James_inthe_box

@[email protected]
589 Followers
179 Following
1,052 Posts
#malware
James_inthe_box9h ago
For a good time, just strings that malicious msi you found (https:// oanapolis .com.br/Receipt_9334.msi)..if it's #screenconnect c2 info is at the end...you don't even need to extract or run the thing.
James_inthe_boxMar 19

First time seeing #expiro drop #originlogger:

https://app.any.run/tasks/3d2d1d8b-b635-40b3-8a45-5edcaf3872b0/

James_inthe_boxMar 18

#datto #rmm at:

https://ssa-sharing\.cloud

https://app.any.run/tasks/dd8cfd7b-63ef-49b3-8fcc-3f8efb1bd51a

Analysis eStatement472047204_pdf.exe (MD5: 01CD1FE8ACC99E7BD2D7D35C5978A577) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxMar 12

A new one on me... #sentinel #stealer

https://app.any.run/tasks/0dba490a-730a-4969-9abe-388ce720fd19

James_inthe_boxMar 2

A csv formatted list of #malspam campaigns that crossed my path in February to include subjects, #malware type, hashes, c2's, and email exfil addresses:

https://gist.github.com/silence-is-best/49cbc51145478ed68d06e02e14ddc135

#retrohunt

Show threadJames_inthe_boxMar 2
c2: funsunmexicobizz.top
James_inthe_boxMar 2

Malicious #simplehelp #rmm #opendir at:

https://katz.adv\.br/dhl/

James_inthe_boxFeb 24

#reverseloader #xworm #opendir at:

http://158.94.211\.63/dealer/

James_inthe_boxFeb 20

An #unknown #beacon

https://app.any.run/tasks/546b2e84-c7da-4375-a8fd-8479079ed051

James_inthe_boxFeb 17

An extremely interesting #clickfix that drops #chromeelevator

https://app.any.run/tasks/b69f163b-c135-4127-985b-7927e9a274ee