James_inthe_box

@[email protected]
589 Followers
179 Following
1,052 Posts
#malware
James_inthe_box18h ago
For a good time, just strings that malicious msi you found (https:// oanapolis .com.br/Receipt_9334.msi)..if it's #screenconnect c2 info is at the end...you don't even need to extract or run the thing.
Show threadJames_inthe_box2d ago
@iagox86 @campuscodi They work a treat downloading malware from geofenced hosts though ;)
Show threadJames_inthe_box2d ago
@campuscodi Sadly the VPN bit of firefox requires an email. No reason to keep it on the drive then.
Show threadJames_inthe_box4d ago
@NetscapeNavigator Exactly like all the "AI" companies....build dependency so people feel they can't do their jobs/live without it.
Show threadJames_inthe_boxMar 19

@malware_traffic Confirming #snake keylogger...

Bot telegram token and email exfil host:
8099843793:AAGeYKMLti1IpyT9o6bz7OtgdXF9md25uXA
hosting2\.ro\.hostsailor\.com

Show threadJames_inthe_boxMar 19
@5ecurityChemist Going to take a leap of faith and say you...congrats :)
Show threadJames_inthe_boxMar 19
@netresec That's the expiro at work :) ftp.aventour\.com\.mx is the originlogger exfil.
James_inthe_boxMar 19

First time seeing #expiro drop #originlogger:

https://app.any.run/tasks/3d2d1d8b-b635-40b3-8a45-5edcaf3872b0/

Show threadJames_inthe_boxMar 18
@cR0w @AAKL Maybe we'll be lucky and only see regional outages...
James_inthe_boxMar 18

#datto #rmm at:

https://ssa-sharing\.cloud

https://app.any.run/tasks/dd8cfd7b-63ef-49b3-8fcc-3f8efb1bd51a

Analysis eStatement472047204_pdf.exe (MD5: 01CD1FE8ACC99E7BD2D7D35C5978A577) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.