| 136 |
2023-02-21 13:55
|
 aaaaa.exe 6696d584aa20684b71b5511b632ae1df
Loki UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself installed browsers check Browser Email ComputerName DNS Software |
1
http://185.246.220.85/davidhill/five/fre.php - rule_id: 26603
|
1
185.246.220.85 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://185.246.220.85/davidhill/five/fre.php
|
9.0 |
M |
41 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 137 |
2023-02-21 10:48
|
 vbc.exe 894ebe041d7580e494ed9c158ab59e47
Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself installed browsers check Browser Email ComputerName DNS Software |
1
http://208.67.105.148/sung/five/fre.php
|
1
208.67.105.148 - mailcious
|
|
|
8.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 138 |
2023-02-21 07:59
|
 aloe.exe 4813bbedfb4ac4c6b9819c3e0b09ae4c
PWS[m] Downloader Malicious Library UPX Malicious Packer Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PE32 PE File OS Pr VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS |
|
1
|
|
|
10.8 |
M |
52 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 139 |
2023-02-20 18:33
|
 Swift.exe 41cc45fca60b81676b388acf1774f9ea
Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself suspicious TLD |
15
http://www.nnhuigou.com/erh1/
http://www.chiyiqian.net/erh1/?em=8yvHrbMZKMPX4G7f9erTK5Qf9jc5QJU63StCeoHWCyVfdjdYM9jxH3fQGE5Iu7GP0O1mEzOAIrrJFf6p4gJURBs6dEGFAV/evzhFOwU=&vxk=R4T_9gGjkVANzOLb
http://www.kioro.net/erh1/
http://www.bleclear.xyz/erh1/?em=Z0WuN7dkRWVSR17LZJVNMUwcuzExK0sMDp8JW5x4tCvk4vgayadIan3yifpjez9lQ/1VNOuDl27ov1rCEZ0+qWmIWB6a3zv1qxdGx5k=&vxk=R4T_9gGjkVANzOLb
http://www.ectdamageoutlaytospe.xyz/erh1/?em=AHcw5OXb/Gm0OTCfDKZ3JK2DxYhw9RKBtUxAFBdta5MKTtGQWXSj63XVCvwVGfb92Yl3Ufjg0V67zzvooSJHcwgpn+BJcL90O6dhoL8=&vxk=R4T_9gGjkVANzOLb
http://www.chiyiqian.net/erh1/
http://www.iidethakur.xyz/erh1/?em=RTH9mQA/n/TNXPfYm1IQ7kHa2Q5nsTC6kRfi+yFPN0Z6FU6dgArPOJWDHQBf5RE1GBDoONRo0qQWV1gcrPNWuxRml6P17NRo//cHjbw=&vxk=R4T_9gGjkVANzOLb
http://www.fieldzerohealth.com/erh1/?em=2fftqGAYz6+U6LebbRvkYVCnpFDwwjkXc5V+lmDsVDhPAKcfcJvMu1TqUMUx5Sl5ugQ4b/H1oW7OweiN6k/YFLbPvlSp+kJlDYXlmiM=&vxk=R4T_9gGjkVANzOLb
http://www.ectdamageoutlaytospe.xyz/erh1/
http://www.nnhuigou.com/erh1/?em=zgUlILOmccKllncYZi7rpx3Dy3rd1czJYU7gexZDdnilDjeuG+4Wva/CQyP1Xrup3QMjHCP+/VcwhY9vPmUWjWt3CJ1rvTCIIXYKhA4=&vxk=R4T_9gGjkVANzOLb
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
http://www.fieldzerohealth.com/erh1/
http://www.botanica-online.ru/erh1/?em=do8xsgN913Pnny2aQ+UK0nDZkGlYRkt5zPJAoWdaBDk5pObX0g+xLOXXB+ddgWePhlrLLqA2L4+lJsdSAyHVXgmknCRuXBaZ2Yv2Mew=&vxk=R4T_9gGjkVANzOLb
http://www.botanica-online.ru/erh1/
http://www.bleclear.xyz/erh1/
|
20
www.bleclear.xyz(192.64.116.162)
www.botanica-online.ru(5.101.152.161)
www.najdlegend1.com()
www.nnhuigou.com(154.37.38.226)
www.chiyiqian.net(154.36.192.148)
www.iidethakur.xyz(95.216.161.178)
www.kioro.net(204.93.169.182)
www.fieldzerohealth.com(199.15.163.138)
www.sqlite.org(45.33.6.223)
www.insightcherry.online()
www.ectdamageoutlaytospe.xyz(198.54.117.242)
45.33.6.223
5.101.152.161 - mailcious
154.36.192.148
95.216.161.178
199.15.163.128 - mailcious
154.37.38.226
204.93.169.182
198.54.117.242 - mailcious
192.64.116.162
|
3
ET MALWARE FormBook CnC Checkin (POST) M2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
4.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 140 |
2023-02-20 18:31
|
 aaaaa.exe 6696d584aa20684b71b5511b632ae1df
Loki Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://185.246.220.85/davidhill/five/fre.php - rule_id: 26603
|
1
185.246.220.85 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://185.246.220.85/davidhill/five/fre.php
|
7.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 141 |
2023-02-20 18:15
|
 hill.exe bebfe80156455464fd3d296dae2e55b7
Loki Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://185.246.220.85/davidhill/five/fre.php - rule_id: 26603
|
1
185.246.220.85 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://185.246.220.85/davidhill/five/fre.php
|
8.8 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 142 |
2023-02-17 16:43
|
 vbc.exe 865004f0278a4301cd6919a58e09c9b2
Malicious Library UPX Anti_VM PE32 PE File OS Processor Check VirusTotal Malware Check memory Creates executable files AppData folder |
|
|
|
|
2.2 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 143 |
2023-02-17 09:31
|
 vbc.exe 26c1c8bc65bc1734c6fbb5c70c6711e5
Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
1
http://checkip.dyndns.org/
|
3
checkip.dyndns.org(158.101.44.242)
132.226.8.169
149.154.167.220
|
5
ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .org Domain
ET INFO DYNAMIC_DNS Query to a *.dyndns .org Domain
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
|
|
10.0 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 144 |
2023-02-16 10:26
|
 .svchost.exe 9b10df43f4414dc346dbceb162e6751b
Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
|
|
|
8.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 145 |
2023-02-16 09:47
|
 vooi.exe 29fb7632d7e495f0f9f23524d130fd81
Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself suspicious TLD |
21
http://www.gargaloid.ru/g8zi/?JEaL=DkLLWxis2E1HUQHLgvf0rwReE860J9T9JCUYJKAUGGGLEJ+tSm+r/8GD6x7i7OBqP6FTrmIabcF+CcJqeR0FKekLXyINHVeG/YqS6OE=&4PPPYg=wkg1XDgwksv
http://www.roofing-services-jp.click/g8zi/?JEaL=gTlFRVzTQHY+4EgrNO5awQa8RWZgVCjJOwNNvloWYAeZ2YNPVdJ0JDTSYybnPjzpnRJAw1yAloqncvuNrvOysTzLgSLmOoxM4SS5trI=&4PPPYg=wkg1XDgwksv
http://www.adasoft.info/g8zi/?JEaL=AjThibsiKHEzMap5+Vb1YatjExSsvvxZcrBupw4ZBG4WRQVp136auGb9quzXsBzaGyepbYm2IRG+aRDhPY6xv0UHc7irYlLkFg/xdwc=&4PPPYg=wkg1XDgwksv
http://www.kitmake.site/g8zi/
http://www.sqlite.org/2016/sqlite-dll-win32-x86-3150000.zip
http://www.glenwoodstudiocrafts.com/g8zi/
http://www.kitmake.site/g8zi/?JEaL=xsrS/voV1B9CoCwWjknnidlVFWFjHTCHzTQPpqEBQEqvnN6OKGA2mnHVlaVl91DOqShwtJOPyPE8TrZpP8AQoalCMd0Ga+zcmwYW8Yo=&4PPPYg=wkg1XDgwksv
http://www.jvrsoft.online/g8zi/
http://www.888h8.club/g8zi/
http://www.gargaloid.ru/g8zi/
http://www.gulyapipimapen.com/g8zi/?JEaL=VuLYQfvlBUqfT2McKuawAjaDBjX0t9mr1J6uyY3ZF4LXs8N5wdxwFreC8pgW3C9k+M7S0vPJnt4Nr2VoSdFZmL0o42Ux3LoeA6EoHiQ=&4PPPYg=wkg1XDgwksv
http://www.glenwoodstudiocrafts.com/g8zi/?JEaL=gbuUsdMFgAKo+NdGlyvkSKYNRqirfVQ89Bp33XaDA2X8lfWerQUcV5LlbkaQmw5VxTa6UNcaUaTY77vs7V20eR3+7cVD7zKEEkhMbDQ=&4PPPYg=wkg1XDgwksv
http://www.toporsche.online/g8zi/
http://www.suachuadienlanh247.com/g8zi/
http://www.888h8.club/g8zi/?JEaL=Ks12YypKabo5FdLXnvxM/Qpm/Gn9v2zY1zgFJmYNxzzlsbG0b/LOSxPj/TZ+035nj0ULeNoalWyc8wPdZlbp7l9sjPbRLD9hV7Rdk3c=&4PPPYg=wkg1XDgwksv
http://www.duloxetine.best/g8zi/?JEaL=rHOc5/Qta46Ekd5uFeqEdtxA4UdExyq8BvUDkLx0j/YVdOkc4qLNTxLHCgQnAeZZAyqTB51wb5QplN8VpPuQtjYwQCy3R2e8IKIo0q8=&4PPPYg=wkg1XDgwksv
http://www.roofing-services-jp.click/g8zi/
http://www.toporsche.online/g8zi/?JEaL=Bw9a0uuo3rzhwumdM7nrjI14X+BCr6LihBT+/rKJp3efzvxic1aH+RBRhAXvIyjDStl1Up5h0HNoWXDtP9lq1bQZPtqPn36pZK/YgBg=&4PPPYg=wkg1XDgwksv
http://www.suachuadienlanh247.com/g8zi/?JEaL=1kj8Fq4L6TnfCmx99eO1afxEcD46BTaHG7EMr4gibJ+l1xb+1zvKeyGogpKzQDyXb90/ei3szzlZtvNifGH4bJQgs5x5EHn9neAPCZE=&4PPPYg=wkg1XDgwksv
http://www.duloxetine.best/g8zi/
http://www.gulyapipimapen.com/g8zi/
|
24
www.glenwoodstudiocrafts.com(162.241.217.45)
www.duloxetine.best(104.21.73.212)
www.kitmake.site(199.192.30.193)
www.gargaloid.ru(185.215.4.36)
www.adasoft.info(81.88.48.71)
www.roofing-services-jp.click(199.59.243.222)
www.jvrsoft.online(94.73.144.194)
www.sqlite.org(45.33.6.223)
www.toporsche.online(194.58.112.174)
www.gulyapipimapen.com(89.163.135.184)
www.suachuadienlanh247.com(103.221.223.104)
www.888h8.club(35.244.144.199)
94.73.144.194 - malware
81.88.48.71 - mailcious
104.21.73.212
199.192.30.193
199.59.243.222 - mailcious
89.163.135.184
103.221.223.104
194.58.112.174 - mailcious
45.33.6.223
162.241.217.45
35.244.144.199 - mailcious
185.215.4.36
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 146 |
2023-02-14 08:50
|
 qqqqq.exe 11f406b1ef314cca6060886c952bedb0
Loki Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://185.246.220.85/davidhill/five/fre.php - rule_id: 26603
|
1
185.246.220.85 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
|
1
http://185.246.220.85/davidhill/five/fre.php
|
9.4 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 147 |
2023-02-14 08:47
|
 vbc.exe 84f8c0e114eaedf255b41eb10d7b58c3
Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Remote Code Execution DNS Software |
1
http://185.246.220.60/jt/five/fre.php
|
3
185.246.220.60
62.204.41.88 - malware
62.204.41.5 - malware
|
8
ET DROP Dshield Block Listed Source group 1
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
|
|
8.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 148 |
2023-02-12 15:12
|
 roc51.exe 1d920aa56457a163c9ede013081ae820
Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
3
http://www.eleonorasdaycare.com/re29/?u6u4=iZ4D9MfQzkLMiVC19Sx2I5zdLa7VmU5sDnt6/xeT1G1WjM9KfvNu0TUCkvScjOTSuzsJDmh5&9rQl7P=xPJpLXiX
http://www.detoxshopbr.store/re29/?u6u4=aQt7vukWYUzx+oCCTqo8HxJeOTyNng86cco+4+q4ypewOOMVBrQ/M97kQTWlSCj26KyEdjaM&9rQl7P=xPJpLXiX
http://www.microshel.com/re29/?u6u4=trfuaJRD6A/eesv4M6SXrE7j8J9Y8vN4m/WyH3ernOja7pMfzOf3bi/QkcHzhOFYePR8sA9G&9rQl7P=xPJpLXiX
|
7
www.aq993.cyou()
www.eleonorasdaycare.com(154.209.142.100)
www.detoxshopbr.store(23.227.38.74)
www.microshel.com(34.102.136.180)
154.209.142.100
23.227.38.74 - mailcious
34.102.136.180 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 149 |
2023-02-09 10:43
|
 hjf.exe b0dd3b97aaab029d1253cb0c3794d455
Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
16
http://www.ecomicsvilla.com/8qa3/
http://www.f1253.com/8qa3/
http://www.soroptimistofamador.com/8qa3/?NB=c5Eeb7dn/8EYxC+M6re+nHBh7m2i5KbribjzLk2BVWQgprnRWDOreo3dlS1Tf/13fTrHvW7qwb+7jwCe0+JVEy4ZSMH4EcsXdNb8klM=&PNbL=jX-jTZzzH14-6O
http://www.pushpaholidays.com/8qa3/
http://www.defituesday.com/8qa3/?NB=g/K91+24+PHAiHPhvyuFXzVpVj02gVzNZeKGHjuCFrMmzpuKet/E+G0ypAyl4zj9I8Z7auL/coT2Y4uPH7ZahhTSjlAwmlMiIr0KtvE=&PNbL=jX-jTZzzH14-6O
http://www.theedenpublicschool.com/8qa3/
http://www.soroptimistofamador.com/8qa3/
http://www.f1253.com/8qa3/?NB=J0i+HNrGClYTAcXYOGMjUfCCY+jxRA7qTJ0QlwQRMh/eBqJkbuSEepiRopmRQgF/HN5KR+bmQ7TE+zYnqYNLGx5YeZCqzK5CyODJ6qA=&PNbL=jX-jTZzzH14-6O
http://www.theedenpublicschool.com/8qa3/?NB=awREWtMMj+lRHHM6AQdmRgvwbUZmvp8tQda9g/jpnZpjQndokfCyaw0eStkt3W3LDFF5IEfACaY0uUEW+xg0qs2ozgMGzCLbcweLr7E=&PNbL=jX-jTZzzH14-6O
http://www.pushpaholidays.com/8qa3/?NB=uwc3uy5jUwBmgGhOFs3IT1KM06KJvn6K5bdvjpj3r4WyLQ/DzhXqBqj1ZuMMRVOGVDo2DjphbD36wW4cqg2mbD0xix1zXMzS8AuI19o=&PNbL=jX-jTZzzH14-6O
http://www.defituesday.com/8qa3/
http://www.boltag.xyz/8qa3/?NB=qnytmCaQLfU4zsrtGjFnzBqU0b3giDP99e6pyqNb4SbHI20/4CVvCJHspsGpbucyTs/cyReYkpquPSKEraK1PzjSbuif9SuGl0f0RSw=&PNbL=jX-jTZzzH14-6O
http://www.boltag.xyz/8qa3/
http://www.ecomicsvilla.com/8qa3/?NB=NoEkgSowB96SWPAg7xVMgGDZv5EdP4jNoDX46qfudZBh/ww1VORetC7JM6bTsJ7/lBMT+kpLr5o69A4fo6ZiQJ0mwjKygXrKvZBCDz0=&PNbL=jX-jTZzzH14-6O
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
http://www.ambilis.com/8qa3/?NB=Yw6YD0s17PM9etjv/emAmMlEED9F94kmNvL7jtaM45zABScbtKoqJqCX2gTJEUJahVXOtkWRgK0fQ0tM1LEfveKg/13pcGnAI9Ia8t8=&PNbL=jX-jTZzzH14-6O
|
17
www.pushpaholidays.com(216.239.36.21)
www.defituesday.com(199.59.243.222) - mailcious
www.boltag.xyz(199.192.31.98)
www.theedenpublicschool.com(162.214.81.26)
www.f1253.com(34.92.178.239)
www.ambilis.com(199.59.243.222)
www.sqlite.org(45.33.6.223)
www.ecomicsvilla.com(198.252.102.191)
www.soroptimistofamador.com(162.241.230.71)
216.239.32.21 - mailcious
199.59.243.222 - mailcious
162.214.81.26
162.241.230.71
198.252.102.191
45.33.6.223
199.192.31.98
34.92.178.239
|
3
ET MALWARE FormBook CnC Checkin (POST) M2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
4.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 150 |
2023-02-09 10:34
|
 vbc.exe 900820f261e82e5c51ecaa86f2f68f86
Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory Creates executable files unpack itself installed browsers check Browser Email ComputerName DNS Software |
1
https://sempersim.su/ha9/fre.php
|
2
sempersim.su(46.148.39.36) - mailcious
46.148.39.36 - mailcious
|
1
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
|
|
7.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|