9618
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
scrcpy requires device to connected via usb or via tcp/ip provided that both devices are present in the website.
If it didn't required the devices be connected to usb or be present in same network then there is a good chance that information between the devices were relayed through cloud.
If you access the website v.netsite.cc , it shows login/register page for cloud authentication / minimal card verification. I am not sure what this actually does.
If i have to make a guess then maybe this page is used to login into the cloud
I also don't know many things, we all start somewhere, good luck!
Читать полностью…
What I mean is fine is not knowing what a TLD is. I mean this from the perspective that he seems to be ashamed of not knowing everything, which I think is a bad attitude to have. Never be ashamed or afraid of not knowing everything, and always keep an open mind.
Читать полностью…
https://en.wikipedia.org/wiki/.cc This is what the indication means, something tried to resolve a .cc domain
Читать полностью…
Sorry, I didn't know.
Just googled it. It stands for Top Level Domain.
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Dandin Nono
User ID: 1028968560
Reason: no warez
The internet has a lot of free software downloads. I'm sure someone on there could help you.
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Gloria González
User ID: 7694614081
Reason: scam
New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: percocets
User ID: 1045368389
Reason: None given.
Hello, does anyone have a link to the crack version of cobalt strikee?
Читать полностью…
thanks, apparently the reason was limited nsis support in lite version :/
Читать полностью…
Hello @iamavu, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Thank you, everyone. It feels like a community of truly wonderful and decent people. I wasn't embarrassed or anything; I just didn't want to trouble anyone here with my very basic questions. However, I appreciate your guidance, and I will look into the two links shared above as I continue to learn. Your kind gesture means a lot to me 🙏
Читать полностью…
Domain name is from China.
And here are the scan results from these two websites.
https://mobsf.live/static_analyzer/23b0c4d25dc884213a5f527765d2515c/#providers
https://www.virustotal.com/gui/file/738f7ea63e83fd7b32be42f5b2397490b7bf7c25aaf5e47306bb56b0d6830e50/relations
I wouldn't say that it's fine. Depends on what domain name it is
Читать полностью…
I'm asking because I think you don't understand what a .cc TLD indication means (and that's perfectly fine btw)
Читать полностью…
https://github.com/MobSF/Mobile-Security-Framework-MobSF
Читать полностью…
So, I downloaded an APK from GitHub. It aims to copy the functionality of scrcpy for mirroring one Android screen to another Android. I used the file before checking it on VirusTotal. Although everything seems okay at first glance, the 'Behavior' tab on the website gives me these warnings:
Matches rule INDICATOR-COMPROMISE: Suspicious .cc DNS query
Matches rule ET DNS Query for .cc TLD
Now, I am afraid that whatever I mirrored while using that application may have been sent to some cloud server. I don't really know. Please don't mind me if this is not the right place for asking such questions.
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: гаопе
User ID: 1331514755
Reason: no warez
User Gloria is already banned in Libra's Empire, with reason:scam.
Hello @hMESrh, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
not enough info to work on (given its age), but you can make a good guess by looking at the Technical Info section
probably a dropper, backdoor, info stealer. Google searches for the dropped files also point to similar info, but whether they are the same as DrWeb writeup is another problem as there's no hash to tally against, just similar behaviour/files dropped
not sure if NSIS installer plays a part there...
Читать полностью…