« previous next »
Pages: [1]   Go Down

Author Topic: Detection 57 minutes ago, does avast already flag it?  (Read 1815 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Detection 57 minutes ago, does avast already flag it?
« on: March 29, 2020, 05:47:42 PM »
L.S.

Re: https://www.virustotal.com/gui/url/a6ea8168b0998bef30d53c86023aac714b2c46620abe6e2ff83b6a8de4af3c0f/detection
See: https://urlhaus.abuse.ch/url/331650/  reported 2020-03-29 14:28:20 UTC
IP related detections: https://www.virustotal.com/gui/ip-address/5.153.234.10/relations
See the many vulnerbilities to be abused by such abusers: https://www.shodan.io/host/5.153.234.10
See raw data: https://www.shodan.io/host/5.153.234.10/raw
Excessive server info proliferation -> Apache HTTP Server 2.4.6
Vulns: https://www.cvedetails.com/vulnerability-list.php?vendor_id=45&product_id=66&version_id=161846&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=26&sha=770a28834439512b97262b3361b3882f2023d514

Minecraft gamers in Sweden, not always a secure place to be and a place to perform abuse from by others (malcreants).

Stay safe and healthy both online as well as offline,  ;)

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37526
  • Not a avast user
Re: Detection 57 minutes ago, does avast already flag it?
« Reply #1 on: March 29, 2020, 05:54:24 PM »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Detection 57 minutes ago, does avast already flag it?
« Reply #2 on: March 29, 2020, 10:31:26 PM »
So we have detection as ELF:Scanner-BE [Trj] and we are being protected.
This is a typical malware that targets the core system of Windows in order to complete its tasks. ELF:Agent-BR [Trj] was made to execute a series of commands once it gets inside the system. It will gather data like system settings, Windows version, network configuration, and so on. Collected data will be sent to remote attacker for analysis.

Payload
In order to run itself on Windows start-up, ELF:Agent-BR [Trj] will make a copy of itself under system files. Then, registry entry is created to call the file on each Windows boot-up. Apart from that, this malware will also drop non-malicious files on various folders of the compromised PC.

ELF:Agent-BR [Trj] occasionally connects to a remote host to execute tasks like the following:

Notify attacker on the new infection
Sends gathered data from the infected computer
Download and execute additional files including an updated version of the trojan
Accept command from a remote attacker/  Do not use any risk tools against such threats.

polonus
« Last Edit: March 30, 2020, 02:24:44 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »