@NeeP#164573 I’m stupid because I’m trying to do a million things at home at once and I should have marked the trojans clearly, but there were TROJANS, not PUPs. I was already aware that we were looking for something super malicious. Let me do more recon and send you an updated graph with the call backs to the more malicious files it downloads in the background. I’m so ADHD that I do most things in a multitask manner and then everything gets half assed done.
Bear with me and my crazy brain lol
@NeeP#164513 ok here’s a youtube video of the stuff I found on just a quick cursory check. I show the trojans. I’m going to go now and find the exact paths and send that over but that will take more time. At least this will show how you are downloading malware…most seems to be for androids…trojans are all android os.
https://youtu.be/5901Yn1cNSA
Ok this is the website that they connect to that then downloads trojans
https://techloris.com/lp/go/asr
If you look at the graph you can see it. The problem is, I think the site is connecting to another site called Advance System Repair Pro. Not sure if they are related...but because they link to that site, that site then downloads the trojans. I couldn’t find anything specifically malicious on their site, only on the sites they download file from.
>
@Hax0rgurl#164613 Ok this is the website that they connect to that then downloads trojans
https://techloris.com/lp/go/asr
This is not a trojan. VirusTotal results below. Advanced System Repair Pro is a PUP.
[IMG]https://i.imgur.com/2vXAoWk.png[/IMG]
>
@Hax0rgurl#164601 I show the trojans. At least this will show how you are downloading malware…most seems to be for androids…trojans are all android os.
> https://youtu.be/5901Yn1cNSA
in that video as far as I can tell you show the same PUPs, both ask `.apk` for Android and as `.exe` for Windows. The website lets you download Restoro and ReImage and it seems their mobile versions as well. If you check the individual virustotal results for each file you can see they're all classified as PUP.Optional or PUP.Restoro for example. This doesn't mean it's a virus or real malware. Furthermore the detection results are very low always. Maximum I could find was 5 detections out of 80 AVs.
If you find a virus, let me know the exact file and why exactly you think it's a virus, like which behavior it has etc.
@NeeP#164638 what do you mean? Some of them said Trojans not PUP? I show a couple of PUP but there were some in the video that were Trojans. Did you look until the end? Or just look at the end?
@Hax0rgurl#164708 which files exactly? and do they get recognized as trojan by all the AVs? Some AVs don’t have a PUP category so they’ll put it as trojan or they are false positives. And then you need to link them to techloris again. Like explain the steps that you’d need to take to get to the trojan, also to rule out any wrong website linking. Sometimes multiple websites are on one IP. In your graph there are many unrelated websites as well
If you do a VirusTotal graph on my website neep.ml, you’ll see a “virus” which isn’t even hosted by me and idk what that file even is:
@NeeP#164638 oh okay, I’m learning. I’ve been doing the malware hunting for a bit and never professionally so this is good advice on exactly how to create a professional report. I shall take your advice and try to do this. I’ll be back. But as I stated the trojans are not on their specific site. It’s a site that they link to. I will find that address. Do you do threat hunting professionally? If you do is there a channel on YouTube you would recommend on writing these kinds of reports and going through the process? This file is just one of many things I am looking into. my computer has a nasty malware I cannot get rid of. I show the things it does in a separate video on my channel. It takes away admin rights and replaces my windows security or at least disables it. I’m trying to gather evidence to make a report for microsoft but I haven’t been able to find the dropper. I’ve reformatted a million times and still infected. I need to figure out how it gains this level of persistence. And show proof. But it’s a daunting task. So any resources would be helpful. A lot of YouTube vids show the malware but not how to write these reports and what I need to show.
