Comments

Fake order delivering AveMaria stealer with difficult office doc. — 3 Comments

  1. can this possibly be related to Infostealer VIDAR. I have previously seen all these dll’s with vidar as well.

    url hxxp://5.206.225.104/dll/softokn3.dll
    url hxxp://5.206.225.104/dll/upnp.exe
    url hxxp://5.206.225.104/dll/msvcp140.dll
    url hxxp://5.206.225.104/dll/vcruntime140.dll
    url hxxp://5.206.225.104/dll/mozglue.dll
    url hxxp://5.206.225.104/dll/freebl3.dll
    url hxxp://5.206.225.104/dll/nss3.dll

    Previous reference: https://www.malware-traffic-analysis.net/2019/01/10/index2.html

    • As far as I am aware the only actual malicious file in that list is upnp.exe. All the others are legitimate files from either Microsoft or Mozilla that are somehow used & abused by various different malware versions

Leave a Reply

Your email address will not be published. Required fields are marked *