| 1 |
2022-01-20 11:37
|
 7990328700.exe dfc2fa9ab0bce937f89bff8d6d8602aa
RAT Generic Malware SMTP KeyLogger PDF AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces AntiVM_Disk sandbox evasion IP Check VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
8
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://trietlongvinhvien.info//.tmb/ID4/7990328700.bin
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
6
trietlongvinhvien.info(150.95.104.46) - malware
freegeoip.app(162.159.137.85)
checkip.dyndns.org(132.226.247.73)
132.226.8.169
150.95.104.46 - malware
162.159.138.85
|
|
|
19.8 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2022-01-20 11:28
|
 2208604999.exe 8f61511977720cdbb365d74f6603d96b
RAT Generic Malware PDF AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed |
6
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
http://trietlongvinhvien.info//.tmb/ID4/2208604999.jpg
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
|
4
www.petsgallie.com()
trietlongvinhvien.info(150.95.104.46) - malware
150.95.104.46 - malware
51.79.175.139
|
|
|
16.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2022-01-20 10:28
|
 1466350393404834.exe 8b86e421aeff872640274b9ab7bfe646
RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://ozzyingilizce.com/wp-content/sgu/1466350393404834.bin
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
6
freegeoip.app(162.159.138.85)
ozzyingilizce.com(159.253.41.162) - malware
checkip.dyndns.org(158.101.44.242)
159.253.41.162 - malware
132.226.247.73
162.159.138.85
|
|
|
15.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2022-01-20 10:14
|
 9678012459.exe af4fc86d0d07bba1b5ca1f0a7014504e
Loki PWS Loki[b] Loki.m AgentTesla RAT browser info stealer BitCoin Generic Malware Google Chrome User Data TEST Malicious Packer DNS Create Service DGA Socket Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader Scre Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Check virtual network interfaces malicious URLs installed browsers check Windows Exploit Browser Email ComputerName Cryptographic key Software crashed |
2
http://trietlongvinhvien.info//.tmb/ID4/9678012459.jpeg
http://noithatcombo.com.vn/.mbc/need/work/Panel/five/fre.php - rule_id: 10996
|
4
noithatcombo.com.vn(103.221.222.30) - mailcious
trietlongvinhvien.info(150.95.104.46) - malware
103.221.222.30 - malware
150.95.104.46 - malware
|
|
1
http://noithatcombo.com.vn/.mbc/need/work/Panel/five/fre.php
|
18.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2022-01-20 09:40
|
 5510542784046312.exe f49ec9a85b03f6f03d3e05329ba80f91
RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://ozzyingilizce.com/wp-content/sgu/5510542784046312.png
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
6
freegeoip.app(162.159.137.85)
ozzyingilizce.com(159.253.41.162) - malware
checkip.dyndns.org(193.122.130.0)
132.226.8.169
159.253.41.162 - malware
162.159.137.85
|
|
|
15.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2022-01-19 14:06
|
 Jbbmfq.exe c467bc0aecc324a9f19d73d43397acdf
Loki PWS Loki[b] Loki.m RAT .NET framework Generic Malware Malicious Packer Antivirus UPX DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName Cryptographic key Software crashed |
1
http://noithatcombo.com.vn/.mbc/need/work/Panel/five/fre.php - rule_id: 10996
|
4
noithatcombo.com.vn(103.221.222.30) - mailcious
ozzyingilizce.com(159.253.41.162) - malware
103.221.222.30 - malware
159.253.41.162 - malware
|
|
1
http://noithatcombo.com.vn/.mbc/need/work/Panel/five/fre.php
|
17.2 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2022-01-19 14:03
|
 9867015865498708.exe 74297c562b78e23485d6a5376ac4e07d
PWS Loki[b] Loki.m RAT Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
2
http://2.56.56.96/dx/gas/pin.php
http://ozzyingilizce.com/wp-content/sgu/9867015865498708.jpeg
|
3
ozzyingilizce.com(159.253.41.162) - malware
159.253.41.162 - malware
2.56.56.96
|
|
|
17.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2022-01-19 11:56
|
 7823754719107729.exe 26c5dc4002976b3b9ae49f2440929df4
RAT Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
2
http://www.111439d.com/oh75/?t8o=B/bERt/wHlpGPiClXgpfUqPFQza98qmzfCoqaQ0lPZ79RyiuCHtVYbWjzhGosQ6oTRTw5T6w&UlX=XvLHM
http://ozzyingilizce.com/wp-content/sgu/Qwjzfxxa.jpeg
|
4
www.111439d.com(34.102.136.180)
ozzyingilizce.com(159.253.41.162) - malware
159.253.41.162 - malware
34.102.136.180 - mailcious
|
|
|
12.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2022-01-19 11:54
|
 026130784100001.exe 1101631dfb8d6ac799613b5dad62a7e8
RAT Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
5.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
2022-01-19 11:46
|
 6247996184071914.exe 284412fc352ae353414347de9079227b
RAT PWS .NET framework Generic Malware Antivirus UPX Malicious Packer Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://checkip.dyndns.org/
http://ozzyingilizce.com/wp-content/sgu/6247996184071914.png
https://freegeoip.app/xml/175.208.134.150
|
6
freegeoip.app(162.159.137.85)
ozzyingilizce.com(159.253.41.162) - malware
checkip.dyndns.org(158.101.44.242)
193.122.6.168
159.253.41.162 - malware
162.159.138.85
|
|
|
16.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
2022-01-19 11:44
|
 7611168006129179.exe 160b96acafac45a88412986f20804ed2
RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://ozzyingilizce.com/wp-content/sgu/7611168006129179.png
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
8
freegeoip.app(162.159.137.85)
ozzyingilizce.com(159.253.41.162) - malware
checkip.dyndns.org(132.226.8.169)
132.226.8.169
193.122.6.168
162.159.137.85
159.253.41.162 - malware
162.159.138.85
|
|
|
15.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
2022-01-19 11:42
|
 0596482445864510.exe 168678fe11459d971f16b66a55ee8bef
RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://checkip.dyndns.org/
http://ozzyingilizce.com/wp-content/sgu/Hbmyxyzbp.jpeg
https://freegeoip.app/xml/175.208.134.150
|
6
freegeoip.app(162.159.138.85)
ozzyingilizce.com(159.253.41.162) - malware
checkip.dyndns.org(132.226.8.169)
132.226.8.169
159.253.41.162 - malware
162.159.138.85
|
|
|
15.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
2022-01-19 11:41
|
 3100003070410006doc2pdf.exe 865402c884897272e4228fc09f74d9b2
RAT Generic Malware Antivirus PDF AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Browser ComputerName Cryptographic key crashed |
6
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://ozzyingilizce.com/wp-content/sgu/Cccct.jpeg
|
2
ozzyingilizce.com(159.253.41.162) - malware
159.253.41.162 - malware
|
|
|
17.4 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
2022-01-19 11:37
|
 03661025458.exe fae4e457b5286900c04ebf12a4bd7844
RAT Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
2
http://ozzyingilizce.com/wp-content/sgu/Bgvcutksg.jpeg
http://www.111439d.com/oh75/?t8o=B/bERt/wHlpGPiClXgpfUqPFQza98qmzfCoqaQ0lPZ79RyiuCHtVYbWjzhGosQ6oTRTw5T6w&UlX=XvLHM
|
5
www.111439d.com(34.102.136.180)
www.wu6bvnrlz4ra.xyz()
ozzyingilizce.com(159.253.41.162) - malware
159.253.41.162 - malware
34.102.136.180 - mailcious
|
|
|
11.6 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|