136 |
2023-02-21 13:55
|
aaaaa.exe 6696d584aa20684b71b5511b632ae1df Loki UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself installed browsers check Browser Email ComputerName DNS Software |
1
http://185.246.220.85/davidhill/five/fre.php - rule_id: 26603
|
1
185.246.220.85 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://185.246.220.85/davidhill/five/fre.php
|
9.0 |
M |
41 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
137 |
2023-02-21 10:48
|
vbc.exe 894ebe041d7580e494ed9c158ab59e47 Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself installed browsers check Browser Email ComputerName DNS Software |
1
http://208.67.105.148/sung/five/fre.php
|
1
208.67.105.148 - mailcious
|
|
|
8.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
138 |
2023-02-21 07:59
|
aloe.exe 4813bbedfb4ac4c6b9819c3e0b09ae4c PWS[m] Downloader Malicious Library UPX Malicious Packer Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PE32 PE File OS Pr VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS |
|
1
|
|
|
10.8 |
M |
52 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
139 |
2023-02-20 18:33
|
Swift.exe 41cc45fca60b81676b388acf1774f9ea Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself suspicious TLD |
15
http://www.nnhuigou.com/erh1/ http://www.chiyiqian.net/erh1/?em=8yvHrbMZKMPX4G7f9erTK5Qf9jc5QJU63StCeoHWCyVfdjdYM9jxH3fQGE5Iu7GP0O1mEzOAIrrJFf6p4gJURBs6dEGFAV/evzhFOwU=&vxk=R4T_9gGjkVANzOLb http://www.kioro.net/erh1/ http://www.bleclear.xyz/erh1/?em=Z0WuN7dkRWVSR17LZJVNMUwcuzExK0sMDp8JW5x4tCvk4vgayadIan3yifpjez9lQ/1VNOuDl27ov1rCEZ0+qWmIWB6a3zv1qxdGx5k=&vxk=R4T_9gGjkVANzOLb http://www.ectdamageoutlaytospe.xyz/erh1/?em=AHcw5OXb/Gm0OTCfDKZ3JK2DxYhw9RKBtUxAFBdta5MKTtGQWXSj63XVCvwVGfb92Yl3Ufjg0V67zzvooSJHcwgpn+BJcL90O6dhoL8=&vxk=R4T_9gGjkVANzOLb http://www.chiyiqian.net/erh1/ http://www.iidethakur.xyz/erh1/?em=RTH9mQA/n/TNXPfYm1IQ7kHa2Q5nsTC6kRfi+yFPN0Z6FU6dgArPOJWDHQBf5RE1GBDoONRo0qQWV1gcrPNWuxRml6P17NRo//cHjbw=&vxk=R4T_9gGjkVANzOLb http://www.fieldzerohealth.com/erh1/?em=2fftqGAYz6+U6LebbRvkYVCnpFDwwjkXc5V+lmDsVDhPAKcfcJvMu1TqUMUx5Sl5ugQ4b/H1oW7OweiN6k/YFLbPvlSp+kJlDYXlmiM=&vxk=R4T_9gGjkVANzOLb http://www.ectdamageoutlaytospe.xyz/erh1/ http://www.nnhuigou.com/erh1/?em=zgUlILOmccKllncYZi7rpx3Dy3rd1czJYU7gexZDdnilDjeuG+4Wva/CQyP1Xrup3QMjHCP+/VcwhY9vPmUWjWt3CJ1rvTCIIXYKhA4=&vxk=R4T_9gGjkVANzOLb http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip http://www.fieldzerohealth.com/erh1/ http://www.botanica-online.ru/erh1/?em=do8xsgN913Pnny2aQ+UK0nDZkGlYRkt5zPJAoWdaBDk5pObX0g+xLOXXB+ddgWePhlrLLqA2L4+lJsdSAyHVXgmknCRuXBaZ2Yv2Mew=&vxk=R4T_9gGjkVANzOLb http://www.botanica-online.ru/erh1/ http://www.bleclear.xyz/erh1/
|
20
www.bleclear.xyz(192.64.116.162) www.botanica-online.ru(5.101.152.161) www.najdlegend1.com() www.nnhuigou.com(154.37.38.226) www.chiyiqian.net(154.36.192.148) www.iidethakur.xyz(95.216.161.178) www.kioro.net(204.93.169.182) www.fieldzerohealth.com(199.15.163.138) www.sqlite.org(45.33.6.223) www.insightcherry.online() www.ectdamageoutlaytospe.xyz(198.54.117.242) 45.33.6.223 5.101.152.161 - mailcious 154.36.192.148 95.216.161.178 199.15.163.128 - mailcious 154.37.38.226 204.93.169.182 198.54.117.242 - mailcious 192.64.116.162
|
3
ET MALWARE FormBook CnC Checkin (POST) M2 ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
4.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
140 |
2023-02-20 18:31
|
aaaaa.exe 6696d584aa20684b71b5511b632ae1df Loki Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://185.246.220.85/davidhill/five/fre.php - rule_id: 26603
|
1
185.246.220.85 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://185.246.220.85/davidhill/five/fre.php
|
7.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
141 |
2023-02-20 18:15
|
hill.exe bebfe80156455464fd3d296dae2e55b7 Loki Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://185.246.220.85/davidhill/five/fre.php - rule_id: 26603
|
1
185.246.220.85 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://185.246.220.85/davidhill/five/fre.php
|
8.8 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
142 |
2023-02-17 16:43
|
vbc.exe 865004f0278a4301cd6919a58e09c9b2 Malicious Library UPX Anti_VM PE32 PE File OS Processor Check VirusTotal Malware Check memory Creates executable files AppData folder |
|
|
|
|
2.2 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
143 |
2023-02-17 09:31
|
vbc.exe 26c1c8bc65bc1734c6fbb5c70c6711e5 Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
1
http://checkip.dyndns.org/
|
3
checkip.dyndns.org(158.101.44.242) 132.226.8.169 149.154.167.220
|
5
ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check ET POLICY External IP Lookup - checkip.dyndns.org ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .org Domain ET INFO DYNAMIC_DNS Query to a *.dyndns .org Domain ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
|
|
10.0 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
144 |
2023-02-16 10:26
|
.svchost.exe 9b10df43f4414dc346dbceb162e6751b Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
|
|
|
8.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
145 |
2023-02-16 09:47
|
vooi.exe 29fb7632d7e495f0f9f23524d130fd81 Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself suspicious TLD |
21
http://www.gargaloid.ru/g8zi/?JEaL=DkLLWxis2E1HUQHLgvf0rwReE860J9T9JCUYJKAUGGGLEJ+tSm+r/8GD6x7i7OBqP6FTrmIabcF+CcJqeR0FKekLXyINHVeG/YqS6OE=&4PPPYg=wkg1XDgwksv http://www.roofing-services-jp.click/g8zi/?JEaL=gTlFRVzTQHY+4EgrNO5awQa8RWZgVCjJOwNNvloWYAeZ2YNPVdJ0JDTSYybnPjzpnRJAw1yAloqncvuNrvOysTzLgSLmOoxM4SS5trI=&4PPPYg=wkg1XDgwksv http://www.adasoft.info/g8zi/?JEaL=AjThibsiKHEzMap5+Vb1YatjExSsvvxZcrBupw4ZBG4WRQVp136auGb9quzXsBzaGyepbYm2IRG+aRDhPY6xv0UHc7irYlLkFg/xdwc=&4PPPYg=wkg1XDgwksv http://www.kitmake.site/g8zi/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3150000.zip http://www.glenwoodstudiocrafts.com/g8zi/ http://www.kitmake.site/g8zi/?JEaL=xsrS/voV1B9CoCwWjknnidlVFWFjHTCHzTQPpqEBQEqvnN6OKGA2mnHVlaVl91DOqShwtJOPyPE8TrZpP8AQoalCMd0Ga+zcmwYW8Yo=&4PPPYg=wkg1XDgwksv http://www.jvrsoft.online/g8zi/ http://www.888h8.club/g8zi/ http://www.gargaloid.ru/g8zi/ http://www.gulyapipimapen.com/g8zi/?JEaL=VuLYQfvlBUqfT2McKuawAjaDBjX0t9mr1J6uyY3ZF4LXs8N5wdxwFreC8pgW3C9k+M7S0vPJnt4Nr2VoSdFZmL0o42Ux3LoeA6EoHiQ=&4PPPYg=wkg1XDgwksv http://www.glenwoodstudiocrafts.com/g8zi/?JEaL=gbuUsdMFgAKo+NdGlyvkSKYNRqirfVQ89Bp33XaDA2X8lfWerQUcV5LlbkaQmw5VxTa6UNcaUaTY77vs7V20eR3+7cVD7zKEEkhMbDQ=&4PPPYg=wkg1XDgwksv http://www.toporsche.online/g8zi/ http://www.suachuadienlanh247.com/g8zi/ http://www.888h8.club/g8zi/?JEaL=Ks12YypKabo5FdLXnvxM/Qpm/Gn9v2zY1zgFJmYNxzzlsbG0b/LOSxPj/TZ+035nj0ULeNoalWyc8wPdZlbp7l9sjPbRLD9hV7Rdk3c=&4PPPYg=wkg1XDgwksv http://www.duloxetine.best/g8zi/?JEaL=rHOc5/Qta46Ekd5uFeqEdtxA4UdExyq8BvUDkLx0j/YVdOkc4qLNTxLHCgQnAeZZAyqTB51wb5QplN8VpPuQtjYwQCy3R2e8IKIo0q8=&4PPPYg=wkg1XDgwksv http://www.roofing-services-jp.click/g8zi/ http://www.toporsche.online/g8zi/?JEaL=Bw9a0uuo3rzhwumdM7nrjI14X+BCr6LihBT+/rKJp3efzvxic1aH+RBRhAXvIyjDStl1Up5h0HNoWXDtP9lq1bQZPtqPn36pZK/YgBg=&4PPPYg=wkg1XDgwksv http://www.suachuadienlanh247.com/g8zi/?JEaL=1kj8Fq4L6TnfCmx99eO1afxEcD46BTaHG7EMr4gibJ+l1xb+1zvKeyGogpKzQDyXb90/ei3szzlZtvNifGH4bJQgs5x5EHn9neAPCZE=&4PPPYg=wkg1XDgwksv http://www.duloxetine.best/g8zi/ http://www.gulyapipimapen.com/g8zi/
|
24
www.glenwoodstudiocrafts.com(162.241.217.45) www.duloxetine.best(104.21.73.212) www.kitmake.site(199.192.30.193) www.gargaloid.ru(185.215.4.36) www.adasoft.info(81.88.48.71) www.roofing-services-jp.click(199.59.243.222) www.jvrsoft.online(94.73.144.194) www.sqlite.org(45.33.6.223) www.toporsche.online(194.58.112.174) www.gulyapipimapen.com(89.163.135.184) www.suachuadienlanh247.com(103.221.223.104) www.888h8.club(35.244.144.199) 94.73.144.194 - malware 81.88.48.71 - mailcious 104.21.73.212 199.192.30.193 199.59.243.222 - mailcious 89.163.135.184 103.221.223.104 194.58.112.174 - mailcious 45.33.6.223 162.241.217.45 35.244.144.199 - mailcious 185.215.4.36
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
146 |
2023-02-14 08:50
|
qqqqq.exe 11f406b1ef314cca6060886c952bedb0 Loki Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://185.246.220.85/davidhill/five/fre.php - rule_id: 26603
|
1
185.246.220.85 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
|
1
http://185.246.220.85/davidhill/five/fre.php
|
9.4 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
147 |
2023-02-14 08:47
|
vbc.exe 84f8c0e114eaedf255b41eb10d7b58c3 Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Remote Code Execution DNS Software |
1
http://185.246.220.60/jt/five/fre.php
|
3
185.246.220.60 62.204.41.88 - malware 62.204.41.5 - malware
|
8
ET DROP Dshield Block Listed Source group 1 ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
|
|
8.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
148 |
2023-02-12 15:12
|
roc51.exe 1d920aa56457a163c9ede013081ae820 Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
3
http://www.eleonorasdaycare.com/re29/?u6u4=iZ4D9MfQzkLMiVC19Sx2I5zdLa7VmU5sDnt6/xeT1G1WjM9KfvNu0TUCkvScjOTSuzsJDmh5&9rQl7P=xPJpLXiX http://www.detoxshopbr.store/re29/?u6u4=aQt7vukWYUzx+oCCTqo8HxJeOTyNng86cco+4+q4ypewOOMVBrQ/M97kQTWlSCj26KyEdjaM&9rQl7P=xPJpLXiX http://www.microshel.com/re29/?u6u4=trfuaJRD6A/eesv4M6SXrE7j8J9Y8vN4m/WyH3ernOja7pMfzOf3bi/QkcHzhOFYePR8sA9G&9rQl7P=xPJpLXiX
|
7
www.aq993.cyou() www.eleonorasdaycare.com(154.209.142.100) www.detoxshopbr.store(23.227.38.74) www.microshel.com(34.102.136.180) 154.209.142.100 23.227.38.74 - mailcious 34.102.136.180 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
149 |
2023-02-09 10:43
|
hjf.exe b0dd3b97aaab029d1253cb0c3794d455 Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
16
http://www.ecomicsvilla.com/8qa3/ http://www.f1253.com/8qa3/ http://www.soroptimistofamador.com/8qa3/?NB=c5Eeb7dn/8EYxC+M6re+nHBh7m2i5KbribjzLk2BVWQgprnRWDOreo3dlS1Tf/13fTrHvW7qwb+7jwCe0+JVEy4ZSMH4EcsXdNb8klM=&PNbL=jX-jTZzzH14-6O http://www.pushpaholidays.com/8qa3/ http://www.defituesday.com/8qa3/?NB=g/K91+24+PHAiHPhvyuFXzVpVj02gVzNZeKGHjuCFrMmzpuKet/E+G0ypAyl4zj9I8Z7auL/coT2Y4uPH7ZahhTSjlAwmlMiIr0KtvE=&PNbL=jX-jTZzzH14-6O http://www.theedenpublicschool.com/8qa3/ http://www.soroptimistofamador.com/8qa3/ http://www.f1253.com/8qa3/?NB=J0i+HNrGClYTAcXYOGMjUfCCY+jxRA7qTJ0QlwQRMh/eBqJkbuSEepiRopmRQgF/HN5KR+bmQ7TE+zYnqYNLGx5YeZCqzK5CyODJ6qA=&PNbL=jX-jTZzzH14-6O http://www.theedenpublicschool.com/8qa3/?NB=awREWtMMj+lRHHM6AQdmRgvwbUZmvp8tQda9g/jpnZpjQndokfCyaw0eStkt3W3LDFF5IEfACaY0uUEW+xg0qs2ozgMGzCLbcweLr7E=&PNbL=jX-jTZzzH14-6O http://www.pushpaholidays.com/8qa3/?NB=uwc3uy5jUwBmgGhOFs3IT1KM06KJvn6K5bdvjpj3r4WyLQ/DzhXqBqj1ZuMMRVOGVDo2DjphbD36wW4cqg2mbD0xix1zXMzS8AuI19o=&PNbL=jX-jTZzzH14-6O http://www.defituesday.com/8qa3/ http://www.boltag.xyz/8qa3/?NB=qnytmCaQLfU4zsrtGjFnzBqU0b3giDP99e6pyqNb4SbHI20/4CVvCJHspsGpbucyTs/cyReYkpquPSKEraK1PzjSbuif9SuGl0f0RSw=&PNbL=jX-jTZzzH14-6O http://www.boltag.xyz/8qa3/ http://www.ecomicsvilla.com/8qa3/?NB=NoEkgSowB96SWPAg7xVMgGDZv5EdP4jNoDX46qfudZBh/ww1VORetC7JM6bTsJ7/lBMT+kpLr5o69A4fo6ZiQJ0mwjKygXrKvZBCDz0=&PNbL=jX-jTZzzH14-6O http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip http://www.ambilis.com/8qa3/?NB=Yw6YD0s17PM9etjv/emAmMlEED9F94kmNvL7jtaM45zABScbtKoqJqCX2gTJEUJahVXOtkWRgK0fQ0tM1LEfveKg/13pcGnAI9Ia8t8=&PNbL=jX-jTZzzH14-6O
|
17
www.pushpaholidays.com(216.239.36.21) www.defituesday.com(199.59.243.222) - mailcious www.boltag.xyz(199.192.31.98) www.theedenpublicschool.com(162.214.81.26) www.f1253.com(34.92.178.239) www.ambilis.com(199.59.243.222) www.sqlite.org(45.33.6.223) www.ecomicsvilla.com(198.252.102.191) www.soroptimistofamador.com(162.241.230.71) 216.239.32.21 - mailcious 199.59.243.222 - mailcious 162.214.81.26 162.241.230.71 198.252.102.191 45.33.6.223 199.192.31.98 34.92.178.239
|
3
ET MALWARE FormBook CnC Checkin (POST) M2 ET MALWARE FormBook CnC Checkin (GET) ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
4.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
150 |
2023-02-09 10:34
|
vbc.exe 900820f261e82e5c51ecaa86f2f68f86 Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself installed browsers check Browser Email ComputerName DNS Software |
1
https://sempersim.su/ha9/fre.php
|
2
sempersim.su(46.148.39.36) - mailcious 46.148.39.36 - mailcious
|
1
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
|
|
7.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|