31 |
2024-04-03 13:45
|
dll.hta e81963d4c5a431f529c7669d3595a943 Malware download VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Trojan DNS Cryptographic key Downloader |
|
2
162.19.139.184 - mailcious 210.246.215.82 - mailcious
|
7
ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING Suspicious BITS EXE DL From Dotted Quad ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.0 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
32 |
2024-03-12 14:42
|
task.exe 8abcfb35a0865848a43a0380c0fae5d1 AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
5
camo.githubusercontent.com(185.199.108.133) fonts.googleapis.com(172.217.174.106) 185.199.109.133 - mailcious 172.217.25.10 172.217.24.106
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
33 |
2024-03-11 10:55
|
Run.exe 49004c815f7a1ad89632e49a7031fb7f AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
5
camo.githubusercontent.com(185.199.109.133) fonts.googleapis.com(142.250.196.106) 142.251.222.202 142.250.207.74 185.199.108.133 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
6.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
34 |
2024-03-10 09:42
|
Update.exe a93371515219f36bdf065ee8b1ac3ffc AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
5
camo.githubusercontent.com(185.199.108.133) fonts.googleapis.com(172.217.175.42) 142.251.222.202 69.30.198.237 185.199.111.133 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
35 |
2024-03-03 15:19
|
RuntimeBroker.exe 4d2c2b59e38b1a2931069db1c710134a AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
5
camo.githubusercontent.com(185.199.108.133) fonts.googleapis.com(172.217.26.234) 142.250.66.138 142.250.207.74 185.199.111.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
36 |
2024-02-18 13:38
|
1.wsf a9d1a4189a693c4253bf20065f5a9322 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
|
1
|
2
ET ATTACK_RESPONSE PowerShell NoProfile Command Received In Powershell Stagers ET HUNTING PowerShell NonInteractive Command Common In Powershell Stagers
|
|
9.6 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
37 |
2024-02-14 09:36
|
droidmonday.hta ea8358953b550dc7b331ab37f2571973 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
38 |
2024-02-13 13:49
|
Rat%20crypted.exe 18e07baa99f5e4467c1210d2e7a9b5d7 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
2
camo.githubusercontent.com(185.199.108.133) 185.199.109.133 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
39 |
2024-02-05 09:44
|
2pdf.hta 07fa373b66fc5c661bdc2e3b51b65126 AntiDebug AntiVM Code Injection RWX flags setting unpack itself Windows utilities Windows |
|
|
|
|
2.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
40 |
2024-02-05 09:43
|
1pdf.hta a46eae4ae4dc08311640997b66b5fe37 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
3 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
41 |
2024-01-30 16:22
|
Booking.hta fc44bc846156354fa99f4f483a360bd0 Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
9.4 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
42 |
2024-01-25 16:36
|
vLnNHh.exe 3cf7e35d135707c3c8db1e571b28f191 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
2
camo.githubusercontent.com(185.199.109.133) 185.199.111.133 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43 |
2024-01-24 09:32
|
REQUEST_FOR_QUOTATION.hta f8a7239fa4fce17853f74fcd61e24bd8 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44 |
2024-01-16 10:04
|
M.hta a712950af45bdc5e33863aae223c1ac6 AntiDebug AntiVM MSOffice File JPEG Format VirusTotal Malware Code Injection Check memory Checks debugger RWX flags setting exploit crash unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS crashed |
2
https://mail.chapanakit-rta.com/favicon.ico https://mail.chapanakit-rta.com/images/happynewyear.jpg
|
2
mail.chapanakit-rta.com(203.113.25.99) - mailcious 203.113.25.99 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
7.6 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45 |
2024-01-13 19:40
|
hhh.hta 6be3e8b51f47ae0b17f18c2978170c07 Generic Malware Antivirus AntiDebug AntiVM PowerShell Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://139.99.114.151/file/Explorer.exe
|
1
139.99.114.151 - mailcious
|
2
ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious explorer.exe in URI
|
|
10.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|