← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
a bunch of malicious car /management apps - www.vxdiag.net/managecenter/apps/ford/install.exe
WHITE dorkingbeauty1 2022-08-09 Modified: 2022-09-08
239
IOCs
HIGH VOLUME
Fingerprint Queries kernel debugger information Reads the cryptographic machine GUID Evasive Marks file for deletion Possibly tries to evade analysis by sleeping many times
dropped filecomparam eiddefaultvaluecomparam idreferrorcode idrefidrefshortnameclasssuspiciousentropypathdelphimaliciousauguststubstringsapi keywww.vxdiag.net/managecenter/apps/ford/install.exe
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (67 / 239 total)
All URL hostname FileHash-SHA256 domain CVE FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
URL https://www.yunzhongzhuan.com/downloads/index.html 2022-08-09
URL http://jiexi.bakuaiwu.com 2022-08-09
URL http://www.www.bakuaiwu.com/ 2022-08-09
URL https://jiexi.bakuaiwu.com 2022-08-09
URL https://www.bakuaiwu.com/vodhtml/21874.html 2022-08-09
URL http://www.w3.org/2001/XMLSchema-instance 2022-08-09
URL http://1.0.0.0 2022-08-09
URL http://www.vxdiag.net/?lang=en 2022-08-09
URL http://www.vxdiag.net/managecenter/apps.xml 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/PT3G/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/PT3G/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/VW/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/VW/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/ford/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/hino/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/hino/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/honda/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/honda/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/jlr/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/jlr/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/vw/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/vw/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/vw6154/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/vw6154/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/fws/ 2022-08-09
URL http://www.vxdiag.net/managecenter/fws/update.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/ford/install.exe 2022-08-09
URL https://www.vxdiag.net/managecenter/apps/ford/install.exe 2022-08-09
URL http://6.0.0.0 2022-08-09
URL https://hybrid-analysis.com/search?query=context:04fe18eaf826525821e72f6a69f0a4eff729f4a676d8159e54964f7df7c8395d&block_redirect=1 2022-08-09
URL https://twitter.com/HybridAnalysis 2022-08-09
URL http://www.w3.org/2001/XMLSchema-instance 2022-08-09
URL https://www.vxdiag.net/managecenter/apps/ford/install.exe 2022-08-09
URL https://www.vxdiag.net/managecenter/apps/ford/ 2022-08-09
URL http://www.vxdiag.net/managecenter/fws/update.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/fws/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/vw6154/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/vw6154/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/vw/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/vw/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/jlr/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/jlr/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/honda/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/honda/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/hino/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/hino/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/ford/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/VW/install.exe 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/VW/ 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/PT3G/ 2022-08-09
URL https://www.metadefender.com/vulnerabilities 2022-08-09
URL https://www.metadefender.com/slbWwXLLvt.exe/Overview 2022-08-09
URL https://www.metadefender.com/reports/statistics 2022-08-09
URL https://www.metadefender.com/en/scanresult/file/ 2022-08-09
URL https://www.metadefender.com/en/public 2022-08-09
URL https://www.metadefender.com/en/ipscan/ 2022-08-09
URL https://www.metadefender.com/contact-us,Pattern 2022-08-09
URL https://www.metadefender.com/Plasma%20RAT.exe/Overview 2022-08-09
URL https://www.metadefender.com/CHANGELOG.tx 2022-08-09
URL https://www.metadefender.com/?utm_source=metadefenderclient&utm_medium=app&utm_campaign=MDClient_4_0_5 2022-08-09
URL https://www.falcon-sandbox.com/sample/8ff79e8070b432354bad483ea5fcf95317e234053816f88b03b5d863be775e13?environmentId=100&lang=de 2022-08-09
URL https://www.virustotal.com/#/file/83a3bd71238363d919ab89e6b038b499a7429d24ff2ea2eadb12b9752c6370ce/detection 2022-08-09
URL https://www.virustotal.com/#/file/f194fadb068ac3215258a3c4aabecb60283bd1b6d0bc5f86eb66fc49f870b783/detection 2022-08-09
URL http://www.vxdiag.net/managecenter/apps/ford/install.exe 2022-08-09
URL https://www.falcon-sandbox.com/ 2022-08-09
URL https://www.metadefender.com/#!/results/file/bzIxMDUyMUJEZ1JtUTR0TmRfWUdiZ2hqRC0/regular 2022-08-09
URL https://www.metadefender.com/#!/results/file/bzIxMDUyMXhxRmRzcUhvekk4UThUSXBrWXZs/regular 2022-08-09
References (3)
↗ CVE-2021-22941 ↗ https://hybrid-analysis.com/sample/b6ac1bdb4a31787d8e6fa5aa8cbf2ce2538c0f63313fe4e57fdbe3ec2c869ddf ↗ https://hybrid-analysis.com/sample/b6ac1bdb4a31787d8e6fa5aa8cbf2ce2538c0f63313fe4e57fdbe3ec2c869ddf/62f124a02adc8f11be57bbe4