| 1 |
2024-06-29 15:23
|
 go.exe a8a5bb77ad9c654a552178b562d8f860
Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://www.google.com/favicon.ico
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AS5LTARyH5Kd-rVBKeWnqUj906AGGHofujSb8AgwWKsTypD2yBBYr3WBtOnUhGtxSOgxIU3lQHJc9Q
https://accounts.google.com/_/bscframe
https://accounts.google.com/
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AS5LTARz2rTindXOxtKWlV36tkFtVGW8sAyWc6Y640azCnTxNjcf0x1986tGgMcPtexJF55x92Pocw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1023256178%3A1719641978822264
https://accounts.google.com/generate_204?e342lA
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
6
ssl.gstatic.com(142.250.206.195)
accounts.google.com(74.125.23.84)
www.google.com(142.250.206.196)
142.250.71.163
216.58.203.68
74.125.203.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2024-06-21 15:56
|
 arpwriteIni.exe 8ffe154b25091cb5a8547eb4f56d112c
UPX PE File PE32 VirusTotal Malware Checks debugger Windows utilities Check virtual network interfaces suspicious process sandbox evasion Windows |
|
|
|
|
4.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2024-06-21 15:49
|
 sysup.exe e11e67d21c40e31313b4611bd0af0301
Generic Malware UPX PE File PE32 VirusTotal Malware Checks debugger unpack itself |
|
|
|
|
2.6 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2024-06-21 15:49
|
 storyhosts.exe 3c48dddcbad4b1bd6285722968150c80
Generic Malware UPX PE File PE32 VirusTotal Malware suspicious privilege Checks debugger sandbox evasion |
|
|
|
|
2.8 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2024-06-21 07:43
|
 Downaqzh.exe 6a7249eb490ea7acc9a151769b32ed70
Generic Malware UPX PE File PE32 VirusTotal Malware Checks debugger Windows |
1
http://wieie.cn:8765/Down/List
|
2
wieie.cn(58.23.215.23)
58.23.215.23
|
1
ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
|
|
2.2 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2024-06-21 07:34
|
 DownSysSoft.exe 50cc1aa14f6c5b5920b72e522297839f
Generic Malware UPX PE File PE32 VirusTotal Malware Checks debugger ICMP traffic unpack itself Windows DNS |
1
http://wieie.cn:8765/Down/List
|
3
wieie.cn(58.23.215.23)
58.23.215.23
36.249.46.154
|
1
ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
|
|
4.0 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2024-06-16 10:22
|
 random.exe 483f8eb0fa59b79caed6c4906bc55e67
Browser Login Data Stealer Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger exploit crash installed browsers check Exploit Browser crashed |
|
|
|
|
4.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2024-06-16 10:02
|
 random.exe 8f7aaf6053a152035540f30992647b10
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger exploit crash installed browsers check Exploit Browser crashed |
|
|
|
|
4.6 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2024-06-13 11:38
|
 DIP.exe 3f02a2516380a49f81ae8e15e7f548cc
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Device_File_Check PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(104.26.13.205)
104.26.13.205
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.0 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
2024-06-12 07:33
|
 twapcdhuj20shds2WOP90sdhy.exe 49771fd313935046468ff48e9a97f287
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Device_File_Check PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
5.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
2024-06-10 10:37
|
 DUU.exe e26a8ce5b2f2b9730cc15713a4b1d4a1
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(104.26.13.205)
104.26.12.205
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
2024-06-09 14:24
|
 Satin06.exe 09ab6049a1abaac4ce2aef0dc60b6b6d
Formbook Gen1 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume Cry FormBook Browser Info Stealer Malware download VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser DNS |
21
http://www.antonio-vivaldi.mobi/fo8o/?-g=PTl5gU/3CD/Xhg5KAVLGoeqWcilDUK5FTZuVmm6gfrwSjnBrSraU5xyBGUoA1k9xMbAGIU7PLJqf1PTsNd74L3d6+NgzbyGN2pTsiSyIeh1B8hC/nFfIu9UZrk9ku3J39HvVUu8=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39855
http://www.magmadokum.com/fo8o/ - rule_id: 39856
http://www.magmadokum.com/fo8o/?-g=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39856
http://www.3xfootball.com/fo8o/ - rule_id: 39852
http://www.donnavariedades.com/fo8o/ - rule_id: 39861
http://www.donnavariedades.com/fo8o/?-g=l+301ZvITCxaX9AA7VU8BaNl0giE4t3JgzctOQx29qSsrxX8kw490hU6vymbZWA2w8GmYCogcgx/MI4pNd8ITQiOXzox9fl9oCNBaJd4bIe7oyUKC5LhLVNYvjLZULJxgsfERiI=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39861
http://www.3xfootball.com/fo8o/?-g=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39852
http://www.rssnewscast.com/fo8o/ - rule_id: 39857
http://www.techchains.info/fo8o/ - rule_id: 39858
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
http://www.techchains.info/fo8o/?-g=vefd0teQh+kbruh+iKW53cdcsQD4oFyRDgCUoL90YCYLczV+Hcc/VZ2eVbboy/u5EgiS3CnxBclKZHyNJ/4ALr08/A/SWk5lVGufGp2P4fG4f3GonqE4cYuaa0/JNC0RZIlRWrU=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39858
http://www.elettrosistemista.zip/fo8o/ - rule_id: 39860
http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip
http://www.kasegitai.tokyo/fo8o/ - rule_id: 39853
http://www.antonio-vivaldi.mobi/fo8o/ - rule_id: 39855
http://www.rssnewscast.com/fo8o/?-g=x3jV/ECx7FuzXOI+6CNaISj98UIEn47HyCIVaqWvGMMqpfz0YC5wNp/pxM1zEFNKv4nPeGfT8/lZrDaJmccs4488pD+gaHK32CxgTEs5a2vdBlM4hQBa8nlaMF5vesFSU19kJNk=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39857
http://www.kasegitai.tokyo/fo8o/?-g=0LNqIGaAWMhMIMLOr1FzuAu+QFTp+Isr9lFre+yu3/9GvRNYi1uHghhDsQ/pqDAQ+wkUrFUIurr7TLyDqzId9vCn3h40hICDSYZjejM1bTxHHnFMxARLyMCZMUhSp6GMEGHL0HI=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39853
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip
http://www.elettrosistemista.zip/fo8o/?-g=bO1UBvtoHFNUmlWB73HniX/lRhcpQxU1qF418M7UHpKKa2cgLZsmK6mwaSCrivds7LXL3uoK+MTOMGhYNdwtdjBMQu6yx1bfgOYvdpbzJPd/eSD2kHjCkD+QxgbYBRdZBXmxn1k=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39860
http://www.goldenjade-travel.com/fo8o/?-g=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39854
|
20
www.elettrosistemista.zip(195.110.124.133) - mailcious
www.liangyuen528.com() - mailcious
www.magmadokum.com(85.159.66.93) - mailcious
www.techchains.info(66.29.149.46) - mailcious
www.donnavariedades.com(23.227.38.74) - mailcious
www.kasegitai.tokyo(202.172.28.202) - mailcious
www.3xfootball.com(154.215.72.110) - mailcious
www.goldenjade-travel.com(116.50.37.244) - mailcious
www.antonio-vivaldi.mobi(46.30.213.191) - mailcious
www.rssnewscast.com(91.195.240.94) - mailcious
202.172.28.202 - mailcious
85.159.66.93 - mailcious
116.50.37.244 - mailcious
195.110.124.133 - mailcious
46.30.213.191 - mailcious
66.29.149.46 - mailcious
45.33.6.223
23.227.38.74 - mailcious
91.195.240.94 - phishing
154.215.72.110 - mailcious
|
3
ET INFO Observed DNS Query to .zip TLD
ET INFO HTTP Request to a *.zip Domain
ET MALWARE FormBook CnC Checkin (GET) M5
|
18
http://www.antonio-vivaldi.mobi/fo8o/
http://www.magmadokum.com/fo8o/
http://www.magmadokum.com/fo8o/
http://www.3xfootball.com/fo8o/
http://www.donnavariedades.com/fo8o/
http://www.donnavariedades.com/fo8o/
http://www.3xfootball.com/fo8o/
http://www.rssnewscast.com/fo8o/
http://www.techchains.info/fo8o/
http://www.techchains.info/fo8o/
http://www.elettrosistemista.zip/fo8o/
http://www.goldenjade-travel.com/fo8o/
http://www.kasegitai.tokyo/fo8o/
http://www.antonio-vivaldi.mobi/fo8o/
http://www.rssnewscast.com/fo8o/
http://www.kasegitai.tokyo/fo8o/
http://www.elettrosistemista.zip/fo8o/
http://www.goldenjade-travel.com/fo8o/
|
7.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
2024-06-09 09:23
|
 Delivery%2006.exe 132e9cb76def326daa4088f99587b759
Formbook Gen1 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Malicious Pack FormBook Browser Info Stealer Malware download VirusTotal Malware Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself AppData folder Browser DNS |
16
http://www.antonio-vivaldi.mobi/fo8o/?5R=PTl5gU/3CD/Xhg5KAVLGoeqWcilDUK5FTZuVmm6gfrwSjnBrSraU5xyBGUoA1k9xMbAGIU7PLJqf1PTsNd74L3d6+NgzbyGN2pTsiSyIeh1B8hC/nFfIu9UZrk9ku3J39HvVUu8=&ERg=Lbajlol-F3v - rule_id: 39855
http://www.3xfootball.com/fo8o/ - rule_id: 39852
http://www.kasegitai.tokyo/fo8o/ - rule_id: 39853
http://www.rssnewscast.com/fo8o/ - rule_id: 39857
http://www.techchains.info/fo8o/ - rule_id: 39858
http://www.magmadokum.com/fo8o/ - rule_id: 39856
http://www.kasegitai.tokyo/fo8o/?5R=0LNqIGaAWMhMIMLOr1FzuAu+QFTp+Isr9lFre+yu3/9GvRNYi1uHghhDsQ/pqDAQ+wkUrFUIurr7TLyDqzId9vCn3h40hICDSYZjejM1bTxHHnFMxARLyMCZMUhSp6GMEGHL0HI=&ERg=Lbajlol-F3v - rule_id: 39853
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
http://www.elettrosistemista.zip/fo8o/ - rule_id: 39860
http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854
http://www.goldenjade-travel.com/fo8o/?5R=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&ERg=Lbajlol-F3v - rule_id: 39854
http://www.antonio-vivaldi.mobi/fo8o/ - rule_id: 39855
http://www.magmadokum.com/fo8o/?5R=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&ERg=Lbajlol-F3v - rule_id: 39856
http://www.rssnewscast.com/fo8o/?5R=x3jV/ECx7FuzXOI+6CNaISj98UIEn47HyCIVaqWvGMMqpfz0YC5wNp/pxM1zEFNKv4nPeGfT8/lZrDaJmccs4488pD+gaHK32CxgTEs5a2vdBlM4hQBa8nlaMF5vesFSU19kJNk=&ERg=Lbajlol-F3v - rule_id: 39857
http://www.techchains.info/fo8o/?5R=vefd0teQh+kbruh+iKW53cdcsQD4oFyRDgCUoL90YCYLczV+Hcc/VZ2eVbboy/u5EgiS3CnxBclKZHyNJ/4ALr08/A/SWk5lVGufGp2P4fG4f3GonqE4cYuaa0/JNC0RZIlRWrU=&ERg=Lbajlol-F3v - rule_id: 39858
http://www.3xfootball.com/fo8o/?5R=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&ERg=Lbajlol-F3v - rule_id: 39852
|
18
www.elettrosistemista.zip(195.110.124.133) - mailcious
www.liangyuen528.com() - mailcious
www.magmadokum.com(85.159.66.93) - mailcious
www.techchains.info(66.29.149.46) - mailcious
www.kasegitai.tokyo(202.172.28.202) - mailcious
www.3xfootball.com(154.215.72.110) - mailcious
www.goldenjade-travel.com(116.50.37.244) - mailcious
www.antonio-vivaldi.mobi(46.30.213.191) - mailcious
www.rssnewscast.com(91.195.240.94) - mailcious
202.172.28.202 - mailcious
85.159.66.93 - mailcious
116.50.37.244 - mailcious
195.110.124.133 - mailcious
46.30.213.191 - mailcious
66.29.149.46 - mailcious
45.33.6.223
91.195.240.94 - phishing
154.215.72.110 - mailcious
|
3
ET MALWARE FormBook CnC Checkin (GET) M5
ET INFO Observed DNS Query to .zip TLD
ET INFO HTTP Request to a *.zip Domain
|
15
http://www.antonio-vivaldi.mobi/fo8o/
http://www.3xfootball.com/fo8o/
http://www.kasegitai.tokyo/fo8o/
http://www.rssnewscast.com/fo8o/
http://www.techchains.info/fo8o/
http://www.magmadokum.com/fo8o/
http://www.kasegitai.tokyo/fo8o/
http://www.elettrosistemista.zip/fo8o/
http://www.goldenjade-travel.com/fo8o/
http://www.goldenjade-travel.com/fo8o/
http://www.antonio-vivaldi.mobi/fo8o/
http://www.magmadokum.com/fo8o/
http://www.rssnewscast.com/fo8o/
http://www.techchains.info/fo8o/
http://www.3xfootball.com/fo8o/
|
7.8 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
2024-06-09 09:23
|
 proposal%20report.exe 092cd26903ed79eb7da016adbb7c928d
Formbook Gen1 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX Malic FormBook Browser Info Stealer Malware download VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser DNS |
18
http://www.magmadokum.com/fo8o/?mRfW=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&SM4k=DX6TxPgI - rule_id: 39856
http://www.magmadokum.com/fo8o/ - rule_id: 39856
http://www.3xfootball.com/fo8o/ - rule_id: 39852
http://www.elettrosistemista.zip/fo8o/ - rule_id: 39860
http://www.techchains.info/fo8o/?mRfW=vefd0teQh+kbruh+iKW53cdcsQD4oFyRDgCUoL90YCYLczV+Hcc/VZ2eVbboy/u5EgiS3CnxBclKZHyNJ/4ALr08/A/SWk5lVGufGp2P4fG4f3GonqE4cYuaa0/JNC0RZIlRWrU=&SM4k=DX6TxPgI - rule_id: 39858
http://www.rssnewscast.com/fo8o/ - rule_id: 39857
http://www.techchains.info/fo8o/ - rule_id: 39858
http://www.kasegitai.tokyo/fo8o/?mRfW=0LNqIGaAWMhMIMLOr1FzuAu+QFTp+Isr9lFre+yu3/9GvRNYi1uHghhDsQ/pqDAQ+wkUrFUIurr7TLyDqzId9vCn3h40hICDSYZjejM1bTxHHnFMxARLyMCZMUhSp6GMEGHL0HI=&SM4k=DX6TxPgI - rule_id: 39853
http://www.3xfootball.com/fo8o/?mRfW=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&SM4k=DX6TxPgI - rule_id: 39852
http://www.kasegitai.tokyo/fo8o/ - rule_id: 39853
http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip
http://www.antonio-vivaldi.mobi/fo8o/ - rule_id: 39855
http://www.antonio-vivaldi.mobi/fo8o/?mRfW=PTl5gU/3CD/Xhg5KAVLGoeqWcilDUK5FTZuVmm6gfrwSjnBrSraU5xyBGUoA1k9xMbAGIU7PLJqf1PTsNd74L3d6+NgzbyGN2pTsiSyIeh1B8hC/nFfIu9UZrk9ku3J39HvVUu8=&SM4k=DX6TxPgI - rule_id: 39855
http://www.rssnewscast.com/fo8o/?mRfW=x3jV/ECx7FuzXOI+6CNaISj98UIEn47HyCIVaqWvGMMqpfz0YC5wNp/pxM1zEFNKv4nPeGfT8/lZrDaJmccs4488pD+gaHK32CxgTEs5a2vdBlM4hQBa8nlaMF5vesFSU19kJNk=&SM4k=DX6TxPgI - rule_id: 39857
http://www.elettrosistemista.zip/fo8o/?mRfW=bO1UBvtoHFNUmlWB73HniX/lRhcpQxU1qF418M7UHpKKa2cgLZsmK6mwaSCrivds7LXL3uoK+MTOMGhYNdwtdjBMQu6yx1bfgOYvdpbzJPd/eSD2kHjCkD+QxgbYBRdZBXmxn1k=&SM4k=DX6TxPgI - rule_id: 39860
http://www.goldenjade-travel.com/fo8o/?mRfW=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&SM4k=DX6TxPgI - rule_id: 39854
|
18
www.elettrosistemista.zip(195.110.124.133) - mailcious
www.liangyuen528.com() - mailcious
www.magmadokum.com(85.159.66.93) - mailcious
www.techchains.info(66.29.149.46) - mailcious
www.kasegitai.tokyo(202.172.28.202) - mailcious
www.3xfootball.com(154.215.72.110) - mailcious
www.goldenjade-travel.com(116.50.37.244) - mailcious
www.antonio-vivaldi.mobi(46.30.213.191) - mailcious
www.rssnewscast.com(91.195.240.94) - mailcious
202.172.28.202 - mailcious
85.159.66.93 - mailcious
116.50.37.244 - mailcious
195.110.124.133 - mailcious
46.30.213.191 - mailcious
66.29.149.46 - mailcious
45.33.6.223
91.195.240.94 - phishing
154.215.72.110 - mailcious
|
3
ET MALWARE FormBook CnC Checkin (GET) M5
ET INFO HTTP Request to a *.zip Domain
ET INFO Observed DNS Query to .zip TLD
|
16
http://www.magmadokum.com/fo8o/
http://www.magmadokum.com/fo8o/
http://www.3xfootball.com/fo8o/
http://www.elettrosistemista.zip/fo8o/
http://www.techchains.info/fo8o/
http://www.rssnewscast.com/fo8o/
http://www.techchains.info/fo8o/
http://www.kasegitai.tokyo/fo8o/
http://www.3xfootball.com/fo8o/
http://www.kasegitai.tokyo/fo8o/
http://www.goldenjade-travel.com/fo8o/
http://www.antonio-vivaldi.mobi/fo8o/
http://www.antonio-vivaldi.mobi/fo8o/
http://www.rssnewscast.com/fo8o/
http://www.elettrosistemista.zip/fo8o/
http://www.goldenjade-travel.com/fo8o/
|
7.0 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
2024-06-09 09:22
|
 Delivery%2007.exe b94b6c27e410388cd4e7dfeb352b75ce
Formbook Gen1 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume Cry FormBook Browser Info Stealer Malware download VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser DNS |
19
http://www.magmadokum.com/fo8o/?Q1=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&niTnW=y25C - rule_id: 39856
http://www.goldenjade-travel.com/fo8o/?Q1=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&niTnW=y25C - rule_id: 39854
http://www.magmadokum.com/fo8o/ - rule_id: 39856
http://www.donnavariedades.com/fo8o/?Q1=l+301ZvITCxaX9AA7VU8BaNl0giE4t3JgzctOQx29qSsrxX8kw490hU6vymbZWA2w8GmYCogcgx/MI4pNd8ITQiOXzox9fl9oCNBaJd4bIe7oyUKC5LhLVNYvjLZULJxgsfERiI=&niTnW=y25C - rule_id: 39861
http://www.donnavariedades.com/fo8o/ - rule_id: 39861
http://www.3xfootball.com/fo8o/?Q1=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&niTnW=y25C - rule_id: 39852
http://www.elettrosistemista.zip/fo8o/ - rule_id: 39860
http://www.rssnewscast.com/fo8o/ - rule_id: 39857
http://www.antonio-vivaldi.mobi/fo8o/ - rule_id: 39855
http://www.rssnewscast.com/fo8o/?Q1=x3jV/ECx7FuzXOI+6CNaISj98UIEn47HyCIVaqWvGMMqpfz0YC5wNp/pxM1zEFNKv4nPeGfT8/lZrDaJmccs4488pD+gaHK32CxgTEs5a2vdBlM4hQBa8nlaMF5vesFSU19kJNk=&niTnW=y25C - rule_id: 39857
http://www.antonio-vivaldi.mobi/fo8o/?Q1=PTl5gU/3CD/Xhg5KAVLGoeqWcilDUK5FTZuVmm6gfrwSjnBrSraU5xyBGUoA1k9xMbAGIU7PLJqf1PTsNd74L3d6+NgzbyGN2pTsiSyIeh1B8hC/nFfIu9UZrk9ku3J39HvVUu8=&niTnW=y25C - rule_id: 39855
http://www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip
http://www.kasegitai.tokyo/fo8o/?Q1=0LNqIGaAWMhMIMLOr1FzuAu+QFTp+Isr9lFre+yu3/9GvRNYi1uHghhDsQ/pqDAQ+wkUrFUIurr7TLyDqzId9vCn3h40hICDSYZjejM1bTxHHnFMxARLyMCZMUhSp6GMEGHL0HI=&niTnW=y25C - rule_id: 39853
http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854
http://www.kasegitai.tokyo/fo8o/ - rule_id: 39853
http://www.techchains.info/fo8o/ - rule_id: 39858
http://www.techchains.info/fo8o/?Q1=vefd0teQh+kbruh+iKW53cdcsQD4oFyRDgCUoL90YCYLczV+Hcc/VZ2eVbboy/u5EgiS3CnxBclKZHyNJ/4ALr08/A/SWk5lVGufGp2P4fG4f3GonqE4cYuaa0/JNC0RZIlRWrU=&niTnW=y25C - rule_id: 39858
http://www.elettrosistemista.zip/fo8o/?Q1=bO1UBvtoHFNUmlWB73HniX/lRhcpQxU1qF418M7UHpKKa2cgLZsmK6mwaSCrivds7LXL3uoK+MTOMGhYNdwtdjBMQu6yx1bfgOYvdpbzJPd/eSD2kHjCkD+QxgbYBRdZBXmxn1k=&niTnW=y25C - rule_id: 39860
http://www.3xfootball.com/fo8o/ - rule_id: 39852
|
20
www.elettrosistemista.zip(195.110.124.133) - mailcious
www.liangyuen528.com() - mailcious
www.magmadokum.com(85.159.66.93) - mailcious
www.techchains.info(66.29.149.46) - mailcious
www.donnavariedades.com(23.227.38.74) - mailcious
www.kasegitai.tokyo(202.172.28.202) - mailcious
www.3xfootball.com(154.215.72.110) - mailcious
www.goldenjade-travel.com(116.50.37.244) - mailcious
www.antonio-vivaldi.mobi(46.30.213.191) - mailcious
www.rssnewscast.com(91.195.240.94) - mailcious
202.172.28.202 - mailcious
85.159.66.93 - mailcious
116.50.37.244 - mailcious
195.110.124.133 - mailcious
46.30.213.191 - mailcious
66.29.149.46 - mailcious
45.33.6.223
23.227.38.74 - mailcious
91.195.240.94 - phishing
154.215.72.110 - mailcious
|
3
ET MALWARE FormBook CnC Checkin (GET) M5
ET INFO HTTP Request to a *.zip Domain
ET INFO Observed DNS Query to .zip TLD
|
18
http://www.magmadokum.com/fo8o/
http://www.goldenjade-travel.com/fo8o/
http://www.magmadokum.com/fo8o/
http://www.donnavariedades.com/fo8o/
http://www.donnavariedades.com/fo8o/
http://www.3xfootball.com/fo8o/
http://www.elettrosistemista.zip/fo8o/
http://www.rssnewscast.com/fo8o/
http://www.antonio-vivaldi.mobi/fo8o/
http://www.rssnewscast.com/fo8o/
http://www.antonio-vivaldi.mobi/fo8o/
http://www.kasegitai.tokyo/fo8o/
http://www.goldenjade-travel.com/fo8o/
http://www.kasegitai.tokyo/fo8o/
http://www.techchains.info/fo8o/
http://www.techchains.info/fo8o/
http://www.elettrosistemista.zip/fo8o/
http://www.3xfootball.com/fo8o/
|
7.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|