| 1 |
2024-10-27 11:55
|
 ngown.exe f77f55496b53b40da142f51f87e986b2
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
5.0 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2024-10-24 09:54
|
 wlanext.exe 1bce82ea786776f80c8ccb92ad160ede
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
3.0 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2024-10-18 10:03
|
 taskhostws.exe b47e4f366b08fe509c2a8f9ee7251f51
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check ComputerName DNS DDNS |
|
1
checkip.dyndns.org(132.226.8.169)
|
1
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
|
|
4.0 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2024-10-18 09:25
|
 Bank Payment Confirmation Orde... 44e1f98dde09e0525d219f374608325a
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check ComputerName DNS DDNS |
|
1
checkip.dyndns.org(193.122.130.0)
|
1
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
|
|
4.4 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2024-10-17 10:40
|
 taskhostw.exe daaa8ac3995fb610eda2e52a639d191f
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/
https://reallyfreegeoip.org/xml/175.208.134.152
|
4
reallyfreegeoip.org(104.21.67.152) -
checkip.dyndns.org(193.122.6.168) -
132.226.8.169 -
104.21.67.152 -
|
6
ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.8 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2024-10-16 11:31
|
 taskhostw.exe 3e2f27edd3deacd8f08f6ed1133b2040
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/
https://reallyfreegeoip.org/xml/175.208.134.152
|
4
reallyfreegeoip.org(104.21.67.152)
checkip.dyndns.org(193.122.130.0)
132.226.247.73
104.21.67.152
|
6
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
|
|
9.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2024-10-15 14:27
|
 taskhostsw.exe b072f78321c660283d46e104ae677220
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/
https://reallyfreegeoip.org/xml/175.208.134.152
|
4
reallyfreegeoip.org(104.21.67.152)
checkip.dyndns.org(193.122.130.0)
158.101.44.242
104.21.67.152
|
6
ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
|
|
7.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2024-10-11 11:11
|
 ng5th.exe e393c90747e935149ecabf5af936a07a
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
5.0 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2024-10-10 09:44
|
 ngown.exe 1ea3b00d00461c1ee3c576e21dcda173
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
4.8 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
2024-10-10 09:33
|
 ngown.exe 1ea3b00d00461c1ee3c576e21dcda173
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
2024-10-10 09:33
|
 nggeejan22.exe 40a93e64a968a16b5139e7a5e4836353
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.0 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
2024-10-07 10:57
|
 taskhostw.exe 58ff14d476f2bbaab31b12587c09559e
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/
https://reallyfreegeoip.org/xml/175.208.134.152
|
4
reallyfreegeoip.org(172.67.177.134)
checkip.dyndns.org(193.122.6.168)
193.122.6.168
104.21.67.152
|
6
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
2024-10-07 10:55
|
 taskhostw.exe d515411b9a3c0d9fb13b9c6a928a7fd0
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/
https://reallyfreegeoip.org/xml/175.208.134.152
|
4
reallyfreegeoip.org(104.21.67.152)
checkip.dyndns.org(193.122.130.0)
132.226.247.73
104.21.67.152
|
6
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
|
|
8.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
2024-09-30 11:28
|
 dllhost.exe 249f4ca7f1cc801c87cebd0cdf0b398e
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/
https://reallyfreegeoip.org/xml/175.208.134.152
|
4
reallyfreegeoip.org(172.67.177.134)
checkip.dyndns.org(132.226.247.73)
132.226.8.169
104.21.67.152
|
6
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
2024-09-25 10:40
|
 sikontrek2.1.exe 784359db39e54a4cdba3f9e81633d417
Formbook Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS |
13
http://www.kevin-torkelson.info/gekb/?fMlC2iW=5z2j4JvjBCmnxDGmXhsNUCzyBEeNU+efumCOi9/ZiiqSem4bSPmiC7+SQGIeXbOACmsQlkv/nReqN9BPj1atBFP4iljpjZG37OmieLn9iAg49nsR4NFlAX0ACoZEb3mOX8X6rtg=&3L9=IVLaIulhJz-
http://www.trapkitten.website/vzgx/?fMlC2iW=fAt7pIVPpGXAvBzfbofxH6KLA/SKUI8tR0TDZSipM2iZbUNyxYUxThLLESsgo4hlkDzs7nheSjoc1Sj/m3Gn3caq3+Ik36hEeLqFX7XS2ZCHg+ZK2jYSb1UZmcKhE1PtLCklngg=&3L9=IVLaIulhJz- - rule_id: 42663
http://www.mandemj.top/to69/?fMlC2iW=jnxbIh9toY3Lk087C6fRSAIIDhtmtOIIZy5Q1YpSMvmzprTTtz9chlCe8JLifgChZqJUy3cTTTxPfarkAUDrW4VnhfiXjSai62R1N2pl8mrhOBQxiL5e+vemTWR4j4PbfMHKe5c=&3L9=IVLaIulhJz- - rule_id: 42666
http://www.dfmagazine.shop/wc8m/ - rule_id: 42664
http://www.dfmagazine.shop/wc8m/?fMlC2iW=LNw/HBPP4tr5bvxRqEHHjPwHzHq/oSZ3YB7NlE9rWxPCxu7fGi7WVymEaD0ez69xv6ZMfJiRCRJpj/kbYTwl2Jp3vmj/K6IWSBhtVJ2AAHCG128jD1oExGyyLZzj9OMbCV/AQw0=&3L9=IVLaIulhJz- - rule_id: 42664
http://www.disn-china.buzz/za6x/ - rule_id: 42665
http://www.qwefs.org/toq1/ - rule_id: 42668
http://www.trapkitten.website/vzgx/ - rule_id: 42663
http://www.kevin-torkelson.info/gekb/
http://www.mandemj.top/to69/ - rule_id: 42666
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip
http://www.disn-china.buzz/za6x/?fMlC2iW=EgAkyEJNK52+6mt3E5/kJbXdEzdYowDWwvgRo5oIQtO9ZSuXgOHTA+BJ7wLJ2gaYF8C47CtaBGKeFv/a+P8O0H1n59GM1zMsYaWK1AmiqPY5ZahcO8GJtNWa29lHrhEg3yNDlxM=&3L9=IVLaIulhJz- - rule_id: 42665
http://www.qwefs.org/toq1/?fMlC2iW=uFBHOFjbtFvxqkcdxVd4tJdULw7QnIRXIDe+8RHTfxNdoahKRW8U0UCbhdOPwbKTgOK/uYLPOnJNTHSrlEGfXzyIhJOeIq51xyFm40Ibheoc9HKPcTfbc4gFNH+mWXon7XUk+C8=&3L9=IVLaIulhJz- - rule_id: 42668
|
14
www.trapkitten.website() - mailcious
www.mandemj.top(162.0.238.43) - mailcious
www.disn-china.buzz(161.97.168.245) - mailcious
www.dfmagazine.shop(84.32.84.32) - mailcious
www.qwefs.org(45.114.171.236) - mailcious
www.mktimediato.online() - mailcious
www.kevin-torkelson.info(208.91.197.27)
84.32.84.32 - mailcious
208.91.197.27 - mailcious
161.97.168.245 - mailcious
45.114.171.236 - mailcious
45.33.6.223
162.0.238.43 - mailcious
195.161.68.8 - mailcious
|
3
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET INFO HTTP Request to a *.buzz domain
|
10
http://www.trapkitten.website/vzgx/
http://www.mandemj.top/to69/
http://www.dfmagazine.shop/wc8m/
http://www.dfmagazine.shop/wc8m/
http://www.disn-china.buzz/za6x/
http://www.qwefs.org/toq1/
http://www.trapkitten.website/vzgx/
http://www.mandemj.top/to69/
http://www.disn-china.buzz/za6x/
http://www.qwefs.org/toq1/
|
6.4 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|