| 106 |
2024-06-18 07:46
|
 miner.exe dd5fdaf7d0f6c0cbb695695ed546f54b
PE64 PE File Malware download Malware Malicious Traffic unpack itself DNS SilentCryptoMiner |
1
http://94.156.65.121/ACDG57T68GGYB/api/endpoint.php
|
3
randomxmonero.auto.nicehash.com(34.149.22.228) - mailcious
34.149.22.228 - mailcious
94.156.65.121 - malware
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 15
ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request
|
|
2.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 107 |
2024-06-18 07:44
|
 1gcctv1.exe 070e6df2b1edef456d1eb581ffa0dc74
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB DNS |
|
3
cctv.haoxiw.com(182.18.208.39)
104.26.13.205
182.18.208.39
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 108 |
2024-06-18 07:41
|
 11.exe 792d2de7d845aac6a8e94566ca610952
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB |
|
2
dashengyeyeye.eicp.net(47.111.82.157)
47.111.82.157
|
|
|
1.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 109 |
2024-06-17 13:34
|
 servoces64.exe 540c3c9ae1b97353b49de9a216532d72
Anti_VM PE64 PE File VirusTotal Malware |
|
|
|
|
1.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 110 |
2024-06-17 13:33
|
 NewLatest.exe 07101cac5b9477ba636cd8ca7b9932cb
Amadey Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check PE64 Malware download Amadey VirusTotal Cryptocurrency Miner Malware AutoRuns Malicious Traffic Creates executable files unpack itself AppData folder Windows DNS CoinMiner |
3
http://185.172.128.19/FirstZ.exe - rule_id: 39930
http://185.172.128.116/Mb3GvQs8/index.php - rule_id: 40304
http://185.172.128.116/b2c2c1.exe - rule_id: 40314
|
8
xmr-eu1.nanopool.org(162.19.224.121) - mailcious
zeph-eu2.nanopool.org(51.15.61.114) - mailcious
pastebin.com(172.67.19.24) - mailcious
51.15.58.224
104.20.3.235 - malware
163.172.171.111 - mailcious
185.172.128.19 - mailcious
185.172.128.116 - mailcious
|
8
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Executable Download from dotted-quad Host
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
|
3
http://185.172.128.19/FirstZ.exe
http://185.172.128.116/Mb3GvQs8/index.php
http://185.172.128.116/b2c2c1.exe
|
6.4 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 111 |
2024-06-17 13:31
|
 monster.exe 3f4f5c57433724a32b7498b6a2c91bf0
Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE64 PE File DLL OS Processor Check wget ftp VirusTotal Malware Check memory Creates executable files unpack itself |
|
|
|
|
2.8 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 112 |
2024-06-17 13:27
|
 dhl.exe fc58e29974c49a329c30188f5a468e08
Generic Malware Malicious Library PE File PE32 VirusTotal Malware AutoRuns Creates executable files unpack itself suspicious process Windows |
1
http://star.sp168.tv:7744/8.77.dll
|
2
star.sp168.tv(156.241.4.189)
156.241.4.189 - mailcious
|
1
ET HUNTING Rejetto HTTP File Sever Response
|
|
5.2 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 113 |
2024-06-17 11:20
|
 adobe.exe 5fb6f9de46e67ad7d07418a02417aa92
UPX PE64 PE File VirusTotal Malware unpack itself |
|
|
|
|
2.0 |
|
26 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 114 |
2024-06-17 10:26
|
 s.exe b7b18619464ce06f97278c1cf029a5cb
Browser Login Data Stealer Generic Malware Malicious Packer Malicious Library UPX PE File PE32 Browser Info Stealer VirusTotal Malware Browser DNS |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 15
|
|
2.0 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 115 |
2024-06-17 10:25
|
 b.exe ccd45a73d555f6a89b06924e150680e5
Malicious Packer Malicious Library UPX PE File PE32 VirusTotal Malware Windows utilities suspicious process Windows |
4
http://comprobacion-aerolineas.com:9090/status
http://comprobacion-aerolineas.com:9090/output
http://comprobacion-aerolineas.com:9090/getcmd
http://comprobacion-aerolineas.com:9090/register
|
2
comprobacion-aerolineas.com(94.156.67.86)
94.156.67.86 - malware
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 15
ET USER_AGENTS Go HTTP Client User-Agent
|
|
2.6 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 116 |
2024-06-17 09:24
|
 3306.exe eb896b51453c804f14c11eee64c0ff79
Malicious Library AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory unpack itself Windows utilities suspicious process AppData folder Windows |
|
2
www2.micrr0soft.com(156.241.4.189)
156.241.4.189
|
|
|
8.0 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 117 |
2024-06-17 09:17
|
 adobe.exe 5fb6f9de46e67ad7d07418a02417aa92
PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency unpack itself DNS CoinMiner |
|
2
xmr.2miners.com(162.19.139.184) - mailcious
162.19.139.184 - mailcious
|
1
ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com)
|
|
3.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 118 |
2024-06-16 10:46
|
 x86_0929_1.exe cedd4cef78da5751af380902c89f1352
Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege sandbox evasion WriteConsoleW Windows Advertising Remote Code Execution Firmware DNS crashed |
|
1
|
|
|
7.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 119 |
2024-06-16 10:37
|
 gold.exe 70a578f7f58456e475facd69469cf20a
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 120 |
2024-06-16 10:35
|
 x86_0929_2.exe dbe26ec226d4e3830352693e0fbb5f56
Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege WriteConsoleW Windows Advertising Remote Code Execution Firmware DNS crashed |
|
1
|
|
|
7.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|