| 46 |
2024-03-27 07:39
|
 nesdij.exe 4f2752fcd683bfff201108b2091510ce
Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed |
|
|
|
|
4.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47 |
2024-03-26 07:19
|
 newaboyo.exe 41685eda86fd0c3580849308a25b4a9d
Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed |
|
|
|
|
4.4 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48 |
2024-03-25 09:24
|
 go.exe 4e937db554cf18265ab7f3915db42b2c
Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko&ifkv=ARZ0qKK-VHHnZwpNm7p5uN6Dl_ZvvZmCoYYXn02kHS5p_HaZ7ePY9EYzutDBHK0NXYfixHOOw7mtlw&passive=true&service=youtube&uilel=3&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-553555903%3A1711326027463105
https://www.google.com/favicon.ico
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
https://accounts.google.com/_/bscframe
https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko
https://accounts.google.com/generate_204?vBL53Q
https://www.youtube.com/account
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Dko%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=ko&passive=true&service=youtube&uilel=3&ifkv=ARZ0qKKXo7ZF9PtGz47baT8UVWdFT0eYzdn5It88GOwmzA_LWU4tMF7c7RwCmN7IKO4ExzugA_5g9A
|
8
www.youtube.com(142.250.206.206) - mailcious
ssl.gstatic.com(172.217.26.227)
accounts.google.com(64.233.188.84)
www.google.com(142.250.206.196)
142.251.222.206
142.250.204.68
216.58.203.67
74.125.23.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.6 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49 |
2024-03-22 07:42
|
 wininit.exe 589ddf53393fe19f58105dfdf56879e3
Process Kill Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Remcos VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder Windows |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
shgoini.com(107.175.229.143)
107.175.229.143
178.237.33.50
|
1
ET JA3 Hash - Remcos 3.x TLS Connection
|
|
6.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50 |
2024-03-20 08:01
|
 wininit.exe b26007c701f550b1bff5150c37f824f7
Process Kill Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check VirusTotal Malware AutoRuns Checks debugger Creates executable files unpack itself AppData folder Windows |
|
|
|
|
3.8 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 51 |
2024-03-02 18:56
|
 well.exe 6b70d4e5e8c5d3f1a7290e216e72e40a
Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger exploit crash unpack itself malicious URLs installed browsers check Exploit Browser crashed |
|
|
|
|
6.2 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 52 |
2024-02-20 08:25
|
 fu.exe d09970b966577e4e5bdf10badfda4672
Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed |
8
https://www.google.com/favicon.ico
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://accounts.google.com/_/bscframe
https://accounts.google.com/
https://accounts.google.com/generate_204?eK1wKA
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjyy1uNiRCJCkMc9dQUhFBgIHZZJOwTUYo41MXCdlv-VvBTjt8ySKnpapdyobHYdiu1lw3qK&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-435650299%3A1708383643040252
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjzivvee_FJ1wb2D4rcMlNXvsEib2-sk11jQ1P69jU4HflVnDIHCLXYJUku888CIwvh8rV3mBw
|
6
ssl.gstatic.com(142.250.76.131)
accounts.google.com(64.233.188.84)
www.google.com(142.250.207.100)
142.250.66.35
172.217.24.100
108.177.97.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 53 |
2024-02-16 16:41
|
 reader_update.exe a74ae422391a22b5469135ae7f0cbf7d
Malicious Library UPX PE File PE64 OS Processor Check Malware download VirusTotal Malware Malicious Traffic Checks debugger Creates executable files unpack itself Windows Update DNS |
2
http://64.52.80.82/test.txt
http://64.52.80.82/script.a3x
|
1
|
4
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
3.4 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 54 |
2024-02-13 14:23
|
 fu.exe e82d97943c5c255462d8a1ff9fa84a0b
Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Code injection Http API PWS Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed |
8
https://www.google.com/favicon.ico
https://accounts.google.com/generate_204?owS44Q
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjw-8hv8pKf-34lHReLyKYBoyLh-EB8DjWgFSdIePu6BNkHJb9IJVJQbKDvf1liGkhqpTqlSGg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S587732523%3A1707800513315958
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://accounts.google.com/_/bscframe
https://accounts.google.com/
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjwJx5zSuQkPTUrXpfLH_UQ4jLg0VCFXS9QsbVd_LPU3lipn1jEqi48zNSCAFCz_SbjS1khD
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
6
ssl.gstatic.com(142.250.76.131)
accounts.google.com(64.233.188.84)
www.google.com(142.250.76.132)
142.251.220.36
173.194.174.84
142.250.66.35
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.6 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 55 |
2024-02-12 20:06
|
 well.exe fc157bf81ab006d1bb0a542aaf499c53
Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger exploit crash unpack itself malicious URLs installed browsers check Exploit Browser crashed |
|
|
|
|
6.0 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 56 |
2024-02-07 08:02
|
 fu.exe 9f011690f3ff8d1190f70fb656bc0152
Malicious Library UPX AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://accounts.google.com/generate_204?yLsD4A
https://www.google.com/favicon.ico
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://accounts.google.com/_/bscframe
https://accounts.google.com/
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp0gFgzQEr8UmDSKF9VMO10J0PjuEsK0FNsanf_FKpDZkQJniiW78S7VqNBcAgI0XKjrsMn0Kw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1089664088%3A1707260279968358
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp0gIGIEPV3SR0z1HinAIcF6Xtcf40DOpx-GZoKU15HEW9XX7XWLKYnv7XaufBjHhSLERoc1Ig
|
7
ssl.gstatic.com(172.217.161.195)
accounts.google.com(64.233.187.84)
www.google.com(172.217.161.228)
173.194.174.84
142.250.204.132
124.222.175.116
142.251.220.3
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 57 |
2024-02-05 09:53
|
 fu.exe 271cd22262cd08a27b71bdde7e56a102
Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS BitCoin I Browser Info Stealer MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed |
8
https://accounts.google.com/generate_204?XFQDRw
https://www.google.com/favicon.ico
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp1pSg1SytcUXlCvRfnGS2MhnzYPTh0lGMlr8CFFswSgI4EqllBOEfkNRR9xY2H6zYS0qwVgQQ
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://accounts.google.com/_/bscframe
https://accounts.google.com/
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp3KwGUsAR-DcSqWNUmXjv3hJ3dPzA40W4zrbKGtqCBS-aHnytHfTJAmPiy3RtrAYxr3Bw3B-Q&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-2130546933%3A1707092765407593
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
6
ssl.gstatic.com(172.217.161.195)
accounts.google.com(64.233.188.84)
www.google.com(142.250.207.100)
74.125.23.84
142.250.66.36
142.250.199.67
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 58 |
2024-02-05 09:27
|
 fu.exe c34697903d0b829f48d0c2b7c3d65978
Malicious Library UPX AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File icon VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://www.google.com/favicon.ico
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://accounts.google.com/_/bscframe
https://accounts.google.com/
https://accounts.google.com/generate_204?wLpj7A
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp17RFliK8mOCO-X3Gl3JJeGX5yiGockQ1l13hly4UmT32bAr7wEbsm-zkSPX7aWdiOdHuno4Q&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1223811244%3A1707092633460836
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp2BM5Fd3reE-IdQx8AtgUMSgyK5xAZM8DZJbKgms149LIGPtbQFk8kOHX3yrbDB3impnNve4A
|
6
ssl.gstatic.com(172.217.161.195)
accounts.google.com(64.233.187.84)
www.google.com(142.250.76.132)
142.250.66.99
64.233.188.84
172.217.31.4
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 59 |
2024-02-02 13:46
|
 no.exe 28b38ccdc05a8aff57014c2bccf49af2
Malicious Library UPX AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp0qMIEc5MFQxs1aKn9G2iv74lF6wY3BJGxH-8DXUl8WehWN5u-jeiNJda50EamSr_wPf13w1Q&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S286077521%3A1706848978878354
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp3R1LF2E0Wdi59xiyT5waIzFlhA4_Gj9RrurSMQEWfAfh3grbEpvLcFG_ttljVpw-0v88wkNQ
https://accounts.google.com/
https://accounts.google.com/_/bscframe
https://accounts.google.com/generate_204?0DF1lQ
https://www.google.com/favicon.ico
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
6
ssl.gstatic.com(142.250.76.131)
accounts.google.com(64.233.188.84)
www.google.com(142.250.207.100)
142.250.207.67
172.217.24.100
64.233.188.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 60 |
2024-01-28 10:00
|
 ko.exe f7942f50665070dee333d0df2bebc4c6
Generic Malware Malicious Library UPX Code injection AntiDebug AntiVM PE32 PE File OS Processor Check MSOffice File Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser DNS crashed |
8
https://www.google.com/favicon.ico
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://accounts.google.com/_/bscframe
https://accounts.google.com/
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp2nVIT-_JIwIi3-MDUsz3bxxTyczYU2E_0mxE6Z7OGpr1sV2Sb-w7rPHn7z745xx-jF96pazw
https://accounts.google.com/generate_204?gYg_LA
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp3cH1IHBBxj7z9KBB591Z5_GSdD_Lq-mVf0ijv_RhuU12_w1wh_c3NPmMNlOMTEqt9p65VQ1A&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-587006607%3A1706403341784438
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
6
ssl.gstatic.com(142.250.76.131)
accounts.google.com(64.233.188.84)
www.google.com(142.250.207.100)
172.217.27.36
172.217.31.3
64.233.188.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|