/process.php` | `https://gardenzone5.com/script_66502b50c39406.34275927.php` | `https://partyroyale.games/api.php` | | `79.137.197.159/22` | `/process.php` | `https://aidigibrain.com/script_664d94a31d9da1.55015293.php` | `https://partyroyale.io/download` | | `147.45.42.181:443` | `/process_launcher.php` | `https://choutuppal.com/script_66501f6f7b2e42.29533492.php` | `https://nft-lod.com/play/index.php` | | `147.45.42.181` | `/process_launcher.php` | `https://choutuppal.com/script_664d9262e6efe2.91677854.php` | `https://orbit-storm.com/download` | | `147.45.42.181` | `/work/process_reborn.php` | `https://mydigitaldayoff.com/work/script_664d8b4e3b1997.72713760.php` | `https://reborn1986.io` | | `79.137.197.159:443/22` | `/process.php` | `https://rtptuwagaslot.com/script_6650246cea6405.40486903.php` | `https://vdeck.app/download.php` | | `79.137.197.159` | `/process.php` | `https://bracelettimepiece.com/script_6655839f37bb92.41144180.php` | `https://playsilentdown.site/#download` | | `79.137.197.159/22` | | `https://institutoangelabatista.com/script_662faaadd07eb6.77335769.php` | | | `79.137.197.159/22` | | `https://hobbyplanners.com/script_660ea79c63eef9.67579512.php` | | https://explore.silentpush.com/web-scanner?query=ip%20%3D%20%2279.137.196.0%2F22%22&sorting=scan_date%2Fdesc Reverse IP Lookup May 21, 2024 [https://viewdns.info/](https://viewdns.info/) | Domain | Last Resolved Date | |:------------------------------------- |:------------------ | | `123mllhasbrasil.com` | 2024-05-21 | | `aidigibrain.com` | 2024-05-21 | | `assetsreserve.com` | 2024-05-21 | | `benhhensuyen.com` | 2024-04-27 | | `betbhaibetting.com` | 2024-05-21 | | `blogspotzone.com` | 2024-05-15 | | `bnpdessert.com` | 2024-05-02 | | `criminalclub.com` | 2024-04-27 | | `edu-vents.com` | 2024-04-27 | | `farm2aam.com` | 2024-04-27 | | `mandkhome.com` | 2024-04-27 | | `pegamente.com` | 2024-04-27 | | `plumbonwater.com` | 2024-04-27 | | `stainlesssteelinvestmentcasting.com` | 2024-05-11 | | `tripleplay-arg1.com` | 2024-04-27 | | `weworkhappy.com` | 2024-04-27 | `https://piloje.com/script_664d125032ea42.69559009.php` `https://lajolladaily.com/script_664b972b9f5581.65045588.php` `https://plumbonwater.com/script_6646ffe42b2354.95375623.php` `https://123mllhasbrasil.com/script_6631c3eb8ebc68.62508384.php` `https://institutoangelabatista.com/script_662faaadd07eb6.77335769.php` `https://hobbyplanners.com/script_660ea79c63eef9.67579512.php` | Status Code | Initial URL | Redirect URL | | ----------- | ------------------------------------------------------- | --------------------------------------------------------------------- | | 302 | `https://123mllhasbrasil.com/process.php` | `https://123mllhasbrasil.com/script_6652bef9877065.32297330.php` | | 404 | `https://123mllhasbrasil.com/process_launcher.php` | - | | 302 | `https://aidigibrain.com/process.php` | `https://aidigibrain.com/script_6652bef9d3c7e0.48933525.php` | | 404 | `https://aidigibrain.com/process_launcher.php` | - | | 302 | `https://assetsreserve.com/process.php` | `https://assetsreserve.com/script_6652befa1a9af6.65513564.php` | | 404 | `https://assetsreserve.com/process_launcher.php` | - | | 404 | `https://benhhensuyen.com/process.php` | - | | 404 | `https://benhhensuyen.com/process_launcher.php` | - | | 302 | `https://betbhaibetting.com/process.php` | `https://betbhaibetting.com/script_6652befac3d2d5.44051740.php` | | 404 | `https://betbhaibetting.com/process_launcher.php` | - | | 404 | `https://blogspotzone.com/process.php` | - | | 404 | `https://blogspotzone.com/process_launcher.php` | - | | 302 | `https://bracelettimepiece.com/process.php` | `https://bracelettimepiece.com/script_6652bf0223c083.21570893.php` | | 404 | `https://bracelettimepiece.com/process_launcher.php` | - | | 302 | `https://brownfamilyfarmsllc.com/process.php` | `https://brownfamilyfarmsllc.com/script_6652bf02582340.25475142.php` | | 404 | `https://brownfamilyfarmsllc.com/process_launcher.php` | - | | 404 | `https://builders-millworks.com/process.php` | - | | 404 | `https://builders-millworks.com/process_launcher.php` | - | | 404 | `https://cheapcleanprotein.com/process.php` | - | | 404 | `https://cheapcleanprotein.com/process_launcher.php` | - | | 0 | `https://crosscertify.com/process.php` | - | | 0 | `https://crosscertify.com/process_launcher.php` | - | | 0 | `https://deskpaypal.com/process.php` | - | | 0 | `https://deskpaypal.com/process_launcher.php` | - | | 302 | `https://ebolight.com/process.php` | `https://ebolight.com/script_6652bdf8510541.66648515.php` | | 404 | `https://ebolight.com/process_launcher.php` | - | | 200 | `https://edu-vents.com/process.php` | - | | 200 | `https://edu-vents.com/process_launcher.php` | - | | 302 | `https://elhasnaouitravel.com/process.php` | `https://elhasnaouitravel.com/script_6652bdf9218371.85384325.php` | | 404 | `https://elhasnaouitravel.com/process_launcher.php` | - | | 302 | `https://eliteneatproductshop.com/process.php` | `https://eliteneatproductshop.com/script_6652bdf96f0d11.16866785.php` | | 404 | `https://eliteneatproductshop.com/process_launcher.php` | - | | 0 | `https://excelcorner.com/process.php` | - | | 0 | `https://excelcorner.com/process_launcher.php` | - | | 404 | `https://farm2aam.com/process.php` | - | | 404 | `https://farm2aam.com/process_launcher.php` | - | | 0 | `https://galipertan.com/process.php` | - | | 0 | `https://galipertan.com/process_launcher.php` | - | | 302 | `https://gardenzone5.com/process.php` | `https://gardenzone5.com/script_6652bdfb066ba3.80915932.php` | | 404 | `https://gardenzone5.com/process_launcher.php` | - | | 302 | `https://hiastrology.com/process.php` | `https://hiastrology.com/script_6652bdfb473397.09023891.php` | | 404 | `https://hiastrology.com/process_launcher.php` | - | | 302 | `https://hotvolkswagens.com/process.php` | `https://hotvolkswagens.com/script_6652bdfb9c06a9.11181146.php` | | 404 | `https://hotvolkswagens.com/process_launcher.php` | - | | 302 | `https://iuddy.com/process.php` | `https://iuddy.com/script_6652bdfbe0f9e6.04794722.php` | | 404 | `https://iuddy.com/process_launcher.php` | - | | 302 | `https://lajolladaily.com/process.php` | `https://lajolladaily.com/script_6652be3f7d4ba7.10840049.php` | | 404 | `https://lajolladaily.com/process_launcher.php` | - | | 302 | `https://mesajpanelim.com/process.php` | `https://mesajpanelim.com/script_6652be460da1f4.79692092.php` | | 404 | `https://mesajpanelim.com/process_launcher.php` | - | | 302 | `https://mrglob.com/process.php` | `https://mrglob.com/script_6652be465c5260.15223074.php` | | 404 | `https://mrglob.com/process_launcher.php` | - | | 302 | `https://mypageanswers.com/process.php` | `https://mypageanswers.com/script_6652be46bfb599.81867745.php` | | 404 | `https://mypageanswers.com/process_launcher.php` | - | | 302 | `https://piloje.com/process.php` | `https://piloje.com/script_6652be4d445944.07136197.php` | | 404 | `https://piloje.com/process_launcher.php` | - | | 302 | `https://repairleatherla.com/process.php` | `https://repairleatherla.com/script_6652be53e357d2.79414522.php` | | 404 | `https://repairleatherla.com/process_launcher.php` | - | | 302 | `https://rtptuwagaslot.com/process.php` | `https://rtptuwagaslot.com/script_6652be5434e176.05662733.php` | | 404 | `https://rtptuwagaslot.com/process_launcher.php` | - | | 0 | `https://santaeulaliadelrio.com/process.php` | - | | 0 | `https://santaeulaliadelrio.com/process_launcher.php` | - | | 404 | `https://shinudating.com/process.php` | - | | 404 | `https://shinudating.com/process_launcher.php` | - | | 302 | `https://thebackyardescapist.com/process.php` | `https://thebackyardescapist.com/script_6652bfa2cbb631.02773981.php` | | 404 | `https://thebackyardescapist.com/process_launcher.php` | - | | 0 | `https://thetrendymall.com/process.php` | - | | 0 | `https://thetrendymall.com/process_launcher.php` | - | | 0 | `https://usnesaf.com/process.php` | - | | 0 | `https://usnesaf.com/process_launcher.php` | - | | 302 | `https://xhaxo.com/process.php` | `https://xhaxo.com/script_6652bfb053b776.38550908.php` | | 404 | `https://xhaxo.com/process_launcher.php` | - | `https://privatebin.net/?ed34debd20026e09#DFygTZK5oknPiCMeFhg76T3aSKnC8R9WvS9idxjHB6ZY` `https://www.ipvoid.com/http-status-code-checker/` | Malware Sources | | ---------------------------------------------- | | `https://123mllhasbrasil.com/process.php` | | `https://aidigibrain.com/process.php` | | `https://assetsreserve.com/process.php` | | `https://betbhaibetting.com/process.php` | | `https://bracelettimepiece.com/process.php` | | `https://brownfamilyfarmsllc.com/process.php` | | `https://ebolight.com/process.php` | | `https://elhasnaouitravel.com/process.php` | | `https://eliteneatproductshop.com/process.php` | | `https://gardenzone5.com/process.php` | | `https://hiastrology.com/process.php` | | `https://hotvolkswagens.com/process.php` | | `https://iuddy.com/process.php` | | `https://lajolladaily.com/process.php` | | `https://mesajpanelim.com/process.php` | | `https://mrglob.com/process.php` | | `https://mypageanswers.com/process.php` | | `https://piloje.com/process.php` | | `https://rtptuwagaslot.com/process.php` | | `https://thebackyardescapist.com/process.php` | | `https://xhaxo.com/process.php` | | Downloaded Instance | URLQuery Link | Original Link | | ------------------- | ---------------------------------------------------------------------------- |:---------------------------------------------- | | Setup.dmg | [URLQuery](https://urlquery.net/queue/437687c7-73be-48b8-a29d-27f5997951e4) | `https://123mllhasbrasil.com/process.php` | | Launcher.dmg | [URLQuery](https://urlquery.net/queue/3e07d19e-b772-4755-a883-74e621bf8948) | `https://aidigibrain.com/process.php` | | nortexapp | [URLQuery](https://urlquery.net/report/bc0616a0-486a-49ca-9b13-dc8427f981ae) | `https://assetsreserve.com/process.php` | | PartyLauncher.dmg | [URLQuery](https://urlquery.net/queue/04043478-0520-421d-8f08-2fb4f50202f0) | `https://betbhaibetting.com/process.php` | | Launcher.dmg | [URLQuery](https://urlquery.net/report/868bc884-f11a-4afa-8099-95c0f55a6466) | `https://bracelettimepiece.com/process.php` | | ZoomWorkspace.dmg | [URLQuery](https://urlquery.net/report/16931a0e-300b-482c-b684-26b272d99801) | `https://brownfamilyfarmsllc.com/process.php` | | Launcher.dmg | [URLQuery](https://urlquery.net/report/4738806f-80b3-49e6-bb24-96cc7be838b9) | `https://ebolight.com/process.php` | | WorldSetup.dmg | [URLQuery](https://urlquery.net/report/3ea7a94a-54ed-4ae6-8849-ef6542ac8353) | `https://elhasnaouitravel.com/process.php` | | Installer.dmg | [URLQuery](https://urlquery.net/report/4641391a-fd45-40b1-a0d6-eeab9faa9672) | `https://eliteneatproductshop.com/process.php` | | PartyLauncher.dmg | [URLQuery](https://urlquery.net/report/0c7889d9-051b-4f30-b10f-a05b6b324f04) | `https://gardenzone5.com/process.php` | | Installer.dmg | [URLQuery](https://urlquery.net/report/5441fa88-2482-4b07-bfa3-a824448951b1) | `https://hiastrology.com/process.php` | | Launcher.dmg | [URLQuery](https://urlquery.net/report/14b3c8db-fdf5-4668-bad4-f279d6b4b817) | `https://hotvolkswagens.com/process.php` | | Installer.dmg | [URLQuery](https://urlquery.net/report/d1d5fb76-e71e-434e-be5f-e475b82aa88f) | `https://iuddy.com/process.php` | | SpectraLauncher.dmg | [URLQuery](https://urlquery.net/report/be756393-115e-4242-b25f-969ec698d8f6) | `https://lajolladaily.com/process.php` | | Launcher.dmg | [URLQuery](https://urlquery.net/report/f000b2c4-bf16-468e-b6ca-62383f838de6) | `https://mesajpanelim.com/process.php` | | NightVerseSetup.dmg | [URLQuery](https://urlquery.net/report/c8c56e5f-eb71-4231-aa14-36b92866f0ec) | `https://mrglob.com/process.php` | | Launcher.dmg | [URLQuery](https://urlquery.net/report/673960d4-246e-4aed-9b37-90424928ccbc) | `https://mypageanswers.com/process.php` | | Launcher.dmg | [URLQuery](https://urlquery.net/report/7b92dc99-f6fb-4bfc-8bc2-b2390d5e040a) | `https://piloje.com/process.php` | | VDeck.dmg | [URLQuery](https://urlquery.net/queue/6640f108-58e0-4733-87f1-7a1e62e778d9) | `https://rtptuwagaslot.com/process.php` | | SuaWorld.dmg | [URLQuery](https://urlquery.net/report/b741e100-5f76-474c-9016-78b694df6e83) | `https://thebackyardescapist.com/process.php` | | Setup.dmg | [URLQuery](https://urlquery.net/report/1113cd02-7014-408f-9684-b9512cbc5a4f) | `https://xhaxo.com/process.php` | <br/><br/> `host=147.45.42.181` Reverse IP Lookup May 26, 2024 [https://viewdns.info/](https://viewdns.info/) | Domain | Last Resolved Date | |:------------------------------- |:------------------ | | `allstatesgateway.com` | 2024-05-21 | | `amesys1.com` | 2024-05-21 | | `blizzarduniverse.com` | 2024-05-21 | | `boostfollowers1.com` | 2024-05-21 | | `boulevardcapivari.com` | 2024-04-27 | | `choutuppal.com` | 2024-05-21 | | `domainnamespurchase.com` | 2024-05-21 | | `energybazar.com` | 2024-05-21 | | `forkliftrecruitment.com` | 2024-05-21 | | `gameplayking.com` | 2024-05-21 | | `goodiptv4k.com` | 2024-05-21 | | `governancenp.com` | 2024-05-21 | | `gruxtre.com` | 2024-05-21 | | `larealtyexperts.com` | 2024-05-21 | | `learnseoathome.com` | 2024-05-21 | | `mamoth-deals.com` | 2024-05-21 | | `maroonmango.com` | 2024-05-21 | | `motorcarspec.com` | 2024-05-21 | | `mshtri.com` | 2024-05-21 | | `mydigitaldayoff.com` | 2024-05-21 | | `quickoffshore.com` | 2024-05-21 | | `slotco.com` | 2024-05-21 | | `weddingphotographernagpur.com` | 2024-05-21 | | `zontecllc.com` | 2024-05-21 |