NYX PROXY SCRAPER + CHECKER

[newbe2022]

Download Link :

NYX PROXY SCRAPER + CHECKER

Download Here VirusTotal Password Unzip is 1

tinyurl.com

VirusTotal:

VirusTotal

VirusTotal

www.virustotal.com

Password Unzip is 1

 

[Malthael]

@Amunet

REAL VT: https://www.virustotal.com/gui/file/16224dd2daaf127cb21e06906ef0b9da78f197573e475c8195879ed4121a4716

---

ExecutionTA0002​

Windows Management InstrumentationT1047 Queries process information (via WMI, Win32_Process)

PowerShellT1059.001 Suspicious powershell command line found

Native APIT1106 .NET source code references suspicious native API functions

Shared ModulesT1129 The process attempted to dynamically load a malicious function The process tried to load dynamically one or more functions.

PersistenceTA0003​

Registry Run Keys / Startup FolderT1547.001 Creates multiple autostart registry keys Creates an autostart registry key

DLL Side-LoadingT1574.002 Tries to load missing DLLs

Privilege EscalationTA0004​

Process InjectionT1055 System process connects to network (likely due to code injection) Injects a PE file into a foreign processes Writes to foreign memory regions

Registry Run Keys / Startup FolderT1547.001 Creates multiple autostart registry keys Creates an autostart registry key

DLL Side-LoadingT1574.002 Tries to load missing DLLs

Defense EvasionTA0005​

Obfuscated Files or InformationT1027 Binary may include packed or crypted data

Software PackingT1027.002 Binary may include packed or crypted data PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)

MasqueradingT1036 Drops PE files with benign system names Creates files inside the user directory

Process InjectionT1055 System process connects to network (likely due to code injection) Injects a PE file into a foreign processes Writes to foreign memory regions

TimestompT1070.006 Binary contains a suspicious time stamp

Deobfuscate/Decode Files or InformationT1140 .NET source code contains calls to encryption/decryption functions Detected an attempt to pull out some data from the binary image

File and Directory Permissions ModificationT1222 Set file attributes

Virtualization/Sandbox EvasionT1497 Contains medium sleeps (>= 30s) Contains long sleeps (>= 3 min) May sleep (evasive loops) to hinder dynamic analysis

Disable or Modify ToolsT1562.001 Adds a directory exclusion to Windows Defender Modifies the windows firewall Uses netsh to modify the Windows network and firewall settings Creates guard pages, often used to prevent reverse engineering and debugging

DLL Side-LoadingT1574.002 Tries to load missing DLLs

DiscoveryTA0007​

Application Window DiscoveryT1010 Sample monitors Window changes (e.g. starting applications), analyze the sample with the simulation cookbook

Remote System DiscoveryT1018 Reads the hosts file

Process DiscoveryT1057 Queries a list of all running processes The process has tried to detect the debugger probing the use of page guards. The process attempted to detect a running debugger using common APIs

System Information DiscoveryT1082 Queries the cryptographic machine GUID Reads software policies Queries process information (via WMI, Win32_Process) Queries the volume information (name, serial number etc) of a device

File and Directory DiscoveryT1083 Get common file path Check if file exists Enumerates the file system Reads ini files

Virtualization/Sandbox EvasionT1497 Contains medium sleeps (>= 30s) Contains long sleeps (>= 3 min) May sleep (evasive loops) to hinder dynamic analysis

Security Software DiscoveryT1518.001 May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

CollectionTA0009​

Archive Collected DataT1560 .NET source code contains calls to encryption/decryption functions

Command and ControlTA0011​

Application Layer ProtocolT1071 Performs DNS lookups Uses HTTPS

Non-Application Layer ProtocolT1095 Performs DNS lookups

Encrypted ChannelT1573 Uses HTTPS for network communication, use the SSL MITM Proxy cookbook for further analysis Uses HTTPS