31 |
2024-07-01 09:38
|
vidar2806.exe f88272ea7674d3acedd8adcf7643c598 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
32 |
2024-07-01 09:38
|
lumma2806.exe 0309dd0131150796ea99b30a62194fae Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
33 |
2024-07-01 09:26
|
1.exe 07c1efc472c5c8424d6a4e529abc63c5 UPX PE File PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
34 |
2024-07-01 09:23
|
TQ.jpg.exe f9f5342074462fa1048fea806eef535f Emotet Generic Malware Malicious Library Downloader Malicious Packer Antivirus UPX PE File PE32 OS Processor Check DLL PE64 Malware download VirusTotal Malware SMB Traffic Potential Scan Malicious Traffic Creates executable files ICMP traffic Disables Windows Security AppData folder sandbox evasion Windows DNS DDNS Downloader |
8
http://118.184.169.48/dyndns/getip http://45.113.194.189/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8 http://ssl.ftp21.cc/MpMgDLL.jpg http://ssl.ftp21.cc/MpMgSvc.jpg http://down.ftp21.cc/64.jpg http://ssl.ftp21.cc/Hooks.jpg http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://down.ftp21.cc/Update.txt
|
22
gtxvdqvuweqs.com(16.162.201.176) members.3322.org(118.184.169.48) ipv6-api.iproyal.com() down.ftp21.cc(119.203.212.165) - malware download.microsoft.com(23.199.6.55) www.362-com.com(1.226.84.135) www.4i7i.com(1.226.84.135) opendata.baidu.com(45.113.194.189) web.362-com.com(110.11.158.238) api.iproyal.com(193.228.196.69) ssl.ftp21.cc(31.184.207.62) - malware 23.219.69.110 31.184.207.62 - malware 193.228.196.69 45.113.194.189 16.162.201.176 1.226.84.135 31.222.226.20 18.163.3.159 118.184.169.48 110.11.158.238 119.203.212.165 - malware
|
8
ET DNS Query for .cc TLD ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection
|
|
9.4 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
35 |
2024-07-01 09:23
|
wmi.jpg.exe 3d3aedfaeaf39544ff74fe6fe4541fc2 PE File PE32 Malware download VirusTotal Malware SMB Traffic Potential Scan AutoRuns Malicious Traffic Check memory Creates executable files ICMP traffic RWX flags setting Windows utilities suspicious TLD WriteConsoleW Firewall state off Windows DNS DDNS Downloader |
10
http://down.ftp21.cc/Update.txt http://ssl.ftp21.cc/445.jpg http://43.198.152.240:8080/api/node/ip_validate http://118.184.169.48/dyndns/getip http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://hook.ftp21.cc/MpMgSvc.dll http://45.113.194.127/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8 http://hook.ftp21.cc/MpMgSvc.jpg http://hook.ftp21.cc/Hooks.jpg http://hook.ftp21.cc/64.jpg
|
28
gtxvdqvuweqs.com(16.162.201.176) members.3322.org(118.184.169.48) ipv6-api.iproyal.com() down.ftp21.cc(119.203.212.165) - malware download.microsoft.com(23.199.6.55) hook.ftp21.cc(211.108.60.155) api6.my-ip.io() unixtime.org(172.67.175.23) www.362-com.com(1.226.84.135) web.362-com.com(110.11.158.238) opendata.baidu.com(45.113.194.127) www.4i7i.com(1.226.84.135) api.iproyal.com(93.189.62.83) ssl.ftp21.cc(31.184.207.62) - malware 172.67.175.23 93.189.62.83 31.184.207.62 - malware 193.228.196.69 211.108.60.155 43.198.152.240 45.113.194.127 16.162.201.176 1.226.84.135 51.161.196.188 104.78.73.222 118.184.169.48 110.11.158.238 119.203.212.165 - malware
|
11
ET INFO Packed Executable Download ET DNS Query for .cc TLD ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET INFO SSH-2.0-Go version string Observed in Network Traffic ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection ET INFO External IP Lookup Domain DNS Lookup (my-ip .io)
|
|
11.2 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
36 |
2024-06-29 15:39
|
amadka.exe 7858fdd5d237ed2531bb9d0ac0a756bc PE File PE32 Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Checks debugger unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows DNS crashed |
2
http://77.91.77.82/Hun4Ko/index.php
http://77.91.77.81/stealc/random.exe
|
2
77.91.77.82 - malware
77.91.77.81 - mailcious
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 8 ET MALWARE Amadey Bot Activity (POST)
|
|
10.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
37 |
2024-06-29 15:27
|
XClient1.exe dedb302aba9b69536c287633fbe41f5d Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName keylogger |
|
|
|
|
6.2 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
38 |
2024-06-29 15:24
|
neste.exe b3badd1cd2cba4f587bd6737d34d3569 Gen1 EnigmaProtector Generic Malware Malicious Packer Malicious Library UPX PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin |
9
http://85.28.47.4/69934896f997d5bb/freebl3.dll
http://85.28.47.4/69934896f997d5bb/nss3.dll
http://85.28.47.4/69934896f997d5bb/vcruntime140.dll
http://85.28.47.4/69934896f997d5bb/mozglue.dll
http://85.28.47.4/69934896f997d5bb/softokn3.dll
http://85.28.47.4/920475a59bac849d.php - rule_id: 40635
http://85.28.47.4/69934896f997d5bb/msvcp140.dll
http://85.28.47.4/69934896f997d5bb/sqlite3.dll
http://77.91.77.81/mine/amadka.exe
|
2
85.28.47.4 - mailcious
77.91.77.81 - mailcious
|
15
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
1
http://85.28.47.4/920475a59bac849d.php
|
10.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
39 |
2024-06-29 15:20
|
XClient.exe ada4045ee6399dc5733826a4d7e43a10 Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key |
|
|
|
|
4.0 |
|
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
40 |
2024-06-29 15:20
|
main.exe 338cee4d2b3e4d1a0ce18dd982eefbcd Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
41 |
2024-06-29 15:15
|
Client.exe 76e8d35fe35dce2fb65d0e2fb1be067c Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
42 |
2024-06-29 15:12
|
pclient.exe ef95411945330db1907508d38bc373ac Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.0 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43 |
2024-06-29 15:12
|
Photo.scr 03364eb9ea6170328d51511d7639ba26 Malicious Library VMProtect PE File PE32 VirusTotal Malware |
|
|
|
|
1.6 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44 |
2024-06-29 15:11
|
Photo.scr e9888d464b8bf86b05e22e8beb04d96e Malicious Library VMProtect PE File PE32 VirusTotal Malware |
|
|
|
|
1.6 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45 |
2024-06-29 01:17
|
concord a968f4fdf6d959c08ff7098ae4a0a695 Generic Malware Malicious Library Malicious Packer Antivirus UPX PE File PE64 OS Processor Check VirusTotal Malware PDB crashed |
|
|
|
|
1.8 |
|
50 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|