1 |
2024-08-21 15:28
|
photo.jpeg.exe 1a530b88ea994df4c9cc20d9a9470a36 Malicious Library PE File PE64 VirusTotal Malware AutoRuns PDB ICMP traffic unpack itself Windows DNS |
|
1
|
|
|
5.6 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
2024-06-18 07:41
|
dasheng.exe d4e78b1a0037296e0753b490eaf58adb Generic Malware Malicious Library PE File PE32 PDB suspicious privilege |
|
|
|
|
1.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
2024-06-14 09:41
|
setup%E4%B8%8B%E8%BD%BD%E5%90%... 8ece12bccc4c83c2ec683a7d5a7dc348 Malicious Library PE64 PE File VirusTotal Malware DNS |
1
http://8.134.147.84/123.conf
|
1
|
|
|
3.2 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
2022-06-22 07:44
|
r6f3vv8ukiZjeW ec006dcafe46183170e22f0375dc18c0 Malicious Library UPX OS Processor Check DLL PE File PE64 Dridex TrickBot Malware Report AutoRuns Checks debugger ICMP traffic unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Kovter Windows ComputerName DNS |
|
15
103.70.28.102 - mailcious 172.105.226.75 - mailcious 82.223.21.224 - mailcious 131.100.24.231 - mailcious 144.91.78.55 - mailcious 103.132.242.26 - mailcious 45.76.181.158 - mailcious 209.126.98.206 - mailcious 139.162.113.169 - mailcious 110.232.117.186 - mailcious 149.56.131.28 - mailcious 159.65.140.115 - mailcious 5.9.116.246 - mailcious 135.148.6.80 - mailcious 45.235.8.30 - mailcious
|
5
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET CNC Feodo Tracker Reported CnC Server group 5 ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 6 ET CNC Feodo Tracker Reported CnC Server group 13
|
|
7.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
2022-06-21 22:34
|
sf2MppPW30cKaWeko 65fd14480ef968390e06ee2b4a495e35 Malicious Library UPX OS Processor Check DLL PE File PE64 Dridex TrickBot Malware Report AutoRuns Checks debugger ICMP traffic unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check human activity check Kovter Windows ComputerName DNS crashed |
|
15
103.70.28.102 - mailcious 172.105.226.75 - mailcious 82.223.21.224 - mailcious 131.100.24.231 - mailcious 144.91.78.55 - mailcious 103.132.242.26 - mailcious 45.76.181.158 - mailcious 209.126.98.206 - mailcious 139.162.113.169 - mailcious 110.232.117.186 - mailcious 149.56.131.28 - mailcious 159.65.140.115 - mailcious 5.9.116.246 - mailcious 135.148.6.80 - mailcious 45.235.8.30 - mailcious
|
5
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET INFO TLS Handshake Failure ET CNC Feodo Tracker Reported CnC Server group 5 ET CNC Feodo Tracker Reported CnC Server group 6 ET CNC Feodo Tracker Reported CnC Server group 13
|
|
8.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6 |
2022-05-20 17:39
|
REvup c3cf7d4fab7e7ea5a5adfabd4f77f0b4 Malicious Library DLL PE File PE64 VirusTotal Malware AutoRuns Checks debugger unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Windows ComputerName crashed |
|
|
|
|
5.2 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7 |
2022-01-14 18:30
|
WhatsAppSetupr.exe 83e71f37df8557d87bb44c4c64396802 Malicious Library PE File PE32 VirusTotal Malware PDB sandbox evasion DNS |
1
http://107.151.94.67:4397/r?=1642175998
|
1
|
|
|
2.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
2022-01-03 16:47
|
90ea239e17bbbf0c278f17c385b310... 2e1ed9a6411f5457e15eb9962d9badc3 Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName |
7
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://crl.identrust.com/DSTROOTCAX3CRL.crl http://ip-api.com/json/?fields=8198 http://x1.c.lencr.org/ http://apps.identrust.com/roots/dstrootcax3.p7c https://gp.gamebuy768.com/2202/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271
|
16
crl.identrust.com(23.43.165.66) x1.c.lencr.org(104.74.211.103) gp.gamebuy768.com(104.21.27.252) - malware bh.mygameadmin.com(172.67.213.194) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.105) ip.sexygame.jp() - mailcious r3.o.lencr.org(23.43.165.51) 104.21.27.252 - malware 23.76.153.211 121.254.136.32 104.76.75.146 208.95.112.1 172.67.213.194 34.64.183.91 - mailcious
|
2
ET POLICY External IP Lookup ip-api.com SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://bh.mygameadmin.com/report7.4.php
|
7.8 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
2022-01-03 13:27
|
c7964d095f04e40565c3828fc0bc9f... 2ff998d7b170f6e0968a99614749a66a Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName DNS |
7
http://ip-api.com/json/?fields=8198 http://crl.identrust.com/DSTROOTCAX3CRL.crl http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://x1.c.lencr.org/ http://apps.identrust.com/roots/dstrootcax3.p7c https://gp.gamebuy768.com/2201/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271
|
20
crl.identrust.com(23.43.165.66) x1.c.lencr.org(104.74.211.103) ip.sexygame.jp() - mailcious bh.mygameadmin.com(104.21.75.46) - mailcious gp.gamebuy768.com(172.67.143.210) - malware ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.66) toa.mygametoa.com(34.64.183.91) - mailcious r3.o.lencr.org(23.43.165.42) 182.162.106.32 61.111.58.34 - malware 61.111.58.35 - malware 61.111.58.26 104.76.75.146 104.21.75.46 - mailcious 104.74.211.103 208.95.112.1 172.67.213.194 172.67.143.210 34.64.183.91 - mailcious
|
2
ET POLICY External IP Lookup ip-api.com SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://bh.mygameadmin.com/report7.4.php
|
9.8 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10 |
2022-01-03 13:26
|
8d2882b73fc594434af508b1e5c942... aff711495cac7f64c46e564e9722b3e2 Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName |
7
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://crl.identrust.com/DSTROOTCAX3CRL.crl http://apps.identrust.com/roots/dstrootcax3.p7c http://x1.c.lencr.org/ http://ip-api.com/json/?fields=8198 https://gp.gamebuy768.com/29/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271
|
17
crl.identrust.com(23.43.165.66) x1.c.lencr.org(104.74.211.103) gp.gamebuy768.com(104.21.27.252) - malware bh.mygameadmin.com(172.67.213.194) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.66) ip.sexygame.jp() - mailcious r3.o.lencr.org(23.43.165.51) 104.21.27.252 - malware 61.111.58.34 - malware 182.162.106.33 - 182.162.106.104 104.21.75.46 - mailcious 104.74.211.103 208.95.112.1 34.64.183.91 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com
|
1
https://bh.mygameadmin.com/report7.4.php
|
7.8 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
11 |
2022-01-03 13:26
|
8d2882b73fc594434af508b1e5c942... ca51f70c36793eb781000d43be0ff594 Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName |
7
http://apps.identrust.com/roots/dstrootcax3.p7c http://crl.identrust.com/DSTROOTCAX3CRL.crl http://ip-api.com/json/?fields=8198 http://x1.c.lencr.org/ http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D https://gp.gamebuy768.com/25/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271
|
17
r3.o.lencr.org(23.43.165.51) crl.identrust.com(23.43.165.66) gp.gamebuy768.com(172.67.143.210) - malware bh.mygameadmin.com(104.21.75.46) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.66) ip.sexygame.jp() - mailcious x1.c.lencr.org(104.74.211.103) 182.162.106.32 104.21.27.252 - malware 61.111.58.35 - 61.111.58.26 104.21.75.46 - mailcious 104.74.211.103 208.95.112.1 34.64.183.91 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com
|
1
https://bh.mygameadmin.com/report7.4.php
|
7.8 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
2022-01-03 12:26
|
3baf44d96cdedbb009e0059c66704e... b4a71c3a661f11904e36ff2558a6c4f1 Gen2 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName |
7
http://apps.identrust.com/roots/dstrootcax3.p7c http://crl.identrust.com/DSTROOTCAX3CRL.crl http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://x1.c.lencr.org/ http://ip-api.com/json/?fields=8198 https://bh.mygameadmin.com/report7.4.php - rule_id: 6271 https://gp.gamebuy768.com/22/sqlite.dat
|
17
crl.identrust.com(23.43.165.105) x1.c.lencr.org(104.74.211.103) gp.gamebuy768.com(172.67.143.210) - malware bh.mygameadmin.com(104.21.75.46) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(23.43.165.105) ip.sexygame.jp() - mailcious r3.o.lencr.org(23.43.165.42) 104.21.27.252 - malware 208.95.112.1 121.254.136.42 121.254.136.27 104.21.75.46 - mailcious 104.74.211.103 121.254.136.57 34.64.183.91 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com
|
1
https://bh.mygameadmin.com/report7.4.php
|
7.8 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
13 |
2021-12-09 16:55
|
cd8012095737a9321ff5a18d6c29cf... e8567b8500a073a3e2c130a5c9623108 Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName |
7
http://ip-api.com/json/?fields=8198 http://crl.identrust.com/DSTROOTCAX3CRL.crl http://apps.identrust.com/roots/dstrootcax3.p7c http://x1.c.lencr.org/ http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D https://gp.gamebuy768.com/2201/sqlite.dat https://bh.mygameadmin.com/report7.4.php - rule_id: 6271
|
16
crl.identrust.com(119.207.65.153) x1.c.lencr.org(104.74.211.103) ip.sexygame.jp() - mailcious bh.mygameadmin.com(172.67.213.194) - mailcious gp.gamebuy768.com(104.21.27.252) - malware ip-api.com(208.95.112.1) apps.identrust.com(119.207.65.137) toa.mygametoa.com(34.64.183.91) - mailcious r3.o.lencr.org(119.207.65.177) 61.111.58.34 - malware 104.74.211.103 61.111.58.41 - malware 208.95.112.1 172.67.213.194 172.67.143.210 34.64.183.91 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com
|
1
https://bh.mygameadmin.com/report7.4.php
|
7.2 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14 |
2021-12-09 16:52
|
cd8012095737a9321ff5a18d6c29cf... 920e0710da9bae6384427b33f237792b Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check Tofsee ComputerName |
7
http://ip-api.com/json/?fields=8198 http://crl.identrust.com/DSTROOTCAX3CRL.crl http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMugp1AfCIQfBWAxvFn4D9P8w%3D%3D http://x1.c.lencr.org/ http://apps.identrust.com/roots/dstrootcax3.p7c https://bh.mygameadmin.com/report7.4.php - rule_id: 6271 https://gp.gamebuy768.com/22/sqlite.dat
|
17
crl.identrust.com(119.207.65.153) x1.c.lencr.org(104.74.211.103) gp.gamebuy768.com(172.67.143.210) - malware bh.mygameadmin.com(104.21.75.46) - mailcious toa.mygametoa.com(34.64.183.91) - mailcious ip-api.com(208.95.112.1) apps.identrust.com(119.207.65.137) ip.sexygame.jp() - mailcious r3.o.lencr.org(119.207.65.177) 104.21.27.252 - malware 61.111.58.34 - malware 61.111.58.35 - malware 61.111.58.26 104.74.168.254 208.95.112.1 172.67.213.194 34.64.183.91 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com
|
1
https://bh.mygameadmin.com/report7.4.php
|
7.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
15 |
2021-11-23 10:36
|
hzz.exe 05f161873c4ca4ba7ced3efc5bc262a9 Generic Malware Malicious Library Malicious Packer AntiDebug AntiVM PE File PE32 PE64 VirusTotal Malware AutoRuns Code Injection unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName Remote Code Execution |
1
http://tj.gogo2021.xyz/tongji.php?os=6.1.7601&userid=you888&mac=&ver=&xiezai=0&wb=&az=0&uid= - rule_id: 4271
|
2
tj.gogo2021.xyz(202.79.175.12) - mailcious 202.79.175.12 - mailcious
|
|
1
http://tj.gogo2021.xyz/tongji.php
|
8.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|