46 |
2024-03-27 07:39
|
nesdij.exe 4f2752fcd683bfff201108b2091510ce Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed |
|
|
|
|
4.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47 |
2024-03-26 07:19
|
newaboyo.exe 41685eda86fd0c3580849308a25b4a9d Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed |
|
|
|
|
4.4 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48 |
2024-03-25 09:24
|
go.exe 4e937db554cf18265ab7f3915db42b2c Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko&ifkv=ARZ0qKK-VHHnZwpNm7p5uN6Dl_ZvvZmCoYYXn02kHS5p_HaZ7ePY9EYzutDBHK0NXYfixHOOw7mtlw&passive=true&service=youtube&uilel=3&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-553555903%3A1711326027463105 https://www.google.com/favicon.ico https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/_/bscframe https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko https://accounts.google.com/generate_204?vBL53Q https://www.youtube.com/account https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko&passive=true&service=youtube&uilel=3&ifkv=ARZ0qKKXo7ZF9PtGz47baT8UVWdFT0eYzdn5It88GOwmzA_LWU4tMF7c7RwCmN7IKO4ExzugA_5g9A
|
8
www.youtube.com(142.250.206.206) - mailcious ssl.gstatic.com(172.217.26.227) accounts.google.com(64.233.188.84) www.google.com(142.250.206.196) 142.251.222.206 142.250.204.68 216.58.203.67 74.125.23.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.6 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
49 |
2024-03-22 07:42
|
wininit.exe 589ddf53393fe19f58105dfdf56879e3 Process Kill Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Remcos VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder Windows |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) shgoini.com(107.175.229.143) 107.175.229.143 178.237.33.50
|
1
ET JA3 Hash - Remcos 3.x TLS Connection
|
|
6.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
50 |
2024-03-20 08:01
|
wininit.exe b26007c701f550b1bff5150c37f824f7 Process Kill Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check VirusTotal Malware AutoRuns Checks debugger Creates executable files unpack itself AppData folder Windows |
|
|
|
|
3.8 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
51 |
2024-03-02 18:56
|
well.exe 6b70d4e5e8c5d3f1a7290e216e72e40a Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger exploit crash unpack itself malicious URLs installed browsers check Exploit Browser crashed |
|
|
|
|
6.2 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
52 |
2024-02-20 08:25
|
fu.exe d09970b966577e4e5bdf10badfda4672 Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed |
8
https://www.google.com/favicon.ico https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/generate_204?eK1wKA https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjyy1uNiRCJCkMc9dQUhFBgIHZZJOwTUYo41MXCdlv-VvBTjt8ySKnpapdyobHYdiu1lw3qK&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-435650299%3A1708383643040252 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjzivvee_FJ1wb2D4rcMlNXvsEib2-sk11jQ1P69jU4HflVnDIHCLXYJUku888CIwvh8rV3mBw
|
6
ssl.gstatic.com(142.250.76.131) accounts.google.com(64.233.188.84) www.google.com(142.250.207.100) 142.250.66.35 172.217.24.100 108.177.97.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
53 |
2024-02-16 16:41
|
reader_update.exe a74ae422391a22b5469135ae7f0cbf7d Malicious Library UPX PE File PE64 OS Processor Check Malware download VirusTotal Malware Malicious Traffic Checks debugger Creates executable files unpack itself Windows Update DNS |
2
http://64.52.80.82/test.txt http://64.52.80.82/script.a3x
|
1
|
4
ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
3.4 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
54 |
2024-02-13 14:23
|
fu.exe e82d97943c5c255462d8a1ff9fa84a0b Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Code injection Http API PWS Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed |
8
https://www.google.com/favicon.ico https://accounts.google.com/generate_204?owS44Q https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjw-8hv8pKf-34lHReLyKYBoyLh-EB8DjWgFSdIePu6BNkHJb9IJVJQbKDvf1liGkhqpTqlSGg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S587732523%3A1707800513315958 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjwJx5zSuQkPTUrXpfLH_UQ4jLg0VCFXS9QsbVd_LPU3lipn1jEqi48zNSCAFCz_SbjS1khD https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
6
ssl.gstatic.com(142.250.76.131) accounts.google.com(64.233.188.84) www.google.com(142.250.76.132) 142.251.220.36 173.194.174.84 142.250.66.35
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.6 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
55 |
2024-02-12 20:06
|
well.exe fc157bf81ab006d1bb0a542aaf499c53 Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger exploit crash unpack itself malicious URLs installed browsers check Exploit Browser crashed |
|
|
|
|
6.0 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
56 |
2024-02-07 08:02
|
fu.exe 9f011690f3ff8d1190f70fb656bc0152 Malicious Library UPX AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://accounts.google.com/generate_204?yLsD4A https://www.google.com/favicon.ico https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp0gFgzQEr8UmDSKF9VMO10J0PjuEsK0FNsanf_FKpDZkQJniiW78S7VqNBcAgI0XKjrsMn0Kw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1089664088%3A1707260279968358 https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp0gIGIEPV3SR0z1HinAIcF6Xtcf40DOpx-GZoKU15HEW9XX7XWLKYnv7XaufBjHhSLERoc1Ig
|
7
ssl.gstatic.com(172.217.161.195) accounts.google.com(64.233.187.84) www.google.com(172.217.161.228) 173.194.174.84 142.250.204.132 124.222.175.116 142.251.220.3
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
57 |
2024-02-05 09:53
|
fu.exe 271cd22262cd08a27b71bdde7e56a102 Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed |
8
https://accounts.google.com/generate_204?XFQDRw https://www.google.com/favicon.ico https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp1pSg1SytcUXlCvRfnGS2MhnzYPTh0lGMlr8CFFswSgI4EqllBOEfkNRR9xY2H6zYS0qwVgQQ https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp3KwGUsAR-DcSqWNUmXjv3hJ3dPzA40W4zrbKGtqCBS-aHnytHfTJAmPiy3RtrAYxr3Bw3B-Q&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-2130546933%3A1707092765407593 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
6
ssl.gstatic.com(172.217.161.195) accounts.google.com(64.233.188.84) www.google.com(142.250.207.100) 74.125.23.84 142.250.66.36 142.250.199.67
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
58 |
2024-02-05 09:27
|
fu.exe c34697903d0b829f48d0c2b7c3d65978 Malicious Library UPX AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File icon VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://www.google.com/favicon.ico https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/generate_204?wLpj7A https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp17RFliK8mOCO-X3Gl3JJeGX5yiGockQ1l13hly4UmT32bAr7wEbsm-zkSPX7aWdiOdHuno4Q&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1223811244%3A1707092633460836 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp2BM5Fd3reE-IdQx8AtgUMSgyK5xAZM8DZJbKgms149LIGPtbQFk8kOHX3yrbDB3impnNve4A
|
6
ssl.gstatic.com(172.217.161.195) accounts.google.com(64.233.187.84) www.google.com(142.250.76.132) 142.250.66.99 64.233.188.84 172.217.31.4
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
59 |
2024-02-02 13:46
|
no.exe 28b38ccdc05a8aff57014c2bccf49af2 Malicious Library UPX AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp0qMIEc5MFQxs1aKn9G2iv74lF6wY3BJGxH-8DXUl8WehWN5u-jeiNJda50EamSr_wPf13w1Q&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S286077521%3A1706848978878354 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp3R1LF2E0Wdi59xiyT5waIzFlhA4_Gj9RrurSMQEWfAfh3grbEpvLcFG_ttljVpw-0v88wkNQ https://accounts.google.com/ https://accounts.google.com/_/bscframe https://accounts.google.com/generate_204?0DF1lQ https://www.google.com/favicon.ico https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
6
ssl.gstatic.com(142.250.76.131) accounts.google.com(64.233.188.84) www.google.com(142.250.207.100) 142.250.207.67 172.217.24.100 64.233.188.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
60 |
2024-01-28 10:00
|
ko.exe f7942f50665070dee333d0df2bebc4c6 Generic Malware Malicious Library UPX Code injection AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed |
8
https://www.google.com/favicon.ico https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp2nVIT-_JIwIi3-MDUsz3bxxTyczYU2E_0mxE6Z7OGpr1sV2Sb-w7rPHn7z745xx-jF96pazw https://accounts.google.com/generate_204?gYg_LA https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp3cH1IHBBxj7z9KBB591Z5_GSdD_Lq-mVf0ijv_RhuU12_w1wh_c3NPmMNlOMTEqt9p65VQ1A&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-587006607%3A1706403341784438 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
6
ssl.gstatic.com(142.250.76.131) accounts.google.com(64.233.188.84) www.google.com(142.250.207.100) 172.217.27.36 172.217.31.3 64.233.188.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|