Behind the Scenes: Unveiling the Hidden Workings of Earth Preta

Backdoor.Win32.MIROGO
SHA-256										File Name
5e3d5a3ef4d29acff5508ba2e411b9ea4e1278fcb597801e7a93156abda52ac9		N/A
ea541b92156d65a629cf0499063a8fab57af7fa45acc1d6239b21c26d174a1c2		PDF_ Contacts List Of Invitated Deplomatic Members.exe_

Malicious Archives
SHA-256										Detection Name					File Name
1305fda6be99ec42128c53b8b99534ee1e7bf485895fcdd11165e6d7a5ecb32a								Unknown_filename_RAR
ae134a7687a191274ae00a44fcea24ccadc1612a336ca867ae6a033870c6a7c3		Trojan.Win32.TONEDROP				20230305_Draft_PSC_planning_MARCH_quarterly_planning.exe
4761183bc8bff993a5551916eda73c84bb8f9eadd24c4c19587045bb91609a83								adobe_wf.exe
e4981f406bf4a0a3f94b3cfb92b52c1dd5828767e36f531680128b458d5263f9		Trojan.Win32.TONEINS				libcef.dll
78c69914723c4bf083ab9d9a24e648e6e82865ed2a545db9d9c6573a34bf7e82		Backdoor.Win32.TONESHELL			IntelCPHS.docx
88b895af07bce5e6ce8876c2651dba4864b6d7eae78b7938c951cc52fb98e745								IntelGFXCoin.docx
2682888c53284609770b8bf76ee6b3ed5497d5686d36ca6469152b6fb329defb								Document.rar
992e419f861624b1bc813f317521e688b4f61f38f8c2a10a52c7d4af2b935d0d		Trojan.Win32.TONEDROP				N/A
24be7331f4496d0ee8e62a1d9b2cc0fb5a675b3e3cedbf2160f7c49847545c54								WaveeditNero.exe
a4db43ee85cc5615e0de3a0142ef33e024688e91381d701889ebb4d7589a65a9		Trojan.Win32.TONEINS				waveedit.dll
2ec26536f6ced38a2ac18fc6d9ae72b06d7cf39053708e3b0b5a0d27126845a8								last.pdf
25d6404b35af07ac4e604b38eb932233a00c294f51a3d4aae121fa8bdb95bb5c		Backdoor.Win32.TONESHELL			update.pdf
0c7be957c06b03a200514bf6a814877d9b30f5d27698358319408283a5d9d69b								Note-1.rar
4761183bc8bff993a5551916eda73c84bb8f9eadd24c4c19587045bb91609a83								SAC Meeting Minutes 2.exe
a1a3ccb050c1929c58967ad1fa43e0cb2f9428610caba22fcc1f833ff237b491		Trojan.Win32.TONEINS				libcef.dll
de74046d766c9201de8a39102b5d980e5eaa5d77726f6ed34cd8fe6585680219								~$May(last).docx
f56fc42afe52cea2ba01717d3b699b57985c5f1d6dd2913c16cac3e88a87f264		Trojan.Win32.TONEINS				~$May.docx

C&C servers
212[.]114[.]52[.]210
5[.]188[.]33[.]190
103[.]169[.]90[.]132
103[.]159[.]132[.]91

Download sites
http://103.159.132[.]91/file/tr
http://103.159.132[.]91/file/lv
http://103.159.132[.]91/fav/trHatip
http://103.159.132[.]91/f/alise_BAR
http://103.159.132[.]91/fav/trA
http://103.159.132[.]91/fav/trteamC
http://80.85.156[.]151/fav/gojpAll
http://80.85.156[.]151/fav/eeAll
http://80.85.156[.]232/fav/maSjp
http://80.85.156[.]232/fav/keIjp
http://80.85.156[.]232/fav/koIjp
http://80.85.156[.]232/fav/miTjp
http://80.85.156[.]240/fav/128tr
http://80.85.156[.]240/fav/gTjp
http://80.85.156[.]240/fav/sNjp
http://80.85.156[.]240/fav/sWjp
http://80.85.156[.]240/fav/hKjp
http://80.85.156[.]240/fav/aMjp
http://80.85.156[.]240/fav/128tw
https://iot.johnsimde[.]xyz/f/TR
https://sa2il.johnsimde[.]xyz/f/LV
https://em2in.johnsimde[.]xyz/f/LV
https://rewards.roshan[.]af/aspnet_client/View.htm
https://rewards.roshan[.]af/aspnet_client/gdrive.htm
https://rewards.roshan[.]af/aspnet_client/view.htm
https://rewards.roshan[.]af/aspnet_client/acv.htm