This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SmartApeSG domains: | |
aionrevenge.com | |
46.17.43.112 | |
3pline.com | |
tqshoes.shop | |
testmotodart.pro | |
raptwinter.shop | |
10086623.top | |
internationalcricketboard.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
URLs serving malicious Chrome extension: | |
tchk-1.com/v3.bs64 | |
ps1-local.com/obfs3ip2.bs64 | |
root-head.com/2708.bs64 | |
root-head.com/25082.bs64 | |
root-head.com/2508.bs64 | |
root-head.com/2408new3.bs64 | |
opensun.monster/25053.bs64 | |
root-head.com/1408new3.bs64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SHA-256: 0a5c087ebc6df5cd251128903ecf1f46e13b020bc9b36d8ba4c097c067fb249d | |
Config: { | |
"uuid": "7b2a34ce27374b1ba3440bd5ef1515d9", | |
"user": "gogotest", | |
"buildid": "1", | |
"C2": "http://79.137.192.4/p2p", | |
"staging_folder": "/tmp/out.zip" | |
} | |
SHA-256: 0c11f43e9c111397fec3524feb17bf146232b11be1b4256f7f2ebf1322f01cb5 | |
Config: { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"v": 4, | |
"se": true, | |
"ad": false, | |
"ex": [ | |
{ | |
"en": "ejbalbakoplchlghecdalmeeeajnimhm", | |
"ez": "MetaMask" | |
}, | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gecko;discord;chromium;download;grabbers;extensions;processGrabber;dll;ebaltvoumamashuazazazaza | |
Firefox | |
%USERPROFILE%/AppData/Roaming/Mozilla/Firefox | |
Waterfox | |
%USERPROFILE%/AppData/Roaming/Waterfox | |
K-Meleon |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Decrypted string at address 0x1000224f2: osascript -e 'display dialog "Required Application Helper. Please enter passphrase for | |
Decrypted string at LEA: ." default answer "" with icon caution buttons {"Continue"} default button "Continue" giving up after 150 with title "Application wants to install helper" with hidden answer' at 0x100022629 | |
Decrypted string at address 0x10002278a: | |
Decrypted string at address 0x100022b9e: pwd | |
Decrypted string at address 0x10002aa3c: Chromium/ | |
Decrypted string at address 0x10002ad8d: Profile | |
Decrypted string at address 0x10002c328: /cookies.sqlite | |
Decrypted string at address 0x10002c5cd: /formhistory.sqlite | |
Decrypted string at address 0x10002c872: /key4.db | |
Decrypted string at address 0x10002cb17: /logins.json |