106 |
2024-06-18 07:46
|
miner.exe dd5fdaf7d0f6c0cbb695695ed546f54b PE64 PE File Malware download Malware Malicious Traffic unpack itself DNS SilentCryptoMiner |
1
http://94.156.65.121/ACDG57T68GGYB/api/endpoint.php
|
3
randomxmonero.auto.nicehash.com(34.149.22.228) - mailcious 34.149.22.228 - mailcious 94.156.65.121 - malware
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 15 ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request
|
|
2.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
107 |
2024-06-18 07:44
|
1gcctv1.exe 070e6df2b1edef456d1eb581ffa0dc74 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB DNS |
|
3
cctv.haoxiw.com(182.18.208.39) 104.26.13.205 182.18.208.39
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
108 |
2024-06-18 07:41
|
11.exe 792d2de7d845aac6a8e94566ca610952 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB |
|
2
dashengyeyeye.eicp.net(47.111.82.157) 47.111.82.157
|
|
|
1.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
109 |
2024-06-17 13:34
|
servoces64.exe 540c3c9ae1b97353b49de9a216532d72 Anti_VM PE64 PE File VirusTotal Malware |
|
|
|
|
1.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
110 |
2024-06-17 13:33
|
NewLatest.exe 07101cac5b9477ba636cd8ca7b9932cb Amadey Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check PE64 Malware download Amadey VirusTotal Cryptocurrency Miner Malware AutoRuns Malicious Traffic Creates executable files unpack itself AppData folder Windows DNS CoinMiner |
3
http://185.172.128.19/FirstZ.exe - rule_id: 39930 http://185.172.128.116/Mb3GvQs8/index.php - rule_id: 40304 http://185.172.128.116/b2c2c1.exe - rule_id: 40314
|
8
xmr-eu1.nanopool.org(162.19.224.121) - mailcious zeph-eu2.nanopool.org(51.15.61.114) - mailcious pastebin.com(172.67.19.24) - mailcious 51.15.58.224 104.20.3.235 - malware 163.172.171.111 - mailcious 185.172.128.19 - mailcious 185.172.128.116 - mailcious
|
8
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)
|
3
http://185.172.128.19/FirstZ.exe http://185.172.128.116/Mb3GvQs8/index.php http://185.172.128.116/b2c2c1.exe
|
6.4 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
111 |
2024-06-17 13:31
|
monster.exe 3f4f5c57433724a32b7498b6a2c91bf0 Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE64 PE File DLL OS Processor Check wget ftp VirusTotal Malware Check memory Creates executable files unpack itself |
|
|
|
|
2.8 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
112 |
2024-06-17 13:27
|
dhl.exe fc58e29974c49a329c30188f5a468e08 Generic Malware Malicious Library PE File PE32 VirusTotal Malware AutoRuns Creates executable files unpack itself suspicious process Windows |
1
http://star.sp168.tv:7744/8.77.dll
|
2
star.sp168.tv(156.241.4.189) 156.241.4.189 - mailcious
|
1
ET HUNTING Rejetto HTTP File Sever Response
|
|
5.2 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
113 |
2024-06-17 11:20
|
adobe.exe 5fb6f9de46e67ad7d07418a02417aa92 UPX PE64 PE File VirusTotal Malware unpack itself |
|
|
|
|
2.0 |
|
26 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
114 |
2024-06-17 10:26
|
s.exe b7b18619464ce06f97278c1cf029a5cb Browser Login Data Stealer Generic Malware Malicious Packer Malicious Library UPX PE File PE32 Browser Info Stealer VirusTotal Malware Browser DNS |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 15
|
|
2.0 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
115 |
2024-06-17 10:25
|
b.exe ccd45a73d555f6a89b06924e150680e5 Malicious Packer Malicious Library UPX PE File PE32 VirusTotal Malware Windows utilities suspicious process Windows |
4
http://comprobacion-aerolineas.com:9090/status http://comprobacion-aerolineas.com:9090/output http://comprobacion-aerolineas.com:9090/getcmd http://comprobacion-aerolineas.com:9090/register
|
2
comprobacion-aerolineas.com(94.156.67.86) 94.156.67.86 - malware
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 15 ET USER_AGENTS Go HTTP Client User-Agent
|
|
2.6 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
116 |
2024-06-17 09:24
|
3306.exe eb896b51453c804f14c11eee64c0ff79 Malicious Library AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory unpack itself Windows utilities suspicious process AppData folder Windows |
|
2
www2.micrr0soft.com(156.241.4.189) 156.241.4.189
|
|
|
8.0 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
117 |
2024-06-17 09:17
|
adobe.exe 5fb6f9de46e67ad7d07418a02417aa92 PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency unpack itself DNS CoinMiner |
|
2
xmr.2miners.com(162.19.139.184) - mailcious 162.19.139.184 - mailcious
|
1
ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com)
|
|
3.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
118 |
2024-06-16 10:46
|
x86_0929_1.exe cedd4cef78da5751af380902c89f1352 Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege sandbox evasion WriteConsoleW Windows Advertising Remote Code Execution Firmware DNS crashed |
|
1
|
|
|
7.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
119 |
2024-06-16 10:37
|
gold.exe 70a578f7f58456e475facd69469cf20a Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
120 |
2024-06-16 10:35
|
x86_0929_2.exe dbe26ec226d4e3830352693e0fbb5f56 Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege WriteConsoleW Windows Advertising Remote Code Execution Firmware DNS crashed |
|
1
|
|
|
7.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|