| 1 |
2022-03-30 09:25
|
 vbc.exe efd638102b94041f24a6b614a46e0f70
Malicious Library UPX Admin Tool (Sysinternals etc ...) PE32 PE File Emotet VirusTotal Malware AutoRuns Code Injection buffers extracted RWX flags setting unpack itself Windows Remote Code Execution crashed |
1
http://ars9095genesh.com/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv/Izqntwyxutbanbjksfuazfsxdqbthcr
|
2
ars9095genesh.com(52.74.83.175)
52.74.83.175
|
|
|
6.6 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2022-03-12 22:40
|
 vbc.exe 0e7032fe866be928fd4f0d03bd0fa659
Malicious Library UPX PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted ICMP traffic RWX flags setting unpack itself Tofsee Windows Remote Code Execution DNS crashed |
14
http://www.rentadillo.com/yugj/?wPT=4s4EpXE47DXB237NmGle3siggSknlyo60hChRYLT6peGuQq5RZohLkRkRjU0qOeQPbCgt+mn&oXN=6lSd02cp
http://www.excellentappraisers.com/yugj/?oXN=6lSd02cp&wPT=GUzidsBIKtMgjm6k73evDmcTWMRQJn5OLRzfxR8GIp5KZ0weYb9aztjYP2u044nIiDoun8GW
http://www.asesoriaventajoyas.com/yugj/?oXN=6lSd02cp&wPT=SgUhc939gv4Nl1pJghcPuVvi2b8mbrSUoRWeHFHxMGulIiVuw9LBawuPOwm0X/LLuSCiz7RS - rule_id: 14093
http://www.skins4money.com/yugj/?oXN=6lSd02cp&wPT=/w/aPu0jq4ZHjBRLjQn9AqyNFmGV4kUcuOvKZ7ouqiFVbiC7zsyzM6A2sxuqIfXouXQkMgv6 - rule_id: 14094
http://www.commutingreads.com/yugj/?oXN=6lSd02cp&wPT=zO+84fRwZrSVZWBtmftpRriasazO9sJ0sGt3Nrs+GS3qhiRlgJ2QX0BqRayPDxXXF3eFP1yk - rule_id: 14086
http://www.ohmypawd.biz/yugj/?oXN=6lSd02cp&wPT=sBVDOMe0ss2X/OAJK9XgKoVFA9GHigNbGIXmD0+1KeaTXdLFnJrVhKZvUQqc3LnfvbW50enG
http://www.askhragent.com/yugj/?oXN=6lSd02cp&wPT=djjD1b1Pe19GAo0z9+hb4fgTTIsibFrKc6V7rhj1/ta34WOdb1JTIVl6rgf4OGYKESc3Uqzv - rule_id: 14341
http://www.sistrecilaci.com/yugj/?wPT=nux8UML8lzcMHXh+kPWjoJtBG167SWO25/8QvDKyH7QmUcs3w/Mr6gXXOyCeVf2SZTe+kAns&oXN=6lSd02cp
http://www.keel.email/yugj/?wPT=hWxG8T0c3FA19HJ0t3DliRFEDePhP+RHMyLpx0HMlqqfLFziPWaqHDj4KvXmvtlMc8t2eJ6I&oXN=6lSd02cp
http://www.zootzies.com/yugj/?oXN=6lSd02cp&wPT=lFy+DLDtqllYDZBuKbIHLcfR8O1p3eRo2p0E/WuNqXGo2jo6ZkHyrASRXJDRneLV65CgYfuv
http://www.csdllp.com/yugj/?wPT=iWiOECjk6OQn+4NgKm0eC/7+vTCSjakojUEKRwF8aIrP3SskJ/ZHViHaXPPziQ9E5r0lY6Ys&oXN=6lSd02cp - rule_id: 14088
https://6tr0pq.am.files.1drv.com/y4mIXQQEJCOv43wQhnaZfC3yoWQ3uzNOq12UFtt20SRlHoLcfle-lPEP_w1IeWxbh6KPNAfvCqVsMLRrz98LSFBEP5f-CqgpXWxiJ1ljnMCkBULctExGc7UyYKoeV-sanwt3sQykeSJFno_rO1_aydGN1vG2cQGgdBrs04DTtnBOis0U7UfmVfYDhFdUPprbaNkU_e8S8_nK1ozmTkmIj0J2A/Grvnjdrlifgzzshnbfzwfxumekaadzh?download&psid=1
https://onedrive.live.com/download?cid=4BCCFC8B8B2E9A0E&resid=4BCCFC8B8B2E9A0E%21125&authkey=APN1RrmjJu3wR9A
https://6tr0pq.am.files.1drv.com/y4mNoarG4OktC8uZBszOe4RCiZyQnoIRYC9pD96tyHUj9Zt7G3JCIrgaEuPVzooaPQ2pPIyCiD1vyNwd4eTLO1oqV-aB3__jABm6vQzbxW_spF_eTJa72ELiH2uTKFiuISUMQxEoK2wiCCFrPPLtlV325vG5yJ6r75uQMICNqONd_t1C7O4ymnqsxpv6ttWCVnRbTMxV8QH_ukwZdgGWmjQvw/Grvnjdrlifgzzshnbfzwfxumekaadzh?download&psid=1
|
29
6tr0pq.am.files.1drv.com(13.107.42.12)
www.sistrecilaci.com(45.151.249.66)
onedrive.live.com(13.107.42.13) - mailcious
www.commutingreads.com(216.185.212.47)
www.askhragent.com(198.54.117.244)
www.asesoriaventajoyas.com(217.76.150.35)
www.suddennnnnnnnnnnn09.xyz() - mailcious
www.keel.email(118.27.122.214)
www.palisadestahoehousing.com() - mailcious
www.rentadillo.com(34.102.136.180)
www.excellentappraisers.com(199.59.243.200)
www.ohmypawd.biz(34.117.168.233)
www.zootzies.com(165.3.27.72)
www.1mgfu.info()
www.csdllp.com(3.137.17.18)
www.skins4money.com(104.21.64.49)
45.151.249.66
34.117.168.233 - mailcious
165.3.27.72
104.21.64.49
199.59.243.200 - mailcious
13.107.42.13 - mailcious
13.107.42.12 - malware
34.102.136.180 - mailcious
198.54.117.244 - phishing
118.27.122.214 - mailcious
3.137.17.18 - mailcious
216.185.212.47 - mailcious
217.76.150.35 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)
ET INFO Observed DNS Query to .biz TLD
|
5
http://www.asesoriaventajoyas.com/yugj/
http://www.skins4money.com/yugj/
http://www.commutingreads.com/yugj/
http://www.askhragent.com/yugj/
http://www.csdllp.com/yugj/
|
8.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2022-03-08 18:28
|
 vbc.exe f8f330f74629761c4d97721eb333ac38
Malicious Library UPX PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted RWX flags setting unpack itself Windows DNS crashed |
11
http://www.sagedermatology.com/e3rs/?lnud=Txll_FO&Dz=BmVSufum30+1s4lK8YiwMjghnnMTkZAzSEhTOMstIaEgouylgvmW2x4JL0eg45ZsBeJi6OCm
http://www.oneowneronly.com/e3rs/?lnud=Txll_FO&Dz=Ei27cO4R/In4nCpRKe1X+vb6IhSQD7KJ8DOgqI0RS1UyrmbR2z2X6RwWjW3Zl1NqSx6QzXwL - rule_id: 13523
http://www.oneowneronly.com/e3rs/?lnud=Txll_FO&Dz=Ei27cO4R/In4nCpRKe1X+vb6IhSQD7KJ8DOgqI0RS1UyrmbR2z2X6RwWjW3Zl1NqSx6QzXwL
http://www.glowestudiocreativo.com/e3rs/?Dz=HRF5cBwRaD2pnVjl04lDxZrQc/S39DKKmsOHQJEpf55iLBXquTeAPsbQ5KkbylXLeFPlZQnh&lnud=Txll_FO
http://www.extremeentertainmentgroup.com/e3rs/?Dz=dEHKxiAhq2PUxljq/uCxdG1AAciJu6kRpaHoK7hwfjqBv1xsh7JTax04MQP6Pek+aK5HhDsd&lnud=Txll_FO - rule_id: 13436
http://www.xn--laufgefhl-w9a.com/e3rs/?lnud=Txll_FO&Dz=b8jJRQWfF4+OnEJERRv9IAKdrqQukcbHmYLMW0jk5XDvFKBqdxoMO++0Oe2bhe+XWL2/5s9y - rule_id: 13440
http://www.chegocheck.com/e3rs/?Dz=kBtv+8uMZDgJoctzJJlXxpvJV2xMrEWv2WqMq4iFDpTitVnQ5P6FBiXKhQGMvxSgf3VKVeJe&lnud=Txll_FO
http://bondbuild.com.sg/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv/Unqhqorelnlojsbiqegzhsaqjoyrqez - rule_id: 13692
http://www.padisarealtygroup.com/e3rs/?Dz=itKkYQ+bPiQagqfFS+Lsc+D5+JH3ErIfx0RJoaKqHvkqLFn0ydm1fEP6hkHSMACAxfdRCwUb&lnud=Txll_FO
http://www.sutnsdmxq.icu/e3rs/?lnud=Txll_FO&Dz=lUbOt4rRqVssxqmaqZkhNrZPSjqmMN1b0lqH3KrFAoA/kAmkGoi9J+xDVaciNpXg1hW1+xPy
http://www.eskomed.store/e3rs/?Dz=n3coydpyvxb1+U/IYEaNzLKm1axm1EDoNytGpqjnANqsfX5bFLlHi5W8VHT6sMi3TZZUH2tw&lnud=Txll_FO
|
23
www.loneli.biz()
www.extremeentertainmentgroup.com(34.117.168.233)
www.padisarealtygroup.com(142.44.146.49)
www.chegocheck.com(81.171.22.7)
www.eskomed.store(87.236.16.206)
www.sailorswife.online()
www.oneowneronly.com(154.196.11.183)
www.xn--laufgefhl-w9a.com(81.169.145.80)
www.servos-sandbox.com()
www.sagedermatology.com(198.185.159.144)
www.sutnsdmxq.icu(198.251.81.30)
bondbuild.com.sg(101.100.211.101) - mailcious
www.glowestudiocreativo.com(185.156.219.142)
198.251.84.92 - mailcious
34.117.168.233 - mailcious
154.196.11.183 - mailcious
101.100.211.101 - mailcious
81.169.145.80 - mailcious
37.48.65.153 - suspicious
87.236.16.206 - malware
185.156.219.142
142.44.146.49
198.185.159.144 - mailcious
|
3
ET INFO DNS Query for Suspicious .icu Domain
ET INFO Observed DNS Query to .biz TLD
ET MALWARE FormBook CnC Checkin (GET)
|
4
http://www.oneowneronly.com/e3rs/
http://www.extremeentertainmentgroup.com/e3rs/
http://www.xn--laufgefhl-w9a.com/e3rs/
http://bondbuild.com.sg/
|
7.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2022-02-19 19:29
|
 r6.exe a174235148f29ac74e316d5c505b4ea3
Malicious Library UPX PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted ICMP traffic RWX flags setting unpack itself Windows crashed |
6
http://www.mortgageguyjeff.com/a93b/
http://www.mortgageguyjeff.com/a93b/?kfL4gJ=68aoMtWkSa+RsgvjX1G/0pYzmADUgWUye5c1NewnJlmzQzO4pMXieAFUUDZ3XEP6o918Kl5R&UBvx=D8b0b&sql=1
https://rfngpg.am.files.1drv.com/y4m5P0MdnEBQK9bXLDrHQuSkZeFzlzz7rn9kuDXMQepWOLrstEoRaOmFWqTYd4MGStZRbo2oC2iOJHP8VeWc9gSl_vEB6Ma8ZmhEe3UG3Kd9ZWRrGhHsHFTQP3bgGirMlrDtN--NxJSK78mLDjGNMmiWmL_egpl7swp6JM2VS3-goKkqZxBotgLMWE31plrCXmbro_g6z6XEtp17EQqwa9Xiw/Xtvynonrsskvarzhfaaregscwumffeh?download&psid=1
https://rfngpg.am.files.1drv.com/y4mYgq1z9N-_PpHZEaEP1zcNTSE4aTDa04kZPTr6u1NTqL_msmsAmnEYDgTuiDdxOle0l0SEJisXeHg2lXIU0c5dGXHXY4SilL3XrFS9xwz8NP_vLAZVlCNTa7bpNy_IiVTOS85sOCVw_-V0Ey1CYpEu6bpFZp204V0sM01DDO_Vn50kqOTzYadRN9Ge8qJaIsX_eZ9tRgAW8ZEGHmyPYmE8w/Xtvynonrsskvarzhfaaregscwumffeh?download&psid=1
https://rfngpg.am.files.1drv.com/y4mJZOucFA_AV4h-d6lBAAJAsy9J0A9zcZZWGj3vogFOi3kpYHr-3FvPqToxrr2xRMcRQRWx4c3q0l9uu6UC-LnLefJO4QR6oOPU4tJyXleOiPyv1zaDV7PcXdJgOGmSe5enrCB4Xgvf3hBe9egnG1Nd_NWppU1QYuej5o7QksgNZ29UVL74R9_pvM9aRvJyGzECqgpCrc6aMhNKPb-1qr0jw/Xtvynonrsskvarzhfaaregscwumffeh?download&psid=1
https://onedrive.live.com/download?cid=A4F53BC8378343EE&resid=A4F53BC8378343EE%21137&authkey=AN5lwVD1gF3YD7o
|
9
www.mortgageguyjeff.com(3.33.152.147)
www.234759.com(104.165.34.16)
rfngpg.am.files.1drv.com(13.107.42.12)
onedrive.live.com(13.107.42.13) - mailcious
www.mjeghz.com()
13.107.42.13 - mailcious
13.107.42.12 - malware
15.197.142.173 - mailcious
104.165.34.16
|
|
|
9.4 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2022-01-13 16:58
|
 19526.exe f5a7524b72b3ce04851c80adf2eed883
Gen2 Gen1 Malicious Library UPX Malicious Packer Create Service DGA Socket DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot P2P Steal credential Http API AntiDebug AntiVM PE File PE32 PE64 DLL Emotet VirusTotal Malware AutoRuns Code Injection Check memory buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows |
1
http://www.serverage.com/filetransferxl/19526/000000000000000000000000000000/Sxumrhqyhcwfqvxyixjofhavraxyidu
|
2
www.serverage.com(43.252.40.128)
43.252.40.128 - malware
|
|
|
10.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2022-01-13 09:46
|
 vbc.exe 38f1007dda4df73d9274b8dfa1683d93
Malicious Library UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself |
14
https://lqxlpq.db.files.1drv.com/y4meXszciy-_ipQdPKkDPt8ivd5YyEMjKYMeJy9AYEBBCIBWAG4IzdaIb6RKfae_sVjz6Tf33eaKQZRL0hC-u1YkPpJXV3WDp0Om8Tttsplx61Zgvd25BkUcYpVt5gNRmu4Co1Le_7LNbivMl3dNECZZX3r71Z7_qLX-mrmZTJpXNVivxHRlVoWqbM9VDRh9UUnYrt0B7-mstPdzd3M3NdPxQ/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4m0BlEv1YX95PV2PjGCqtA-YtVjNQ401tOEtAHUdFW7GtfRqGMBS5SzzbgPYlM9aRS6-Excq4Z6qxyC-GuKOzcdYwl5rKzG4D0U3ieyAcOXY0W7pxZID4iCpOnm6xET-ZXDyQfeW9GwZJgi06x4qQzukauTyYkg6iggBhD2a07At6AHBmrNiuF5Pra1MA5ODhxL7eA3tZ8UkTJJaFVurMtog/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4mSvcyy0IAHKrLkg3SjRZ4sSJf9w7rI-i3hpeiwSdZtPCKNyEk7AhccnqCGbt9_gizydGiHdj9uTqI965hvAGGnUAwJvW4P-oxn-TkhZRXehFvt57LMIdTUfXhtFy2hkJoOEIpC21B8LutJuAOLpLXymcC2POc-22UizC-eHX2wLDYR0lSQ4hwMYZje2tmvZ69wZKqzdyv527HwHoQdv9EMg/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4mlk7dFP-M0RnPYff1C3nkvINRW1bOZ9qHUq4MqIwe_I02IOVUwP9Z2VubMPC2YmRJW5w1UIVGClOrxxU2sgznVi1hUc4yd0vRe0pRKzkqXcQ4jeLxs-9z0Z5WTFUBG84Qly2oIS3WnAM4xkfaFMeu9zY0VD_O9JvfxfX4Uy1WB-0B6-62MPHKhIMjMs2DsGQ-43zoF5iMjVWq-mT4Q5dp6w/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4m9I-WXb_FACwf0q97jJsCvJOP70BT5w2WjysHvxQG_FmvQuXEwiaQRmToJZ5dR1snRULgd86WEaNJ4itHICK6CFu49tvL_z0ITeKH7WTTBgP5V24JNpZTO0peBToBXREjp-eD2f-ziNYuDl1USBat8ltotajQQa7ogs_DdwbVtzzyCAb9cb6PgkwXplv_b1TtEYH-4NKrE0ckL1fmnN1l3Q/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4m4QFHB58xOaRhE-Myq1XS4-F16QdkLadH1DQYRCjA1v4EzRspS-jS6Qa0LbYVTvWKMqASSwnj7J0S8CT8342BrVz8naC1XhyQwsZDxYHiDsKWqfgRzhlWCatbX-KiEq26isN_r8BaycTBtSxLXssp8SnYHxIoWN4orB2Y1nzDz87xYXtoMizyAfamf3_g1UBoFTXpduDbO-eo97yi3NYTyA/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4m4oG_AQ5gWHg4mu0IPxG8HvUuhKqLzGk89FqJfZJE-HwO5fsZjAfCm1O7bed7LpS_Yvb3NW53yKXg9JYqhHUriilfHUbQcs5ph-08FCsQ7cJzEpKj64GclLke1i4-oPJ9fQWwu-_30oeXsdjhnnjcuhInubQx8H-8nsqS_xKBk4vjEhSH3vAZ96ZaKM90Bw2T005otXg9i9BYuftiALJKpg/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4mhOYPZU47GNoGYQPhMcB9-cmuRofa9atgV20wglwgRqXE2F_vAMGtbNOw6N67uiB_rq4bYv8kjmHyi1IFXkFlSlA8tYGn_Rjypd5-sw44Va3PxMFYJoGLgeX_cP9JTVOmkeaL3CqquMmlo2KABT61MxNqN5cML2fprdmNu_z3R4ZH9TYjlEmrYXho53OFT4PxJ2zozdzb1Svl67RFiiC-nA/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4mFT8aPU00JDlQJJt4iDFlSELVjJklfB8osvD9ChHozVxqpSJhN9KnccxoJ5_qSikXyJLL09rNKnTIP7lbr5_as_VY5Jeqnjxq_tsvMMgsZx4AM1szRrsgFMdtqe6Rq0xxEAWGJC_Y2MfchwauZ3MEu_zMJ_q08U8JHUVR8LJa9VVr0RJKFOyWMFaYpW-1n4UxvWY7LKEspbqRPw7XcwuN7A/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4myEkjFT7XqiIGaMVTyZi9STNz9-W9cJZs7XmfaVEVUHO6DyckBbZmvQGu1bc3djb4wiNGLceiuyK4QKuuPsHJe2qZj3aVQKy59WDQb9Q5PyUfmOvBq18Ipe0EiLO3ypmU2zGJF6yaRHpdotiExFb07k2tongT8J4Jb--Ltt7PqyTVawH5lSXsActolwQYRprJtgDZFvHkPm9w8mD7oXligA/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://onedrive.live.com/download?cid=C3C0A692803ED1E8&resid=C3C0A692803ED1E8%21112&authkey=ANjDOz6phEbw5-8
https://lqxlpq.db.files.1drv.com/y4mOM1rxJgJ-8chInwBzNO5-eMhuvn8mE9o4i_sZdp9oQUDLEOdnWMqkuI0dtX8m6x7-2rG6leW9MYSJj9CAbray9DVrn5OSnG6o7uUcJDyLGlnX50Caq4M0YEoL4-C35SYipjYxFbI2zDCvxZvTrpq-t5eFgt6mf21ETbPS_XERJ4Z_mdVrF4WJDSH00b6CYg0BDN5uhQ-XrIGYlCZrQnuTQ/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4mbCeSRE0rG7ziEp3ozPFebwlTjmNQ2GGlVznH174M4PNpvkRh0xz_fXvwSfxXvFHYueW8QvmNIjErg_1lTkuGYykO9i4B5ngD6CK4wLxFmyLJ-RQtD24OI8OA7DxQxGzyUzE50NlPCS59K9SDQnXv1tZNKKjbd_xbxBECtwKvEGgppHSoEKtPzOpaIYJElqH44iSu_icoueOXfBDtIgi9NA/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
https://lqxlpq.db.files.1drv.com/y4mXUEPM0n6sItbcbnjxoeVnPuQJavKC4NNFBXsvnAdWeoB_Ki3abADB2xScqFVwTo_NtEq9uj_2-Sg12JrsxjG5JnN8kxMeLy1J1C4x6d0jTvnLbffLqR1WsncX0Cf0EyzSI7ul8IfpwgF66--9pUPYJm3095BCmI17aIYo55jJjTvKZxH3_VhE_sOMUrcENnnJ3rIwVORawfK2Al1TzWMew/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
|
4
onedrive.live.com(13.107.42.13) - mailcious
lqxlpq.db.files.1drv.com(13.107.42.12)
13.107.42.13 - mailcious
13.107.42.12 - malware
|
|
|
2.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2021-08-31 11:12
|
 vbc.exe aca08c69a22e6f4f07cb44a74e7b9dac
Malicious Library PE File PE32 FormBook Emotet Malware download VirusTotal Malware Buffer PE Code Injection Malicious Traffic buffers extracted RWX flags setting unpack itself Tofsee |
29
http://www.o-distribs.com/ecuu/
http://www.listenstech.com/ecuu/?uTuD=kZQ2xSRRrPRSBp5jFhnjX1FSIADBjElgtC+7SfW5nxGr1YavPckfOpnPtRZoEBHlAahsqtq3&Kj9ht=AVPd7xKPhhkxdz5p - rule_id: 4587
http://www.805thaifood.com/ecuu/
http://www.805thaifood.com/ecuu/?uTuD=hUTHBcYuod6wePbk0fg23NzqxmOoeRrbfmFgVJWVpfKHZh9llzJ0TA90NFAjaWRAYOQ0Eh2G&Kj9ht=AVPd7xKPhhkxdz5p
http://www.tasteofourneighborhood.com/ecuu/?uTuD=2bt83kpOuVtEIWyxUzi5DXhitRFjdhq2G+J/5YNEy7Qmu4jdCi+MNXaEKclGMLIx7+ZhZc0n&Kj9ht=AVPd7xKPhhkxdz5p
http://www.poorwhitetrashlivesmatter.net/ecuu/
http://www.empirerack.com/ecuu/
http://www.workabhaile.com/ecuu/
http://www.listenstech.com/ecuu/ - rule_id: 4587
http://www.manufacturedinjapan.com/ecuu/?uTuD=cm4EhB+xSusT2ZEgdpayhNT4zIjmvrOEKqQy1IzKW+qeT4TFPzigSNFvZaza7qmlNOHW0cnS&Kj9ht=AVPd7xKPhhkxdz5p
http://www.empirerack.com/ecuu/?uTuD=GEQTnerqhYYOZeP3k5oh8uqumDp4pVGJvED355C55gboS73ReFUlDy35EJLcN622X6ywqSXw&Kj9ht=AVPd7xKPhhkxdz5p
http://www.tasteofourneighborhood.com/ecuu/
http://www.polaritelibrairie.com/ecuu/ - rule_id: 4591
http://www.o-distribs.com/ecuu/?uTuD=2fFFpbMyLUJzYlZhDT8vOGOwgFBPZS+/I9qabDuA36nCGLx7k9QeIlc/dOLT21aoTTouS1Gs&Kj9ht=AVPd7xKPhhkxdz5p
http://www.aquarius-twins.com/ecuu/?uTuD=i70bI06xK+671wXcZeZFUnUbIG41m3pyCPaR/31xF3WgPXN1BCrK4K5oBTRoN80eF7TYmcNc&Kj9ht=AVPd7xKPhhkxdz5p
http://www.workabhaile.com/ecuu/?uTuD=psKvWxiJggpO43FMpV003tzUv9VXMXoP5rDQMzIOVpzQQ6MlN6hUAQTlmRRdHO4IMuWhrhTy&Kj9ht=AVPd7xKPhhkxdz5p
http://www.manufacturedinjapan.com/ecuu/
http://www.safeandsoundyachtservices.com/ecuu/?uTuD=Ze9u3c+JrkZMLd1iq8wEeNDhA8GBJvow2hjXqHEmaYUNXZ6LBYmY4Z/ain7TyThB0L5b8kMi&Kj9ht=AVPd7xKPhhkxdz5p
http://www.redcountrypodcast.com/ecuu/
http://www.polaritelibrairie.com/ecuu/?uTuD=9V37CvjOwlD+G2cZgvNSMh0FDLzSpLIOzW7Ku/j/E3/FrLtCEhUpqK2rSLRqtlK3cTc9cFsZ&Kj9ht=AVPd7xKPhhkxdz5p - rule_id: 4591
http://www.aquarius-twins.com/ecuu/
http://www.redcountrypodcast.com/ecuu/?uTuD=C0rihD2hGnnRrpjswzT7uhuHD8PfbnuKKC7ou16TN5COtT4jGgPjFjduvIv/h6aCIOoNM/lg&Kj9ht=AVPd7xKPhhkxdz5p
http://www.poorwhitetrashlivesmatter.net/ecuu/?uTuD=Pl7Wo/Sc18YTVh4ZfRYn9GaIW3hmPNugWLqq+bwHPa7GGyOQcNaR6G/8c/+q5jU1tNJ+hTp8&Kj9ht=AVPd7xKPhhkxdz5p
http://www.safeandsoundyachtservices.com/ecuu/
http://www.enovexcorp.com/ecuu/?uTuD=bpzCTk/qdCIwipMedq6J/wQgKeK6uVGVcgTnCs1o93acAvo7q59x5CsOod7vCsrr9woKgHPq&Kj9ht=AVPd7xKPhhkxdz5p - rule_id: 4589
http://www.enovexcorp.com/ecuu/ - rule_id: 4589
https://aceddq.bn.files.1drv.com/y4mmFuLrAmiQhwfiUX_9q9QkYs5bdmG7KRDr6ypX2gbItT1YDleYPEezFf9YGdUc9RoGpprgEYOf1PWKbcCYE6yO6x-iBBL3_2wsh8Em8fejrqpmtT9AbJj_kB-ykvyAre0Oz-9t5XOgmvYDpSytJYC5F7yj1YPgkcRA_y1K7e8We0sXJIPUZjpuM3fHrJA4ZfsWuX2n5pd2KqRsrHirYt5qQ/Zbgpobuadnduobcthrjxqnwjcfbhjre?download&psid=1
https://aceddq.bn.files.1drv.com/y4mnpzWq6nzESCeTlyX6547ecopygeoPVjTDPAiQ9qtDwqKns_kP9pal2sQV_WuqgOO1zDsyHgp0sFy8YUdVjz71GDq104jzsUljyKtvmHCmfkbdVcy0zDBruyz9JD3tzOgvgfADgk_UjNKTo5sKr19jQOwO3cmSXkqy9mipCj5i6pi8Ku67RZxJ81TTfPg2Ot43h_6RY8Ap802urbBvPCs2w/Zbgpobuadnduobcthrjxqnwjcfbhjre?download&psid=1
https://onedrive.live.com/download?cid=D020578D515FAC65&resid=D020578D515FAC65%21111&authkey=AP6lzi_AotrWkq8
|
27
www.o-distribs.com(62.4.7.10)
onedrive.live.com(13.107.42.13) - mailcious
aceddq.bn.files.1drv.com(13.107.42.12)
www.tasteofourneighborhood.com(34.102.136.180)
www.safeandsoundyachtservices.com(34.102.136.180)
www.workabhaile.com(209.99.40.222)
www.empirerack.com(156.237.251.107)
www.polaritelibrairie.com(34.102.136.180)
www.aquarius-twins.com(194.230.72.206)
www.betsysobiech.com()
www.805thaifood.com(182.50.132.242)
www.redcountrypodcast.com(34.102.136.180)
www.manufacturedinjapan.com(183.181.81.33)
www.poorwhitetrashlivesmatter.net(34.102.136.180)
www.enovexcorp.com(104.21.6.147)
www.listenstech.com(3.223.115.185)
183.181.81.33
13.107.42.13 - mailcious
13.107.42.12 - malware
209.99.40.222 - mailcious
34.102.136.180 - mailcious
172.67.134.229
156.237.251.107
182.50.132.242 - mailcious
194.230.72.206
3.223.115.185 - mailcious
62.4.7.10
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)
|
6
http://www.listenstech.com/ecuu/
http://www.listenstech.com/ecuu/
http://www.polaritelibrairie.com/ecuu/
http://www.polaritelibrairie.com/ecuu/
http://www.enovexcorp.com/ecuu/
http://www.enovexcorp.com/ecuu/
|
6.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|