| 1 |
2024-06-14 07:38
|
 setup%E4%B8%8B%E8%BD%BD%E5%90%... 01b29e7c45075d9d419dcccfed358395
Malicious Library PE64 PE File DNS |
1
http://8.134.254.205/123.conf
|
1
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2022-10-31 17:05
|
 a.exe fb8ea040070d753d1003bc5fc54e6d8c
RAT Generic Malware Antivirus DNS AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key |
|
2
maxlogs.webhop.me(23.105.131.249)
23.105.131.249 - mailcious
|
1
ET POLICY DNS Query to DynDNS Domain *.webhop .me
|
|
15.4 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2022-10-31 17:05
|
 ds.exe 309c42fc6e92695fd99c8c1594ac31d0
PWS[m] RAT email stealer Downloader Socket DNS Code injection KeyLogger Escalate priviledges persistence AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs WriteConsoleW Windows DNS Cryptographic key DDNS |
|
2
newvic.myvnc.com(79.134.225.69)
79.134.225.69 - mailcious
|
1
ET POLICY DNS Query to DynDNS Domain *.myvnc .com
|
|
13.2 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2022-10-30 10:41
|
 vbc.exe cde6d25b8637e33946633be25e3fc199
Loki PWS[m] PWS Loki[b] Loki.m RAT DNS AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software |
1
http://208.67.105.162/perez/five/fre.php - rule_id: 23305
|
1
208.67.105.162 - mailcious
|
|
1
http://208.67.105.162/perez/five/fre.php
|
14.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2022-10-29 18:11
|
 vbc.exe f447e1d8bc8b15743fb78d77b1eb8f5a
RAT AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
1
http://www.obliteratethepresent.com/sg62/?v6=wNMYvtr8byR9vD4XYWvs8joHpRpeRQO0v8e+/aJ7JaW0fOVvcLW8UsojyW+9I+ByKI0N4TlA&1b=V6RpsLj0n
|
4
www.bluemoonheirlooms.com()
www.novafunctionalfoods.com()
www.obliteratethepresent.com(198.49.23.144)
198.49.23.144 - mailcious
|
|
|
8.2 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2022-07-15 10:34
|
 7sa9BpCVdDRcrMWiROv3 ff6ee1ef620f6fd055c3f906ba29cbf4
UPX Malicious Library DLL PE64 PE File Dridex TrickBot VirusTotal Malware Report AutoRuns Check memory unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS crashed |
|
8
172.105.226.75 - mailcious
104.168.155.143 - mailcious
213.239.212.5 - mailcious
164.90.222.65 - mailcious
207.148.79.14 - mailcious
149.56.131.28 - mailcious
196.218.30.83 - mailcious
144.202.108.116 - mailcious
|
7
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 15
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 7
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 5
|
|
7.8 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2022-07-15 07:57
|
 FnrTI 745dac0fc6ed20141b8e9b80b76addc4
UPX Malicious Library DLL PE64 PE File Dridex TrickBot VirusTotal Malware Report AutoRuns Check memory unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS |
|
8
172.105.226.75 - mailcious
104.168.155.143 - mailcious
213.239.212.5 - mailcious
164.90.222.65 - mailcious
207.148.79.14 - mailcious
149.56.131.28 - mailcious
196.218.30.83 - mailcious
144.202.108.116 - mailcious
|
7
ET CNC Feodo Tracker Reported CnC Server group 15
ET CNC Feodo Tracker Reported CnC Server group 2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 7
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 5
|
|
7.6 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2022-07-11 09:25
|
 EOgFGo17w 35ffcbaff01c1a882a48aa7e9bb32338
Malicious Library UPX DLL PE File PE64 Dridex TrickBot VirusTotal Malware Report AutoRuns ICMP traffic unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Kovter Windows ComputerName DNS crashed |
|
26
175.126.176.79 - mailcious
103.71.99.57 - mailcious
62.171.178.147 - mailcious
188.225.32.231 - mailcious
178.238.225.252 - mailcious
178.62.112.199 - mailcious
174.138.33.49 - mailcious
198.199.70.22 - mailcious
103.41.204.169 - mailcious
139.59.80.108 - mailcious
103.85.95.4 - mailcious
196.44.98.190 - mailcious
128.199.217.206 - mailcious
188.165.79.151 - mailcious
54.37.106.167 - mailcious
37.44.244.177 - mailcious
103.224.241.74 - mailcious
5.253.30.17 - mailcious
190.145.8.4 - mailcious
54.37.228.122 - mailcious
104.248.225.227 - mailcious
202.134.4.210 - mailcious
103.126.216.86 - mailcious
139.196.72.155 - mailcious
87.106.97.83 - mailcious
165.232.185.110 - mailcious
|
10
ET CNC Feodo Tracker Reported CnC Server group 11
ET CNC Feodo Tracker Reported CnC Server group 21
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 13
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 1
ET CNC Feodo Tracker Reported CnC Server group 10
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 9
|
|
9.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2022-07-09 13:55
|
 NxYwE8FyaIw3Kgile ea0d73a3215825620901196d086e8887
Malicious Library UPX DLL PE File PE64 Dridex TrickBot VirusTotal Malware Report AutoRuns unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Kovter Windows ComputerName DNS crashed |
|
8
172.105.226.75 - mailcious
104.168.155.143 - mailcious
213.239.212.5 - mailcious
164.90.222.65 - mailcious
207.148.79.14 - mailcious
149.56.131.28 - mailcious
196.218.30.83 - mailcious
144.202.108.116 - mailcious
|
7
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 15
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 7
ET CNC Feodo Tracker Reported CnC Server group 5
|
|
7.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
2022-07-08 20:26
|
 9dwcb1g2Vqh3Owz 88fcb7e4f43e8a1c3eaac09cd1b6e421
Malicious Library UPX DLL PE File PE64 Dridex TrickBot VirusTotal Malware Report AutoRuns Check memory ICMP traffic unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS crashed |
|
26
175.126.176.79 - mailcious
103.71.99.57 - mailcious
62.171.178.147 - mailcious
188.225.32.231 - mailcious
178.238.225.252 - mailcious
178.62.112.199 - mailcious
174.138.33.49 - mailcious
198.199.70.22 - mailcious
103.41.204.169 - mailcious
139.59.80.108 - mailcious
103.85.95.4 - mailcious
196.44.98.190 - mailcious
128.199.217.206 - mailcious
188.165.79.151 - mailcious
54.37.106.167 - mailcious
37.44.244.177 - mailcious
103.224.241.74 - mailcious
5.253.30.17 - mailcious
190.145.8.4 - mailcious
54.37.228.122 - mailcious
104.248.225.227 - mailcious
202.134.4.210 - mailcious
103.126.216.86 - mailcious
139.196.72.155 - mailcious
87.106.97.83 - mailcious
165.232.185.110 - mailcious
|
10
ET CNC Feodo Tracker Reported CnC Server group 11
ET CNC Feodo Tracker Reported CnC Server group 13
ET CNC Feodo Tracker Reported CnC Server group 2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 21
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 9
ET CNC Feodo Tracker Reported CnC Server group 1
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 10
|
|
8.2 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
2022-07-08 19:11
|
 9dwcb1g2Vqh3Owz 0abd7dda188ea78fc9e5f7235752ed17
Malicious Library UPX DLL PE File PE64 Dridex TrickBot VirusTotal Malware Report AutoRuns Check memory unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS crashed |
|
25
175.126.176.79 - mailcious
103.71.99.57 - mailcious
62.171.178.147 - mailcious
188.225.32.231 - mailcious
178.238.225.252 - mailcious
178.62.112.199 - mailcious
174.138.33.49 - mailcious
198.199.70.22 - mailcious
103.41.204.169 - mailcious
139.59.80.108 - mailcious
103.85.95.4 - mailcious
196.44.98.190 - mailcious
128.199.217.206 - mailcious
188.165.79.151 - mailcious
54.37.106.167 - mailcious
103.224.241.74 - mailcious
5.253.30.17 - mailcious
190.145.8.4 - mailcious
54.37.228.122 - mailcious
104.248.225.227 - mailcious
202.134.4.210 - mailcious
103.126.216.86 - mailcious
139.196.72.155 - mailcious
87.106.97.83 - mailcious
165.232.185.110 - mailcious
|
10
ET CNC Feodo Tracker Reported CnC Server group 11
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 13
ET CNC Feodo Tracker Reported CnC Server group 21
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 9
ET CNC Feodo Tracker Reported CnC Server group 10
ET CNC Feodo Tracker Reported CnC Server group 1
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
7.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|