| 1 |
2023-03-29 18:09
|
 ppp.exe a82baff8213bd78f398420e6ed3d58aa
UPX .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself |
|
|
|
|
3.6 |
M |
50 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2023-03-29 17:47
|
 ppp.exe a82baff8213bd78f398420e6ed3d58aa
.NET EXE PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself DNS |
16
http://www.zhn.biz/udh1/
http://www.centaura.community/udh1/
http://www.special-order.online/udh1/
http://www.azstoreatoderma.click/udh1/
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
http://www.ghostdyes.net/udh1/?cUMMa5v=lj2vP+EAw0fELJNPJ5VtAcTjxQQz8hKi5d9v+h5W1hvMFJJN0lWMU8OkjsFxsGAkw0S50RNizKyMtcUDX4tgR0i1IahDyycai/CThP0=&GV=hSkJd_W
http://www.ghostdyes.net/udh1/
http://www.csrvcars.com/udh1/?cUMMa5v=XEemPPOTV26sKXQzDYMsrkGsJokzxPFPbFpU+n9uCd2chnbXsi75dkjdHRd+i/N9AgC/cMMMBBk+slWuActf4QAZvLu0iyaFuJXVPTg=&GV=hSkJd_W
http://www.olympusmix.com/udh1/?cUMMa5v=lWZk+s3blMuiGWpXy6frpU4enEwBG5gJanUH8/6Evmw4nHtx+SdA/kN+9f5N/0KA2bk6RtFa0tH8PADjgLi95JHf+wn8BjREHXSWn6U=&GV=hSkJd_W
http://www.azstoreatoderma.click/udh1/?cUMMa5v=R/kB4/0HM2tcwqvhXH4XIYj1eTxJXqndlHH19RjFed8ZhY1qAasVyZxg1ws7A7LtJYEr4634gz6I87tnmhAW+ys9K/jaGw++UPdFo8c=&GV=hSkJd_W
http://www.zhn.biz/udh1/?cUMMa5v=LfrgFpvSkJA2y41K7oV1vuuQyWHfo0uy5ufNO5HpKtxTTE0bBGpeg3SJ2RFsjNe1w4Pec63rxh4rwW+J1uIf4mhDhIMbmXY09bayaEE=&GV=hSkJd_W
http://www.wearecatalyst.app/udh1/
http://www.olympusmix.com/udh1/
http://www.wearecatalyst.app/udh1/?cUMMa5v=tt9dYLtFsKfLIIIXMfpRfs924GbOuHLcMLKVMdaTOcJrEAGIFAHeQ5Ly9YOpmT4Rz3p2Jl5Xgzq6cAPtFXnDdyfQg2kRv5Z1dRZDL3M=&GV=hSkJd_W
http://www.centaura.community/udh1/?cUMMa5v=kMKsR5rTxSYNZgWncVUlGrpLkwsOTig3tGW39qhs19NQJLtwYtRkr4H+EIRE8MUOxMFfo6MP6730mq+L8n2Tmf9vKWCdpbnfDO0cF8Q=&GV=hSkJd_W
http://www.special-order.online/udh1/?cUMMa5v=CwuBCJt94bxtc2gNtpoM3E+US0dkKMARx3Pvc7vf2LAtLU32691wJ0dQetaubb0PioG6wR7W5uX4+q4XU8z6LBF3Qfs1ipW/MdlZd78=&GV=hSkJd_W
|
19
www.azstoreatoderma.click(3.1.17.18)
www.ghostdyes.net(34.117.168.233)
www.bianchibeverage.com(104.253.54.44)
www.centaura.community(66.96.162.138)
www.olympusmix.com(198.54.117.217)
www.csrvcars.com(23.231.72.112)
www.wearecatalyst.app(216.40.34.41)
www.special-order.online(194.58.112.174)
www.zhn.biz(172.67.213.169)
18.140.6.45
198.54.117.218 - mailcious
34.117.168.233 - mailcious
23.231.72.112
216.40.34.41 - mailcious
104.253.54.44
66.96.162.138 - mailcious
45.33.6.223
172.67.213.169
194.58.112.174 - mailcious
|
2
ET INFO Observed DNS Query to .biz TLD
ET MALWARE FormBook CnC Checkin (GET)
|
|
5.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2023-03-17 09:52
|
 lish.exe 0b39012e51e6d52ddc49dd9676ba9920
Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName Remote Code Execution crashed |
2
https://j.ffbbjjkk.com/logo.png
https://j.ffbbjjkk.com/35.html
|
2
j.ffbbjjkk.com(172.67.158.22) - mailcious
104.21.8.227
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2023-03-09 17:44
|
 bcd4b93a1a85c5ba45a4f7e5980db1... ae6df34a140bf74860ca3165d50d8705
Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/35.html - rule_id: 26629
|
2
xv.yxzgamen.com(104.21.27.36) - mailcious
172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
2
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/35.html
|
4.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2023-03-09 17:42
|
 bcd4b93a1a85c5ba45a4f7e5980db1... a1c5f268d670ba3a4440647bdeaa3e20
Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/3005.html
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious
172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.0 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2023-03-09 17:41
|
 bcd4b93a1a85c5ba45a4f7e5980db1... d5e7b6fe3bb68f1da7ec111231292f02
Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/3003.html
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious
104.21.27.36 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.2 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2023-03-09 17:38
|
 bcd4b93a1a85c5ba45a4f7e5980db1... e7f609df5c0fcdc581a69ed69aa3c4a1
Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/27.html
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious
172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2023-03-09 17:36
|
 bcd4b93a1a85c5ba45a4f7e5980db1... 24527c1cb60027d91ddc051990ba55ca
Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/2201.html
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious
172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
4.8 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2023-03-09 17:36
|
 bcd4b93a1a85c5ba45a4f7e5980db1... b5e1e946ebad560b876703e9675ca326
Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/2203.html - rule_id: 26112
|
2
xv.yxzgamen.com(172.67.141.51) - mailcious
104.21.27.36 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
2
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/2203.html
|
5.2 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
2023-03-09 17:34
|
 bcd4b93a1a85c5ba45a4f7e5980db1... bf48a5cd9169a5826521a8a33b21adee
Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/3004.html
|
2
xv.yxzgamen.com(104.21.27.36) - mailcious
104.21.27.36 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
2023-03-09 10:02
|
 bcd4b93a1a85c5ba45a4f7e5980db1... 3b32570cfc08329e3bf2624f727ead3f
Emotet Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE32 PE File DLL VirusTotal Malware Check memory buffers extracted WMI Creates executable files unpack itself AppData folder Tofsee ComputerName crashed |
3
https://xv.yxzgamen.com/logo.png - rule_id: 26104
https://xv.yxzgamen.com/logo.png
https://xv.yxzgamen.com/3002.html
|
2
xv.yxzgamen.com(104.21.27.36) - mailcious
172.67.141.51 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://xv.yxzgamen.com/logo.png
|
5.0 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
2022-07-20 10:02
|
 3cd7030d4ed7b322f43328c7748a70... 72dceacc4ca915d4704e2e612d590ac3
Emotet Malicious Library UPX Malicious Packer PE32 OS Processor Check PE File VirusTotal Malware Check memory unpack itself Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
apps.identrust.com(221.161.198.8)
v.xyzgamev.com(104.21.40.196) - mailcious
23.59.72.17
172.67.188.70 - malware
104.21.40.196 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
2.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
2022-07-20 09:58
|
 c15260d16a95f7dc2b23a56d67c343... 0a4823a70dd20e61275a3dc44977a990
Emotet Malicious Library UPX Malicious Packer PE32 OS Processor Check PE File VirusTotal Malware Check memory unpack itself Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
apps.identrust.com(221.161.198.11)
v.xyzgamev.com(172.67.188.70) - mailcious
121.254.136.57
104.21.40.196 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
2022-06-19 14:24
|
 bfa72b5310bd9871b38a9017be416b... 8af292d4232628d615321923e8d21d75
Emotet UPX Malicious Library Malicious Packer PE32 OS Processor Check PE File VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
apps.identrust.com(221.161.198.8)
v.xyzgamev.com(172.67.188.70) - mailcious
121.254.136.57
104.21.40.196 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
2022-05-19 11:30
|
 012ad0ea06b8f77deba8c35e8c0088... b9f57465b9327dc74ac5c2516d0e9002
Emotet UPX Malicious Packer Malicious Library PE32 OS Processor Check PE File VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
apps.identrust.com(119.207.65.81)
v.xyzgamev.com(104.21.40.196) - mailcious
172.67.188.70
121.254.136.27
104.21.40.196 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|