live casino online

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Este malware no tiene ninguna rutina de propagaci¨®n.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

±õ²Ô²õ³Ù²¹±ô²¹³¦¾±¨®²Ô

Agrega las siguientes exclusiones mutuas para garantizar que solo se ejecuta una de sus copias en todo momento:

• cab0a9b41f6e44c24b9fd412b5e538c0

±Ê°ù´Ç±è²¹²µ²¹³¦¾±¨®²Ô

Este malware no tiene ninguna rutina de propagaci¨®n.

Robo de informaci¨®n

Recopila los siguientes datos:

• Hostname
• Username
• Locale

Otros detalles

Hace lo siguiente:

• It impersonates the logged on user.
• It uses the following URL to use Slack's API for its malicious purposes:
  • https://{BLOCKED}k.com/api/chat.postMessage
  • https://{BLOCKED}k.com/api/chat.update
  • https://{BLOCKED}k.com/api/chat.delete
  • https://{BLOCKED}k.com/api/files.upload?&channels=
  • https://{BLOCKED}k.com/api/conversations.list?exclude_archived=true
  • https://{BLOCKED}k.com/api/conversations.create
  • https://{BLOCKED}k.com/api/conversations.history?limit=200&channel=
• The Slack communication was established through the use of this hardcoded authentication token:
  • {BLOCKED}26427959425-5707141283990-5726497507873-511646c6920d425fc62e147145bc56db ¡ú Inacessible; token revoked
• It checks for the presence of the following files in order to proceed with its intended routine:
  • list.txt ¡ú encrypted payload
  • output.txt ¡ú encrypted payload
• It retrieves its encrypted component to communicate with Slack workspace using the following URL:
  • https://{BLOCKED}l.xlog.app/Hello-Web3
  • https://{BLOCKED}ell.io/notes/58434-2