1 |
2024-06-14 07:38
|
setup%E4%B8%8B%E8%BD%BD%E5%90%... 01b29e7c45075d9d419dcccfed358395 Malicious Library PE64 PE File DNS |
1
http://8.134.254.205/123.conf
|
1
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
2022-10-31 17:05
|
a.exe fb8ea040070d753d1003bc5fc54e6d8c RAT Generic Malware Antivirus DNS AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key |
|
2
maxlogs.webhop.me(23.105.131.249) 23.105.131.249 - mailcious
|
1
ET POLICY DNS Query to DynDNS Domain *.webhop .me
|
|
15.4 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
2022-10-31 17:05
|
ds.exe 309c42fc6e92695fd99c8c1594ac31d0 PWS[m] RAT email stealer Downloader Socket DNS Code injection KeyLogger Escalate priviledges persistence AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs WriteConsoleW Windows DNS Cryptographic key DDNS |
|
2
newvic.myvnc.com(79.134.225.69) 79.134.225.69 - mailcious
|
1
ET POLICY DNS Query to DynDNS Domain *.myvnc .com
|
|
13.2 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
2022-10-30 10:41
|
vbc.exe cde6d25b8637e33946633be25e3fc199 Loki PWS[m] PWS Loki[b] Loki.m RAT DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software |
1
http://208.67.105.162/perez/five/fre.php - rule_id: 23305
|
1
208.67.105.162 - mailcious
|
|
1
http://208.67.105.162/perez/five/fre.php
|
14.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
2022-10-29 18:11
|
vbc.exe f447e1d8bc8b15743fb78d77b1eb8f5a RAT AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
1
http://www.obliteratethepresent.com/sg62/?v6=wNMYvtr8byR9vD4XYWvs8joHpRpeRQO0v8e+/aJ7JaW0fOVvcLW8UsojyW+9I+ByKI0N4TlA&1b=V6RpsLj0n
|
4
www.bluemoonheirlooms.com() www.novafunctionalfoods.com() www.obliteratethepresent.com(198.49.23.144) 198.49.23.144 - mailcious
|
|
|
8.2 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6 |
2022-07-15 10:34
|
7sa9BpCVdDRcrMWiROv3 ff6ee1ef620f6fd055c3f906ba29cbf4 UPX Malicious Library DLL PE64 PE File Dridex TrickBot VirusTotal Malware Report AutoRuns Check memory unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS crashed |
|
8
172.105.226.75 - mailcious 104.168.155.143 - mailcious 213.239.212.5 - mailcious 164.90.222.65 - mailcious 207.148.79.14 - mailcious 149.56.131.28 - mailcious 196.218.30.83 - mailcious 144.202.108.116 - mailcious
|
7
ET CNC Feodo Tracker Reported CnC Server group 8 ET CNC Feodo Tracker Reported CnC Server group 15 ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 7 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 5
|
|
7.8 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7 |
2022-07-15 07:57
|
FnrTI 745dac0fc6ed20141b8e9b80b76addc4 UPX Malicious Library DLL PE64 PE File Dridex TrickBot VirusTotal Malware Report AutoRuns Check memory unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS |
|
8
172.105.226.75 - mailcious 104.168.155.143 - mailcious 213.239.212.5 - mailcious 164.90.222.65 - mailcious 207.148.79.14 - mailcious 149.56.131.28 - mailcious 196.218.30.83 - mailcious 144.202.108.116 - mailcious
|
7
ET CNC Feodo Tracker Reported CnC Server group 15 ET CNC Feodo Tracker Reported CnC Server group 2 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 7 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 8 ET CNC Feodo Tracker Reported CnC Server group 5
|
|
7.6 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
2022-07-11 09:25
|
EOgFGo17w 35ffcbaff01c1a882a48aa7e9bb32338 Malicious Library UPX DLL PE File PE64 Dridex TrickBot VirusTotal Malware Report AutoRuns ICMP traffic unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Kovter Windows ComputerName DNS crashed |
|
26
175.126.176.79 - mailcious 103.71.99.57 - mailcious 62.171.178.147 - mailcious 188.225.32.231 - mailcious 178.238.225.252 - mailcious 178.62.112.199 - mailcious 174.138.33.49 - mailcious 198.199.70.22 - mailcious 103.41.204.169 - mailcious 139.59.80.108 - mailcious 103.85.95.4 - mailcious 196.44.98.190 - mailcious 128.199.217.206 - mailcious 188.165.79.151 - mailcious 54.37.106.167 - mailcious 37.44.244.177 - mailcious 103.224.241.74 - mailcious 5.253.30.17 - mailcious 190.145.8.4 - mailcious 54.37.228.122 - mailcious 104.248.225.227 - mailcious 202.134.4.210 - mailcious 103.126.216.86 - mailcious 139.196.72.155 - mailcious 87.106.97.83 - mailcious 165.232.185.110 - mailcious
|
10
ET CNC Feodo Tracker Reported CnC Server group 11 ET CNC Feodo Tracker Reported CnC Server group 21 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 13 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 1 ET CNC Feodo Tracker Reported CnC Server group 10 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 9
|
|
9.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
2022-07-09 13:55
|
NxYwE8FyaIw3Kgile ea0d73a3215825620901196d086e8887 Malicious Library UPX DLL PE File PE64 Dridex TrickBot VirusTotal Malware Report AutoRuns unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Kovter Windows ComputerName DNS crashed |
|
8
172.105.226.75 - mailcious 104.168.155.143 - mailcious 213.239.212.5 - mailcious 164.90.222.65 - mailcious 207.148.79.14 - mailcious 149.56.131.28 - mailcious 196.218.30.83 - mailcious 144.202.108.116 - mailcious
|
7
ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 8 ET CNC Feodo Tracker Reported CnC Server group 15 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 7 ET CNC Feodo Tracker Reported CnC Server group 5
|
|
7.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10 |
2022-07-08 20:26
|
9dwcb1g2Vqh3Owz 88fcb7e4f43e8a1c3eaac09cd1b6e421 Malicious Library UPX DLL PE File PE64 Dridex TrickBot VirusTotal Malware Report AutoRuns Check memory ICMP traffic unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS crashed |
|
26
175.126.176.79 - mailcious 103.71.99.57 - mailcious 62.171.178.147 - mailcious 188.225.32.231 - mailcious 178.238.225.252 - mailcious 178.62.112.199 - mailcious 174.138.33.49 - mailcious 198.199.70.22 - mailcious 103.41.204.169 - mailcious 139.59.80.108 - mailcious 103.85.95.4 - mailcious 196.44.98.190 - mailcious 128.199.217.206 - mailcious 188.165.79.151 - mailcious 54.37.106.167 - mailcious 37.44.244.177 - mailcious 103.224.241.74 - mailcious 5.253.30.17 - mailcious 190.145.8.4 - mailcious 54.37.228.122 - mailcious 104.248.225.227 - mailcious 202.134.4.210 - mailcious 103.126.216.86 - mailcious 139.196.72.155 - mailcious 87.106.97.83 - mailcious 165.232.185.110 - mailcious
|
10
ET CNC Feodo Tracker Reported CnC Server group 11 ET CNC Feodo Tracker Reported CnC Server group 13 ET CNC Feodo Tracker Reported CnC Server group 2 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 21 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 9 ET CNC Feodo Tracker Reported CnC Server group 1 ET CNC Feodo Tracker Reported CnC Server group 4 ET CNC Feodo Tracker Reported CnC Server group 10
|
|
8.2 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
11 |
2022-07-08 19:11
|
9dwcb1g2Vqh3Owz 0abd7dda188ea78fc9e5f7235752ed17 Malicious Library UPX DLL PE File PE64 Dridex TrickBot VirusTotal Malware Report AutoRuns Check memory unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS crashed |
|
25
175.126.176.79 - mailcious 103.71.99.57 - mailcious 62.171.178.147 - mailcious 188.225.32.231 - mailcious 178.238.225.252 - mailcious 178.62.112.199 - mailcious 174.138.33.49 - mailcious 198.199.70.22 - mailcious 103.41.204.169 - mailcious 139.59.80.108 - mailcious 103.85.95.4 - mailcious 196.44.98.190 - mailcious 128.199.217.206 - mailcious 188.165.79.151 - mailcious 54.37.106.167 - mailcious 103.224.241.74 - mailcious 5.253.30.17 - mailcious 190.145.8.4 - mailcious 54.37.228.122 - mailcious 104.248.225.227 - mailcious 202.134.4.210 - mailcious 103.126.216.86 - mailcious 139.196.72.155 - mailcious 87.106.97.83 - mailcious 165.232.185.110 - mailcious
|
10
ET CNC Feodo Tracker Reported CnC Server group 11 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 13 ET CNC Feodo Tracker Reported CnC Server group 21 ET CNC Feodo Tracker Reported CnC Server group 2 ET CNC Feodo Tracker Reported CnC Server group 9 ET CNC Feodo Tracker Reported CnC Server group 10 ET CNC Feodo Tracker Reported CnC Server group 1 ET CNC Feodo Tracker Reported CnC Server group 4
|
|
7.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|