| 1 |
2021-12-14 09:45
|
 ConsoleApp2.exe acaff3a2d0818c66b73072c76782924b
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces DNS crashed |
6
http://www.freeminingboxes.com/se5g/?p0D=KDNeFXd1QmbywCn03wI186znHUlSfA7WUVenVdLJ4XL4uN+vge/ynD9W6iKDIEtL9lQttASJ&pPU=EFQxUr1XhHpp
http://www.mydealsstation.com/se5g/?p0D=I+HNmUML0gohMeqg59UrpgGZJ85HsRc6VUJofH6jdB1Me2x7iKhatADufExkQyiPgZj/+u04&pPU=EFQxUr1XhHpp
http://www.compareyoursneaker.online/se5g/?p0D=2pNa9fQttIm8n5tfYjU8dGvcjPoAXIUdTkXN9fbnSTGpjXLtUkdyV461dX21S7MuwNtDr+NS&pPU=EFQxUr1XhHpp
http://www.digi-lime.com/se5g/?p0D=ffJkN43k3dYoD4UbWW+NNmKuL73IbAzyyUqZeTutIN0FTw6z6MdxAIJVMyMmKKe/SXXl1C0J&pPU=EFQxUr1XhHpp - rule_id: 9412
http://www.rayuramen.com/se5g/?p0D=whcI31L0MoAEI++0t3jXyE3nnNQAM/cYbuyfe44aGV/9H6pvHcWSD2B4iIKYk7fns6EGCiY+&pPU=EFQxUr1XhHpp - rule_id: 9411
http://www.vantagenowllc.com/se5g/?p0D=jdXEzhimOnSacXUdGxTYvdJcV61jKW0d0K+peZrLZB1Sd+zR1QfcDPrffrB+k3Lt9GaGVKnv&pPU=EFQxUr1XhHpp - rule_id: 9409
|
14
www.freeminingboxes.com(34.102.136.180)
www.vantagenowllc.com(34.102.136.180)
www.509edfasdgcd.club() - mailcious
www.compareyoursneaker.online(185.104.28.238)
www.mydealsstation.com(207.244.126.161)
www.rayuramen.com(13.225.131.124)
www.yunxfeng.com() - mailcious
www.digi-lime.com(217.160.0.159)
217.160.0.159 - phishing
185.104.28.238 - mailcious
20.51.217.113 - malware
34.102.136.180 - mailcious
207.244.126.161
99.86.202.89
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
3
http://www.digi-lime.com/se5g/
http://www.rayuramen.com/se5g/
http://www.vantagenowllc.com/se5g/
|
9.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2021-12-02 13:46
|
 adobe.exe 565dfda9e888025c3846a1f74e113ec8
RAT Generic Malware UPX Antivirus AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
8
http://www.rvrentalsnear.com/se5g/?FrJX9P9=LEu13JWJxkUhcZfk8SrglGyAY/R8Am/uM5BdIet6HmIeWia9qDo+1kEwWq5GSRfF/reoD4w+&Vnt4_=-Z1l70lHPdgDeba
http://www.helltea.xyz/se5g/?FrJX9P9=NJlv6P57h6xDcQ2JaFok1dQ5TNTZkJi8TI1QWxQqCVzyce+lSV4T09G02GlmijbwM2eY+A19&Vnt4_=-Z1l70lHPdgDeba
http://www.6532nixonav.info/se5g/?FrJX9P9=3NEPJrVHShrbz+wEildyCdp4bX7uGnOMOo+7vNXUu9ePVlLkCNoaWdjUtzQ0WMzw/RLhF2yd&Vnt4_=-Z1l70lHPdgDeba
http://www.mmasafaris.com/se5g/?FrJX9P9=1Ctaq5FgqzbEiE7Pl42oCKArEl4Wt5gyxE1uYiWthYfNIZYeqKUHmqe6xjleuZ1OkvlCp47o&Vnt4_=-Z1l70lHPdgDeba
http://www.rayuramen.com/se5g/?FrJX9P9=whcI31L0MoAEI++0t3jXyE3nnNQAM/cYbuyfe44aGV/9H6pvHcWSD2B4iIKYk7fns6EGCiY+&Vnt4_=-Z1l70lHPdgDeba
http://www.vantagenowllc.com/se5g/?FrJX9P9=jdXEzhimOnSacXUdGxTYvdJcV61jKW0d0K+peZrLZB1Sd+zR1QfcDPrffrB+k3Lt9GaGVKnv&Vnt4_=-Z1l70lHPdgDeba
http://www.equatorkit.club/se5g/?FrJX9P9=42cbPT6bMYht9BeKP58C9icOQEztZmyWBGYrWZ4x+MzrLS6Ahmejm5Xxj+ElqroJvO1nu91a&Vnt4_=-Z1l70lHPdgDeba
http://www.digi-lime.com/se5g/?FrJX9P9=ffJkN43k3dYoD4UbWW+NNmKuL73IbAzyyUqZeTutIN0FTw6z6MdxAIJVMyMmKKe/SXXl1C0J&Vnt4_=-Z1l70lHPdgDeba
|
18
www.mmasafaris.com(185.201.11.209)
www.vantagenowllc.com(34.102.136.180)
bing.com(13.107.21.200)
www.helltea.xyz(136.243.156.120)
www.6532nixonav.info(18.210.178.226)
www.rayuramen.com(54.230.168.96)
www.rvrentalsnear.com(34.102.136.180)
www.equatorkit.club(103.197.149.166)
www.digi-lime.com(217.160.0.159)
217.160.0.159 - phishing
185.230.162.254 - malware
136.243.156.120
13.107.21.200
34.102.136.180 - mailcious
18.210.178.226
99.86.202.114
103.197.149.166
185.201.11.209
|
1
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
13.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2021-11-19 10:58
|
 audio.exe b8ade164ec1a5e394b964dc98cf56083
RAT email stealer Generic Malware DNS Code injection KeyLogger Escalate priviledges Downloader persistence AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
1
http://84.252.122.205/mas/ConsoleApp19.jpeg
|
2
152.67.253.163 - mailcious
84.252.122.205
|
|
|
11.4 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2021-11-11 11:30
|
 ConsoleApp17.exe 521339ae9fa89c3af1b50456781272a8
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key crashed |
2
http://84.252.121.97/ken/ConsoleApp17.png - rule_id: 7838
http://84.252.121.97/ken/ConsoleApp17.png
|
1
|
|
1
http://84.252.121.97/ken/ConsoleApp17.png
|
8.8 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2021-11-11 10:10
|
 ConsoleApp17.exe 521339ae9fa89c3af1b50456781272a8
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key crashed |
2
http://84.252.121.97/ken/ConsoleApp17.png - rule_id: 7838
http://84.252.121.97/ken/ConsoleApp17.png
|
1
|
|
1
http://84.252.121.97/ken/ConsoleApp17.png
|
8.8 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2021-11-11 09:31
|
 ConsoleApp17.exe 521339ae9fa89c3af1b50456781272a8
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key crashed |
2
http://84.252.121.97/ken/ConsoleApp17.png - rule_id: 7838
http://84.252.121.97/ken/ConsoleApp17.png
|
1
|
|
1
http://84.252.121.97/ken/ConsoleApp17.png
|
8.8 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2021-11-11 07:52
|
 ConsoleApp17.exe 521339ae9fa89c3af1b50456781272a8
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key crashed |
16
http://www.phnurse.com/pufi/?Sj=8XeJgFul1vAFBqvwTVyKQVXbVtTYM8q0+557R870TEe1UFGhEDSXyo0zAgRWp9soMz26Ux6U&RX=dnC4O0dPddHd4N7
http://www.afroonline.net/pufi/?Sj=N7/n59X1cLHAFWzBtTRt3ZdT6K0UB/kzW/M+XSUtFpOZsEcgix3fZuiXDLxe7X+kmnoPuhMQ&RX=dnC4O0dPddHd4N7 - rule_id: 7396
http://www.afroonline.net/pufi/?Sj=N7/n59X1cLHAFWzBtTRt3ZdT6K0UB/kzW/M+XSUtFpOZsEcgix3fZuiXDLxe7X+kmnoPuhMQ&RX=dnC4O0dPddHd4N7
http://www.203040302.xyz/pufi/?Sj=SazsJgrzUpUyryEoRzL3ozLk5u53xI01dS37dEHagUSA7M4+pBFoADpSCFKEyXWsPLe4UTZI&RX=dnC4O0dPddHd4N7 - rule_id: 7397
http://www.203040302.xyz/pufi/?Sj=SazsJgrzUpUyryEoRzL3ozLk5u53xI01dS37dEHagUSA7M4+pBFoADpSCFKEyXWsPLe4UTZI&RX=dnC4O0dPddHd4N7
http://www.ndust.net/pufi/?Sj=y124CMd3X80IKlF1ruJkpyWQk/ERSxpAry48nMXi4iIdJ9a4kPTCTgPsVWTUHiVYZjE0BVO6&RX=dnC4O0dPddHd4N7 - rule_id: 7275
http://www.ndust.net/pufi/?Sj=y124CMd3X80IKlF1ruJkpyWQk/ERSxpAry48nMXi4iIdJ9a4kPTCTgPsVWTUHiVYZjE0BVO6&RX=dnC4O0dPddHd4N7
http://www.silvanaribeirocake.com/pufi/?Sj=KVpxRsxBLGyR/dA5dRco2gV7HLwBacBO7g/vDRrLDRjj50ANKbl2DTrEUGdcD8sCaL2jKW82&RX=dnC4O0dPddHd4N7 - rule_id: 7398
http://www.silvanaribeirocake.com/pufi/?Sj=KVpxRsxBLGyR/dA5dRco2gV7HLwBacBO7g/vDRrLDRjj50ANKbl2DTrEUGdcD8sCaL2jKW82&RX=dnC4O0dPddHd4N7
http://www.opinionprofesional.com/pufi/?Sj=SoCL1OGG2aF+S/uRy7OgDJtS2MINmGMhaCWkDQqggbMkLGHh3Gz10tmbZTFPSD7uFiv8opbc&RX=dnC4O0dPddHd4N7
http://84.252.121.97/ken/ConsoleApp17.png
http://www.nishiki-sougou.com/pufi/?Sj=L8fDVh1OUVeer350YRvQBaLd51y9m5TNxA7YU60IN4EJ7RSsSlr3SNitagTtpEnQ6WCpTHPd&RX=dnC4O0dPddHd4N7 - rule_id: 7401
http://www.nishiki-sougou.com/pufi/?Sj=L8fDVh1OUVeer350YRvQBaLd51y9m5TNxA7YU60IN4EJ7RSsSlr3SNitagTtpEnQ6WCpTHPd&RX=dnC4O0dPddHd4N7
http://www.50003008.com/pufi/?Sj=uJkDQXLW+vjml4mTD2qRvRRVGceOs1ip8Zh+ZSBGGyaAUHjL1aigFwJTpVX97pYFfRNybcHp&RX=dnC4O0dPddHd4N7
http://www.donaldpowers.store/pufi/?Sj=nyHN3ANVlMAzfqaDgI1iNAQsgXcCValkrJwU6bpJcZrtEB2xC+87EoJfCKs3HzM0uPrvSfK0&RX=dnC4O0dPddHd4N7 - rule_id: 7274
http://www.donaldpowers.store/pufi/?Sj=nyHN3ANVlMAzfqaDgI1iNAQsgXcCValkrJwU6bpJcZrtEB2xC+87EoJfCKs3HzM0uPrvSfK0&RX=dnC4O0dPddHd4N7
|
20
www.opinionprofesional.com(198.59.144.28)
www.50003008.com(156.235.230.196)
www.nishiki-sougou.com(156.234.138.185)
www.ndust.net(104.18.27.58)
www.203040302.xyz(44.227.65.245)
www.phnurse.com(199.59.242.153)
www.donaldpowers.store(104.26.10.41)
www.afroonline.net(154.23.98.181)
www.silvanaribeirocake.com(139.162.67.26)
www.rednacionaldejuecesrd.net()
156.235.230.196 - mailcious
44.227.76.166 - mailcious
139.162.67.26
156.234.138.185
198.59.144.28
84.252.121.97
199.59.242.153 - mailcious
154.23.98.181
104.26.11.41
104.18.26.58
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
6
http://www.afroonline.net/pufi/
http://www.203040302.xyz/pufi/
http://www.ndust.net/pufi/
http://www.silvanaribeirocake.com/pufi/
http://www.nishiki-sougou.com/pufi/
http://www.donaldpowers.store/pufi/
|
8.8 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|