Dear blog readers,
In this analysis I’ll take a look at a recently seized malware crypting as a service domain and will offer additional insights into how the service works.
From the press release:
"AegisTools.pw is a platform known in the underground economy since 2020 that primarily provided counter antivirus and crypting services - two important pillars within cybercrime-as-a-service from a phenomenological perspective model. It made it possible to disguise malware so that it could not be detected by common antivirus programs. “Aegis Tools.pw” also offered tests to check the effectiveness of the encryption directly on the platform. Furthermore, software was offered for the unauthorized acquisition of user password access data. “AegisTools.pw” itself, on the other hand, did not require any classic registration from its users and could be used almost anonymously. The police evaluations indicate that the platform has been used by over 1,000 users worldwide for their cybercriminal activities in the past. All services could be paid for with cryptocurrencies."
Related URLs and known responding IPs:
hxxp://aegistools[.]pw
188[.]114[.]96[.]14
188[.]114[.]97[.]9
188[.]114[.]97[.]3
18[.]66[.]122[.]31
188[.]114[.]97[.]11
Sample MD5s known to have phoned back to the service:
2988d6cadc497893955ea80fd825978c0cda7ed5cd39e7f8fdf70e3ddbfd1b97
6492ebf2b7aa38fa836ef525515c3eea43c7a90bbc0626607b0b3f5139e977a6
67114ed2eb89c89b3abb07f4379d1482fa7ee165c6d11491dff383ae292c9b50
7a4cc644bdace1909c649a42dbaee5b68ae3fa9e242a5e741924b14f1ee85083
9c3abe3349c450ed1943d28c3b1abc398ae2be5ebe21762c9e44eccca8d26793
b49bec25e7ee0e9de2004eeaef7ae1a4e509e0efa4a3618e009687c5322570d0
cbaf7335eb0b5937ebd23495faf37e406f98a8e4d8436db2d0746a8a44df0274
da6704d4e134d4e7acccfb86fa9c9bdf2310db0666105faae7307e53f0a18d16
e82bc0f09530aacef6f1d4a8e5d627b4df8b9af7ed0d8d744038a5816db0e9c8
eb62d844f531911c4b87d6313336ee9a8e92c4548b17d4b5a6e74a9ffdb58b30
1e6ef1b35a4632284f631f214960be2bf0cda25c16c6c13ace6f8ed399cef3f0
2988d6cadc497893955ea80fd825978c0cda7ed5cd39e7f8fdf70e3ddbfd1b97
3d901e7da0cfbdfd64100a06abdae284eb8555bf979ecc69b6fc08a8068dec9f
91d475bd61c48d46d66b094a17968639a9cb81038fccc0e6523e81ec7d524890
a3d3138b1f826bb54b6c96e2f02a3f975f1d8d4a204f24df8da5077f6843e4e8
46e89ca6d9e04c39c9a32b4cbae5e6a1355eadccb6c643c4aebbe0ebf4f21bbe
0e5912fc9be4333ed10288eeb95862886e47cf2a7a7a82ab7ceb03a0d7ec182f
8f75a63194c7bab36616ed2e072213d72621ba6df9cfdebd929b5f47e2f6acd3
30993b4ddecde947b1720620e950c30b00d3badde656b8206cf64ef697b4b50a
b285b159a313f10304ebed8cde6ac2f2c887165726ea144536b5503432148764
27b87aee748aad93a92df284eaf573c3e777db21dc523150ac6883c9140ab2d8
eb62d844f531911c4b87d6313336ee9a8e92c4548b17d4b5a6e74a9ffdb58b30
cbaf7335eb0b5937ebd23495faf37e406f98a8e4d8436db2d0746a8a44df0274
e82bc0f09530aacef6f1d4a8e5d627b4df8b9af7ed0d8d744038a5816db0e9c8
No comments:
Post a Comment