106 |
2022-09-03 12:57
|
making-it-in-the-mar_9x1mHp3G.... f5329603a841619f5d79094b24c76bd1 Emotet Gen1 UPX Confuser .NET Malicious Library ASPack PE32 PE File PE64 OS Processor Check DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed |
|
|
|
|
4.6 |
|
4 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
107 |
2022-08-29 18:17
|
174.exe dd63cc34192462ccbcdf6182c54756fc Emotet UPX Malicious Library PE32 PE File VirusTotal Malware Malicious Traffic Tofsee ComputerName DNS |
1
https://files-cdn.com/hvnc.dll
|
3
files-cdn.com(91.216.163.91) 168.100.8.124 91.216.163.91 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.8 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
108 |
2022-05-23 07:43
|
yyy.exe 9f031a71a8f4dedaff85f360942cd0b7 RAT Formbook UPX Malicious Library ASPack AntiDebug AntiVM PE32 .NET EXE PE File OS Processor Check FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic unpack itself Windows utilities WriteConsoleW Windows DNS |
2
http://darley.ml/n/Qkfmumwl_Cyfcempd.png http://www.3rdeyefocused.com/s4s9/?9rq=wIZIfktqFMl/6bM9kVZTY65yeMHieRAChUYQvnn+psTGXAAGTSJ/rOU7GimtFJqJJ1rVd5qj&OtNlCp=wZOPRFtPlJUXe
|
6
www.3rdeyefocused.com(192.64.119.242) www.usaprostatecenter.com() www.worldchannelconference.com() darley.ml(192.185.174.178) - malware 192.185.174.178 - malware 192.64.119.242
|
4
ET INFO DNS Query for Suspicious .ml Domain ET HUNTING Request to .ML Domain with Minimal Headers ET INFO HTTP Request to a *.ml domain ET MALWARE FormBook CnC Checkin (GET)
|
|
5.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
109 |
2022-03-10 15:24
|
1058_1646243983_1339.exe 0fc132aa72e2b85b0cecc8037c224f81 task schedule Admin Tool (Sysinternals etc ...) UPX Create Service DGA Socket Http API DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges P2P Steal credential Downloader ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
12.8 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
110 |
2022-03-10 10:04
|
8881_1645494665_4277.exe 602205aba3faa10df5a2fffca43cfc7f RAT PE File .NET EXE PE32 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee |
1
https://cdn.discordapp.com/attachments/930911038906462260/945453232677859428/installer.png
|
2
cdn.discordapp.com(162.159.134.233) - malware 162.159.133.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
111 |
2022-01-19 11:35
|
DriversFix_Setup.exe e345d89e01136e84982a83abc00fb362 Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 .NET DLL DLL .NET EXE OS Processor Check PE64 GIF Format VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check human activity check Windows ComputerName |
|
|
|
|
6.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
112 |
2021-12-22 11:11
|
cyz1qjhkwya.exe 24d7b3e065cb0570a44a101641acd8b4 RedLine stealer[m] Emotet VMProtect Malicious Library AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
11.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
113 |
2021-11-04 15:18
|
setup.exe bab66a1efbd3c6e65c5a6e01deea8367 Emotet Gen2 Formbook RAT PWS .NET framework Gen1 Eredel Stealer Extended njRAT backdoor Loki[b] Loki.m Generic Malware Malicious Library UPX Malicious Packer ASPack Admin Tool (Sysinternals etc ...) PE File PE32 DLL OS Processor Check MSOffice File PE Malware download VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key crashed |
18
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full_x64.msi http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03062.00&sar=amd64&o1=netfx_Full.mzz http://go.microsoft.com/fwlink/?LinkId=862008 http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl http://go.microsoft.com/fwlink/?LinkId=249120&clcid=0x409 http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl http://indug.com/68.exe http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net472Rel1&plcid=0x409&clcid=0x409&ar=03081.00&sar=amd64&o1=netfx_Patch_x64.msp https://download.visualstudio.microsoft.com/download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/61ef25faf2ae00460f6a77e29327699a/netfx_patch_x64.msp https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab https://download.visualstudio.microsoft.com/download/pr/7db06743-abf0-4a85-a9d3-5af54b6cabcc/cc8282475d16202c4dca707e83cf0ae0/netfx_full_x64.msi https://download.microsoft.com/download/b/9/5/b95136c0-58a0-48df-821a-d05319a86852/enu_NETFX/amd64_netfx_full_mzz/netfx_full_cab.exe
|
11
indug.com(47.254.184.183) download.visualstudio.microsoft.com(192.229.232.200) download.microsoft.com(104.109.240.114) www.microsoft.com(23.201.37.168) 121.254.136.16 104.75.21.121 34.117.59.81 47.254.184.183 23.201.36.112 23.201.37.168 192.229.232.200
|
5
ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/Nemucod.M.gen downloading EXE payload ET INFO EXE - Served Attached HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.2 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
114 |
2021-11-04 14:55
|
setup.exe 3329dc6e93761fd9597063f368ea952c Emotet RAT Gen1 Malicious Library UPX PE File PE32 PE64 DLL OS Processor Check Malware download VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName DNS crashed |
1
http://trgramm.com/71.exe
|
3
trgramm.com(47.254.184.183) 34.117.59.81 47.254.184.183
|
4
ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/Nemucod.M.gen downloading EXE payload ET INFO EXE - Served Attached HTTP
|
|
6.2 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
115 |
2021-10-12 10:16
|
%E5%88%9D%E5%A6%86%E5%8A%A9%E6... 5019b4c4d5e6b67a826897bff52a0d23 Emotet Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check PE64 VirusTotal Malware Checks debugger unpack itself AppData folder DNS |
|
1
|
|
|
2.8 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
116 |
2021-10-07 18:14
|
CalcCryptoInstalww.exe 86a1c8f0737fc82085f4a859733c9514 Emotet RAT Gen1 Generic Malware Themida Packer Malicious Library UPX Antivirus PE File PE32 OS Processor Check .NET EXE GIF Format PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed |
3
http://gdv.federguda.ru/PeZcZ/ http://gdv.federguda.ru/ http://e6tfvc.federguda.ru/
|
6
e6tfvc.federguda.ru(81.177.141.85) gdv.federguda.ru(81.177.141.85) lessab.space(80.66.87.32) 185.215.113.121 81.177.141.85 - mailcious 80.66.87.32 - mailcious
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
|
|
13.6 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
117 |
2021-10-07 11:05
|
mtz_ami_vyber.exe b9b0a03d3102e82d508253665b5c1ccd Emotet RAT Gen1 Malicious Library UPX PE File PE32 OS Processor Check PE64 VirusTotal Malware Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check human activity check ComputerName |
|
|
|
|
3.4 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
118 |
2021-09-20 09:45
|
76.exe cbf7ac18207051de82560b4621f7905f Emotet RAT Gen1 UPX Malicious Library PE File PE32 PE64 DLL OS Processor Check Malware download VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed |
1
http://fareits.com/76.exe
|
2
fareits.com(172.67.169.14) 172.67.169.14
|
1
ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
|
|
3.8 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
119 |
2021-08-27 15:31
|
68.exe c67c410c4be756c6bf3b0995f4fbb283 Emotet RAT Gen1 Malicious Library UPX PE File PE32 PE64 DLL OS Processor Check Malware download VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check ComputerName crashed |
1
http://gillyou.info/soft/68.exe
|
2
gillyou.info(172.67.209.85) 172.67.209.85
|
1
ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
|
|
4.4 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
120 |
2021-08-19 14:49
|
Setup.exe 2f32cfb886b28c28958054d20060e56c Emotet Gen1 Generic Malware UPX Malicious Library PE File PE32 OS Processor Check PE64 DLL Check memory Checks debugger Creates executable files unpack itself AppData folder |
|
|
|
|
2.2 |
|
|
Kim.GS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|