1 |
2023-03-29 18:09
|
ppp.exe a82baff8213bd78f398420e6ed3d58aa UPX .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself |
|
|
|
|
3.6 |
M |
50 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
2023-03-29 17:47
|
ppp.exe a82baff8213bd78f398420e6ed3d58aa .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself DNS |
16
http://www.zhn.biz/udh1/ http://www.centaura.community/udh1/ http://www.special-order.online/udh1/ http://www.azstoreatoderma.click/udh1/ http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip http://www.ghostdyes.net/udh1/?cUMMa5v=lj2vP+EAw0fELJNPJ5VtAcTjxQQz8hKi5d9v+h5W1hvMFJJN0lWMU8OkjsFxsGAkw0S50RNizKyMtcUDX4tgR0i1IahDyycai/CThP0=&GV=hSkJd_W http://www.ghostdyes.net/udh1/ http://www.csrvcars.com/udh1/?cUMMa5v=XEemPPOTV26sKXQzDYMsrkGsJokzxPFPbFpU+n9uCd2chnbXsi75dkjdHRd+i/N9AgC/cMMMBBk+slWuActf4QAZvLu0iyaFuJXVPTg=&GV=hSkJd_W http://www.olympusmix.com/udh1/?cUMMa5v=lWZk+s3blMuiGWpXy6frpU4enEwBG5gJanUH8/6Evmw4nHtx+SdA/kN+9f5N/0KA2bk6RtFa0tH8PADjgLi95JHf+wn8BjREHXSWn6U=&GV=hSkJd_W http://www.azstoreatoderma.click/udh1/?cUMMa5v=R/kB4/0HM2tcwqvhXH4XIYj1eTxJXqndlHH19RjFed8ZhY1qAasVyZxg1ws7A7LtJYEr4634gz6I87tnmhAW+ys9K/jaGw++UPdFo8c=&GV=hSkJd_W http://www.zhn.biz/udh1/?cUMMa5v=LfrgFpvSkJA2y41K7oV1vuuQyWHfo0uy5ufNO5HpKtxTTE0bBGpeg3SJ2RFsjNe1w4Pec63rxh4rwW+J1uIf4mhDhIMbmXY09bayaEE=&GV=hSkJd_W http://www.wearecatalyst.app/udh1/ http://www.olympusmix.com/udh1/ http://www.wearecatalyst.app/udh1/?cUMMa5v=tt9dYLtFsKfLIIIXMfpRfs924GbOuHLcMLKVMdaTOcJrEAGIFAHeQ5Ly9YOpmT4Rz3p2Jl5Xgzq6cAPtFXnDdyfQg2kRv5Z1dRZDL3M=&GV=hSkJd_W http://www.centaura.community/udh1/?cUMMa5v=kMKsR5rTxSYNZgWncVUlGrpLkwsOTig3tGW39qhs19NQJLtwYtRkr4H+EIRE8MUOxMFfo6MP6730mq+L8n2Tmf9vKWCdpbnfDO0cF8Q=&GV=hSkJd_W http://www.special-order.online/udh1/?cUMMa5v=CwuBCJt94bxtc2gNtpoM3E+US0dkKMARx3Pvc7vf2LAtLU32691wJ0dQetaubb0PioG6wR7W5uX4+q4XU8z6LBF3Qfs1ipW/MdlZd78=&GV=hSkJd_W
|
19
www.azstoreatoderma.click(3.1.17.18) www.ghostdyes.net(34.117.168.233) www.bianchibeverage.com(104.253.54.44) www.centaura.community(66.96.162.138) www.olympusmix.com(198.54.117.217) www.csrvcars.com(23.231.72.112) www.wearecatalyst.app(216.40.34.41) www.special-order.online(194.58.112.174) www.zhn.biz(172.67.213.169) 18.140.6.45 198.54.117.218 - mailcious 34.117.168.233 - mailcious 23.231.72.112 216.40.34.41 - mailcious 104.253.54.44 66.96.162.138 - mailcious 45.33.6.223 172.67.213.169 194.58.112.174 - mailcious
|
2
ET INFO Observed DNS Query to .biz TLD ET MALWARE FormBook CnC Checkin (GET)
|
|
5.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
2023-03-17 09:52
|
lish.exe 0b39012e51e6d52ddc49dd9676ba9920 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName Remote Code Execution crashed |
2
https://j.ffbbjjkk.com/logo.png https://j.ffbbjjkk.com/35.html
|
2
j.ffbbjjkk.com(172.67.158.22) - mailcious 104.21.8.227
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
2023-03-09 17:44
|
bcd4b93a1a85c5ba45a4f7e5980db1... ae6df34a140bf74860ca3165d50d8705 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104 https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/35.html - rule_id: 26629
|
2
xv.yxzgamen.com(104.21.27.36) - mailcious 172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
2
https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/35.html
|
4.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
2023-03-09 17:42
|
bcd4b93a1a85c5ba45a4f7e5980db1... a1c5f268d670ba3a4440647bdeaa3e20 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104 https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/3005.html
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious 172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.0 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6 |
2023-03-09 17:41
|
bcd4b93a1a85c5ba45a4f7e5980db1... d5e7b6fe3bb68f1da7ec111231292f02 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104 https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/3003.html
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious 104.21.27.36 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.2 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7 |
2023-03-09 17:38
|
bcd4b93a1a85c5ba45a4f7e5980db1... e7f609df5c0fcdc581a69ed69aa3c4a1 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104 https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/27.html
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious 172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
2023-03-09 17:36
|
bcd4b93a1a85c5ba45a4f7e5980db1... 24527c1cb60027d91ddc051990ba55ca Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104 https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/2201.html
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious 172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
4.8 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
2023-03-09 17:36
|
bcd4b93a1a85c5ba45a4f7e5980db1... b5e1e946ebad560b876703e9675ca326 Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104 https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/2203.html - rule_id: 26112
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious 104.21.27.36 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
2
https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/2203.html
|
5.2 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10 |
2023-03-09 17:34
|
bcd4b93a1a85c5ba45a4f7e5980db1... bf48a5cd9169a5826521a8a33b21adee Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104 https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/3004.html
|
2
xv.yxzgamen.com(104.21.27.36) - mailcious 104.21.27.36 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
11 |
2023-03-09 10:02
|
bcd4b93a1a85c5ba45a4f7e5980db1... 3b32570cfc08329e3bf2624f727ead3f Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104 https://xv.yxzgamen.com/logo.png https://xv.yxzgamen.com/3002.html
|
2
xv.yxzgamen.com(104.21.27.36) - mailcious 172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.0 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
2022-07-20 10:02
|
3cd7030d4ed7b322f43328c7748a70... 72dceacc4ca915d4704e2e612d590ac3 Emotet Malicious Library UPX Malicious Packer PE32 OS Processor Check PE File VirusTotal Malware Check memory unpack itself Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
apps.identrust.com(221.161.198.8) v.xyzgamev.com(104.21.40.196) - mailcious 23.59.72.17 172.67.188.70 - malware 104.21.40.196 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
2.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
13 |
2022-07-20 09:58
|
c15260d16a95f7dc2b23a56d67c343... 0a4823a70dd20e61275a3dc44977a990 Emotet Malicious Library UPX Malicious Packer PE32 OS Processor Check PE File VirusTotal Malware Check memory unpack itself Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
apps.identrust.com(221.161.198.11) v.xyzgamev.com(172.67.188.70) - mailcious 121.254.136.57 104.21.40.196 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14 |
2022-06-19 14:24
|
bfa72b5310bd9871b38a9017be416b... 8af292d4232628d615321923e8d21d75 Emotet UPX Malicious Library Malicious Packer PE32 OS Processor Check PE File VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
apps.identrust.com(221.161.198.8) v.xyzgamev.com(172.67.188.70) - mailcious 121.254.136.57 104.21.40.196 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
15 |
2022-05-19 11:30
|
012ad0ea06b8f77deba8c35e8c0088... b9f57465b9327dc74ac5c2516d0e9002 Emotet UPX Malicious Packer Malicious Library PE32 OS Processor Check PE File VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
apps.identrust.com(119.207.65.81) v.xyzgamev.com(104.21.40.196) - mailcious 172.67.188.70 121.254.136.27 104.21.40.196 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|