1 |
2024-08-19 14:24
|
DarkPacked.exe 6446245c985087b919aa69304d1a8cac Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 MZP Format OS Processor Check PE64 VirusTotal Malware Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder Windows ComputerName crashed |
|
|
|
|
5.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
2024-05-30 09:48
|
setup%E8%87%AA%E6%9F%A5%E5%85%... 068fb7605542cd8350ed34ec2d767856 Generic Malware Downloader Malicious Library UPX Malicious Packer Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows Browser ComputerName DNS crashed |
1
http://154.220.255.213/7773/cdyxf.png
|
2
154.220.255.213 206.238.220.253
|
|
|
10.6 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
2024-03-07 07:57
|
installer.exe 50a4eb1049a2034fbcd87274731aea36 Emotet Generic Malware Malicious Library UPX Malicious Packer PE32 PE File MZP Format OS Processor Check CAB PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee crashed |
|
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
2023-09-23 20:05
|
DigitalPulse.exe 3e74b7359f603f61b92cf7df47073d4a Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check PE64 VirusTotal Malware Checks debugger unpack itself AppData folder |
|
|
|
|
2.4 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
2023-08-08 09:23
|
DigitalPulse.exe f0ba8b6ab407e8c0c70f78d5f7cf14a1 Generic Malware UPX Malicious Library OS Processor Check MZP Format PE File PE32 PE64 VirusTotal Malware Checks debugger unpack itself AppData folder |
|
|
|
|
2.0 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6 |
2023-07-05 15:08
|
5a5ad5743da1c888bf3b54ccc3e34f... 5a5ad5743da1c888bf3b54ccc3e34ff5 Gen1 Emotet njRAT backdoor Eredel Stealer Extended Generic Malware Suspicious_Script UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Downloader .NET framework(MSIL) ASPack OS Processor Check MZP Format PE File PE32 DLL icon CAB MS VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Tofsee Ransomware Windows ComputerName |
19
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=04115.00&sar=amd64&o1=netfx_Patch_x64.msp http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=amd64&o1=netfx_Full_x64.msi http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl http://go.microsoft.com/fwlink/?LinkId=862008 http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=amd64&o1=netfx_Full.mzz http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl http://go.microsoft.com/fwlink/?LinkId=249120&clcid=0x409 http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x412&ar=03761.00&sar=amd64&o1=NDP48-x86-x64-AllOS-KOR.exe http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl https://download.visualstudio.microsoft.com/download/pr/375f6a02-34bc-4b7d-ad8b-957789cf81e8/e4abafc291524af6e2b478f5d4857f0a/netfx_full_x64.msi https://download.visualstudio.microsoft.com/download/pr/c2ad65ab-bab3-4d24-ada4-aaf2ff0c1266/2a3f786c480c1122ff3696ba1ad9564b/ndp48-x86-x64-allos-kor.exe https://download.visualstudio.microsoft.com/download/pr/9acd2157-dc1e-41fc-9f4d-35d56fc49f6b/c84b7777456bf0dc89c15571ffdb8e49/netfx_full_x64.msi https://download.visualstudio.microsoft.com/download/pr/7afca223-55d2-470a-8edc-6a1739ae3252/f3ce41d8623e237d717257d9ae4cec5f/netfx_full_cab.exe https://download.visualstudio.microsoft.com/download/pr/887938c3-2a46-4069-a0b1-207035f1dd82/f0771dabc43ba46cfe9e3481840a7944/windows6.1-kb4019990-x64.cab https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/55e5b1321b16ab92f5e8fd2ea9169147/netfx_patch_x64.msp
|
4
download.visualstudio.microsoft.com(192.229.232.200) - www.microsoft.com(23.200.154.12) - 23.39.217.133 - 192.229.232.200 -
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.8 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7 |
2023-06-11 23:52
|
msbhv07.exe 25623138f6ab8c72ef15615a76b4adbc RedLine stealer[m] RAT UPX AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
9.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
2023-06-11 23:33
|
msbhv07.exe 25623138f6ab8c72ef15615a76b4adbc RedLine stealer[m] RAT UPX AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
9.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
2022-10-05 09:33
|
unknown.exe f57cf9f58d3bf82639a733c0d8119878 Generic Malware Malicious Library UPX PE32 OS Processor Check PE File DLL PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder crashed |
|
|
|
|
3.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10 |
2022-09-21 10:10
|
arg_rar.exe c277b4a70743041f28445f57129a9927 Generic Malware Malicious Library UPX PE32 OS Processor Check PE File DLL PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check crashed |
|
|
|
|
3.6 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
11 |
2022-08-26 17:46
|
ultrasetup.exe 036cab509f3d1608c25a17390cc24ccf Gen2 Generic Malware UPX Malicious Library PE32 OS Processor Check PE File PE64 VirusTotal Malware AutoRuns Malicious Traffic Checks debugger unpack itself Windows utilities AppData folder WriteConsoleW Windows Browser ComputerName crashed |
7
http://setuppro.xyz/iam/i.php?mid=25528BB73ece216&mac=&publisherid=installer&company=youk&pubid=0&advid=0 - rule_id: 22121 http://setuppro.xyz/iam/i.php?mid=25528BB73ece216&mac=&publisherid=installer&company=youk&pubid=0&advid=0 http://setuppro.xyz/guid.php - rule_id: 22123 http://setuppro.xyz/guid.php http://setuppro.xyz/iam/ins.php?SMAC=&User=test22PCtest22&UUID=25528BB7-B449-A342-B397-00D24064AA0D&Vendor=innotekGmbH&Name=VirtualBox&HDDSerialNumber=VB4b297b00-73ece216&Caption=MicrosoftWindows7ProfessionalKN&OSArchitectures=64-bit&OSerialNumber=61417-561-4045436-92488&ProcessorName=Intel(R)Core(TM)i5-8400CPU@2.80GHz&RAM=5368242176&version=1.52&publisherid=installer - rule_id: 22120 http://setuppro.xyz/iam/ins.php?SMAC=&User=test22PCtest22&UUID=25528BB7-B449-A342-B397-00D24064AA0D&Vendor=innotekGmbH&Name=VirtualBox&HDDSerialNumber=VB4b297b00-73ece216&Caption=MicrosoftWindows7ProfessionalKN&OSArchitectures=64-bit&OSerialNumber=61417-561-4045436-92488&ProcessorName=Intel(R)Core(TM)i5-8400CPU@2.80GHz&RAM=5368242176&version=1.52&publisherid=installer http://setuppro.xyz/express.php?uid=25528BB73ece216 - rule_id: 22124
|
2
setuppro.xyz(74.208.236.195) - malware 74.208.236.195 - phishing
|
|
4
http://setuppro.xyz/iam/i.php http://setuppro.xyz/guid.php http://setuppro.xyz/iam/ins.php http://setuppro.xyz/express.php
|
6.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
2022-08-26 17:23
|
FamilyTreeMadeSimpleSetup.exe 15d662c8c08546225a2cc7aa985e6b99 Gen2 Generic Malware UPX Malicious Library PE32 OS Processor Check PE File DLL PE64 VirusTotal Malware AutoRuns Malicious Traffic Checks debugger Creates executable files unpack itself Windows utilities AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows Browser ComputerName crashed |
5
http://setuppro.xyz/iam/ins.php?SMAC=&User=test22PCtest22&UUID=2C43E82A-4640-204B-882F-B25EE182DD03&Vendor=innotekGmbH&Name=VirtualBox&HDDSerialNumber=VB67b7ddd6-f198d1d2&Caption=MicrosoftWindows7ProfessionalN&OSArchitectures=64-bit&OSerialNumber=87241-140-7508860-80129&ProcessorName=Intel(R)Core(TM)i5-8400CPU@2.80GHz&RAM=5368242176&version=1.52&publisherid=installer http://setuppro.xyz/guid.php http://setuppro.xyz/express.php?uid=2C43E82A198d1d2 http://setuppro.xyz/iam/i.php?mid=2C43E82A198d1d2&mac=&publisherid=installer&company=youk&pubid=0&advid=0 http://setuppro.xyz/setup/ultrasetup.exe
|
4
setuppro.xyz(74.208.236.195) installtracker.cfd(162.0.229.248) 162.0.229.248 - mailcious 74.208.236.195 - phishing
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO TLS Handshake Failure
|
|
7.4 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
13 |
2022-07-28 17:03
|
thessv3.82.1.exe e5767b09860131a8c1e7d67d8b114ba4 UPX AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
7.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14 |
2022-06-09 10:31
|
OrigiBuild.exe bedd102705b18c32efaa5f6b95151c44 RedLine stealer[m] RAT AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications suspicious process WriteConsoleW installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed |
|
1
193.106.191.222 - malware
|
|
|
12.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
15 |
2022-05-18 10:59
|
btx.exe a6e96bf0130722d75c0ce9715bc2e483 RAT AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic ICMP traffic unpack itself WriteConsoleW DNS |
3
http://www.mommoth.club/sn12/?oPqpRL=M1FrCRBfZI4URM1OR9+PPRBG9+ZjtDf1KcSpQBV/o5qXUsKvPLp9knFexYRpxxJTz8QEmRaD&Lv0h=ZTypDbLPA http://www.thebeautifullifeofthearth.com/sn12/?oPqpRL=+bAqrraOPFP6G7VNldvEvmQlIsf6EpITHpJV0mplF4OII8J3s/Rhv2hUxoigmbYJPULf8A1w&Lv0h=ZTypDbLPA http://a1prestige.cf/m/Tbqzh_Upfmzfqb.jpg
|
7
www.mommoth.club(23.88.111.156) www.rameshgoostar.com() www.thebeautifullifeofthearth.com(192.0.78.25) a1prestige.cf(192.185.174.178) - malware 23.88.111.156 192.185.174.178 - malware 192.0.78.25 - mailcious
|
3
ET HUNTING Request to .CF Domain with Minimal Headers ET MALWARE FormBook CnC Checkin (GET) ET INFO DNS Query for Suspicious .cf Domain
|
|
3.8 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|