| 1 |
2024-08-19 14:24
|
 DarkPacked.exe 6446245c985087b919aa69304d1a8cac
Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 MZP Format OS Processor Check PE64 VirusTotal Malware Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder Windows ComputerName crashed |
|
|
|
|
5.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2024-05-30 09:48
|
 setup%E8%87%AA%E6%9F%A5%E5%85%... 068fb7605542cd8350ed34ec2d767856
Generic Malware Downloader Malicious Library UPX Malicious Packer Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows Browser ComputerName DNS crashed |
1
http://154.220.255.213/7773/cdyxf.png
|
2
154.220.255.213
206.238.220.253
|
|
|
10.6 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2024-03-07 07:57
|
 installer.exe 50a4eb1049a2034fbcd87274731aea36
Emotet Generic Malware Malicious Library UPX Malicious Packer PE32 PE File MZP Format OS Processor Check CAB PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee crashed |
|
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2023-09-23 20:05
|
 DigitalPulse.exe 3e74b7359f603f61b92cf7df47073d4a
Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check PE64 VirusTotal Malware Checks debugger unpack itself AppData folder |
|
|
|
|
2.4 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2023-08-08 09:23
|
 DigitalPulse.exe f0ba8b6ab407e8c0c70f78d5f7cf14a1
Generic Malware UPX Malicious Library OS Processor Check MZP Format PE File PE32 PE64 VirusTotal Malware Checks debugger unpack itself AppData folder |
|
|
|
|
2.0 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2023-07-05 15:08
|
 5a5ad5743da1c888bf3b54ccc3e34f... 5a5ad5743da1c888bf3b54ccc3e34ff5
Gen1 Emotet njRAT backdoor Eredel Stealer Extended Generic Malware Suspicious_Script UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Downloader .NET framework(MSIL) ASPack OS Processor Check MZP Format PE File PE32 DLL icon CAB MS VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Tofsee Ransomware Windows ComputerName |
19
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=04115.00&sar=amd64&o1=netfx_Patch_x64.msp
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=amd64&o1=netfx_Full_x64.msi
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
http://go.microsoft.com/fwlink/?LinkId=862008
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=amd64&o1=netfx_Full.mzz
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
http://go.microsoft.com/fwlink/?LinkId=249120&clcid=0x409
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x412&ar=03761.00&sar=amd64&o1=NDP48-x86-x64-AllOS-KOR.exe
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
https://download.visualstudio.microsoft.com/download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi
https://download.visualstudio.microsoft.com/download/pr/c2ad65ab-bab3-4d24-ada4-aaf2ff0c1266/2a3f786c480c1122ff3696ba1ad9564b/ndp48-x86-x64-allos-kor.exe
https://download.visualstudio.microsoft.com/download/pr/9acd2157-dc1e-41fc-9f4d-35d56fc49f6b/c84b7777456bf0dc89c15571ffdb8e49/netfx_full_x64.msi
https://download.visualstudio.microsoft.com/download/pr/7afca223-55d2-470a-8edc-6a1739ae3252/f3ce41d8623e237d717257d9ae4cec5f/netfx_full_cab.exe
https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab
https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/55e5b1321b16ab92f5e8fd2ea9169147/netfx_patch_x64.msp
|
4
download.visualstudio.microsoft.com(192.229.232.200) -
www.microsoft.com(23.200.154.12) -
23.39.217.133 -
192.229.232.200 -
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.8 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2023-06-11 23:52
|
 msbhv07.exe 25623138f6ab8c72ef15615a76b4adbc
RedLine stealer[m] RAT UPX AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
9.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2023-06-11 23:33
|
 msbhv07.exe 25623138f6ab8c72ef15615a76b4adbc
RedLine stealer[m] RAT UPX AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
9.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2022-10-05 09:33
|
 unknown.exe f57cf9f58d3bf82639a733c0d8119878
Generic Malware Malicious Library UPX PE32 OS Processor Check PE File DLL PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder crashed |
|
|
|
|
3.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
2022-09-21 10:10
|
 arg_rar.exe c277b4a70743041f28445f57129a9927
Generic Malware Malicious Library UPX PE32 OS Processor Check PE File DLL PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check crashed |
|
|
|
|
3.6 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
2022-08-26 17:46
|
 ultrasetup.exe 036cab509f3d1608c25a17390cc24ccf
Gen2 Generic Malware UPX Malicious Library PE32 OS Processor Check PE File PE64 VirusTotal Malware AutoRuns Malicious Traffic Checks debugger unpack itself Windows utilities AppData folder WriteConsoleW Windows Browser ComputerName crashed |
7
http://setuppro.xyz/iam/i.php?mid=25528BB73ece216&mac=&publisherid=installer&company=youk&pubid=0&advid=0 - rule_id: 22121
http://setuppro.xyz/iam/i.php?mid=25528BB73ece216&mac=&publisherid=installer&company=youk&pubid=0&advid=0
http://setuppro.xyz/guid.php - rule_id: 22123
http://setuppro.xyz/guid.php
http://setuppro.xyz/iam/ins.php?SMAC=&User=test22PCtest22&UUID=25528BB7-B449-A342-B397-00D24064AA0D&Vendor=innotekGmbH&Name=VirtualBox&HDDSerialNumber=VB4b297b00-73ece216&Caption=MicrosoftWindows7ProfessionalKN&OSArchitectures=64-bit&OSerialNumber=61417-561-4045436-92488&ProcessorName=Intel(R)Core(TM)i5-8400CPU@2.80GHz&RAM=5368242176&version=1.52&publisherid=installer - rule_id: 22120
http://setuppro.xyz/iam/ins.php?SMAC=&User=test22PCtest22&UUID=25528BB7-B449-A342-B397-00D24064AA0D&Vendor=innotekGmbH&Name=VirtualBox&HDDSerialNumber=VB4b297b00-73ece216&Caption=MicrosoftWindows7ProfessionalKN&OSArchitectures=64-bit&OSerialNumber=61417-561-4045436-92488&ProcessorName=Intel(R)Core(TM)i5-8400CPU@2.80GHz&RAM=5368242176&version=1.52&publisherid=installer
http://setuppro.xyz/express.php?uid=25528BB73ece216 - rule_id: 22124
|
2
setuppro.xyz(74.208.236.195) - malware
74.208.236.195 - phishing
|
|
4
http://setuppro.xyz/iam/i.php
http://setuppro.xyz/guid.php
http://setuppro.xyz/iam/ins.php
http://setuppro.xyz/express.php
|
6.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
2022-08-26 17:23
|
 FamilyTreeMadeSimpleSetup.exe 15d662c8c08546225a2cc7aa985e6b99
Gen2 Generic Malware UPX Malicious Library PE32 OS Processor Check PE File DLL PE64 VirusTotal Malware AutoRuns Malicious Traffic Checks debugger Creates executable files unpack itself Windows utilities AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows Browser ComputerName crashed |
5
http://setuppro.xyz/iam/ins.php?SMAC=&User=test22PCtest22&UUID=2C43E82A-4640-204B-882F-B25EE182DD03&Vendor=innotekGmbH&Name=VirtualBox&HDDSerialNumber=VB67b7ddd6-f198d1d2&Caption=MicrosoftWindows7ProfessionalN&OSArchitectures=64-bit&OSerialNumber=87241-140-7508860-80129&ProcessorName=Intel(R)Core(TM)i5-8400CPU@2.80GHz&RAM=5368242176&version=1.52&publisherid=installer
http://setuppro.xyz/guid.php
http://setuppro.xyz/express.php?uid=2C43E82A198d1d2
http://setuppro.xyz/iam/i.php?mid=2C43E82A198d1d2&mac=&publisherid=installer&company=youk&pubid=0&advid=0
http://setuppro.xyz/setup/ultrasetup.exe
|
4
setuppro.xyz(74.208.236.195)
installtracker.cfd(162.0.229.248)
162.0.229.248 - mailcious
74.208.236.195 - phishing
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO TLS Handshake Failure
|
|
7.4 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
2022-07-28 17:03
|
 thessv3.82.1.exe e5767b09860131a8c1e7d67d8b114ba4
UPX AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
7.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
2022-06-09 10:31
|
 OrigiBuild.exe bedd102705b18c32efaa5f6b95151c44
RedLine stealer[m] RAT AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications suspicious process WriteConsoleW installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed |
|
1
193.106.191.222 - malware
|
|
|
12.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
2022-05-18 10:59
|
 btx.exe a6e96bf0130722d75c0ce9715bc2e483
RAT AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic ICMP traffic unpack itself WriteConsoleW DNS |
3
http://www.mommoth.club/sn12/?oPqpRL=M1FrCRBfZI4URM1OR9+PPRBG9+ZjtDf1KcSpQBV/o5qXUsKvPLp9knFexYRpxxJTz8QEmRaD&Lv0h=ZTypDbLPA
http://www.thebeautifullifeofthearth.com/sn12/?oPqpRL=+bAqrraOPFP6G7VNldvEvmQlIsf6EpITHpJV0mplF4OII8J3s/Rhv2hUxoigmbYJPULf8A1w&Lv0h=ZTypDbLPA
http://a1prestige.cf/m/Tbqzh_Upfmzfqb.jpg
|
7
www.mommoth.club(23.88.111.156)
www.rameshgoostar.com()
www.thebeautifullifeofthearth.com(192.0.78.25)
a1prestige.cf(192.185.174.178) - malware
23.88.111.156
192.185.174.178 - malware
192.0.78.25 - mailcious
|
3
ET HUNTING Request to .CF Domain with Minimal Headers
ET MALWARE FormBook CnC Checkin (GET)
ET INFO DNS Query for Suspicious .cf Domain
|
|
3.8 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|