| 15211 |
2021-11-10 18:14
|
 9819_1636144096_7282.exe d2a7e15bafee524ad1f0eb7174fca6e6
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.6 |
|
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15212 |
2021-11-10 18:16
|
 7993_1636371023_9825.exe bde1dbafbe609f7da66db66356d8f9e3
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.4 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15213 |
2021-11-10 18:19
|
 7667_1636198353_7510.exe 74e5ee47e3f1cec8ad5499d20d5e200d
RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed |
2
https://bbuseruploads.s3.amazonaws.com/106c20d9-164b-4dd4-b490-03c87b0b7644/downloads/404d411e-cff1-4a6e-a692-35848ebfb2a2/z1az1z1.jpeg?Signature=0a%2FaUfxFDTKKfGp7%2F%2FiM2E3ZALY%3D&Expires=1636537029&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=paeg0MfP4Nlgy9V.oFLvS3IwE8D98C8O&response-content-disposition=attachment%3B%20filename%3D%22z1az1z1.jpeg%22
https://bitbucket.org/chege3/softwarellc/downloads/z1az1z1.jpeg
|
7
www.youtube.com(142.250.199.110)
bbuseruploads.s3.amazonaws.com(52.217.227.121) - malware
bitbucket.org(104.192.141.1) - malware
104.168.237.55
52.217.140.169
142.250.66.142
104.192.141.1 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.0 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15214 |
2021-11-10 18:21
|
 5675_1636449658_2701.exe 510129781d403976345afea3bdb4e426
Themida Packer Anti_VM UPX PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed |
|
1
|
|
|
7.4 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15215 |
2021-11-10 18:23
|
 7525_1636260291_3969.exe 273fc85ec0936207047fae24cf7630bf
RAT Generic Malware UPX AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself anti-virtualization Windows ComputerName DNS Cryptographic key |
|
1
185.215.113.109 - phishing
|
|
|
9.4 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15216 |
2021-11-10 18:25
|
 8071_1636483658_131.exe df90b2e12b0377db82d6a1cdcf3b8ad8
RAT Generic Malware PE64 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Check memory Checks debugger buffers extracted unpack itself Collect installed applications Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
7.2 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15217 |
2021-11-10 18:29
|
 ServicedetailforDARevision.pdf e822e0070c7f84af44407fd2fdfee044
PDF unpack itself Windows utilities Windows |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15218 |
2021-11-10 20:18
|
 AZ AMS Roster Import.exe dc68284a79d3299b382ffdf1f4be2f92
North Korea RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
2.0 |
|
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15219 |
2021-11-11 07:39
|
 winl.exe 20126108d90d62860119d71b7525988b
RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself |
|
|
|
|
2.8 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15220 |
2021-11-11 07:50
|
 rfsfjuyz.exe 08f198a71bb460e8b4b92f148eac13bf
PWS Loki[b] Loki.m Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Software |
1
http://rfsfju.xyz/blsdxx/fre.php
|
2
rfsfju.xyz(172.67.171.101)
172.67.171.101
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
7.4 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15221 |
2021-11-11 07:52
|
 ConsoleApp17.exe 521339ae9fa89c3af1b50456781272a8
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key crashed |
16
http://www.phnurse.com/pufi/?Sj=8XeJgFul1vAFBqvwTVyKQVXbVtTYM8q0+557R870TEe1UFGhEDSXyo0zAgRWp9soMz26Ux6U&RX=dnC4O0dPddHd4N7
http://www.afroonline.net/pufi/?Sj=N7/n59X1cLHAFWzBtTRt3ZdT6K0UB/kzW/M+XSUtFpOZsEcgix3fZuiXDLxe7X+kmnoPuhMQ&RX=dnC4O0dPddHd4N7 - rule_id: 7396
http://www.afroonline.net/pufi/?Sj=N7/n59X1cLHAFWzBtTRt3ZdT6K0UB/kzW/M+XSUtFpOZsEcgix3fZuiXDLxe7X+kmnoPuhMQ&RX=dnC4O0dPddHd4N7
http://www.203040302.xyz/pufi/?Sj=SazsJgrzUpUyryEoRzL3ozLk5u53xI01dS37dEHagUSA7M4+pBFoADpSCFKEyXWsPLe4UTZI&RX=dnC4O0dPddHd4N7 - rule_id: 7397
http://www.203040302.xyz/pufi/?Sj=SazsJgrzUpUyryEoRzL3ozLk5u53xI01dS37dEHagUSA7M4+pBFoADpSCFKEyXWsPLe4UTZI&RX=dnC4O0dPddHd4N7
http://www.ndust.net/pufi/?Sj=y124CMd3X80IKlF1ruJkpyWQk/ERSxpAry48nMXi4iIdJ9a4kPTCTgPsVWTUHiVYZjE0BVO6&RX=dnC4O0dPddHd4N7 - rule_id: 7275
http://www.ndust.net/pufi/?Sj=y124CMd3X80IKlF1ruJkpyWQk/ERSxpAry48nMXi4iIdJ9a4kPTCTgPsVWTUHiVYZjE0BVO6&RX=dnC4O0dPddHd4N7
http://www.silvanaribeirocake.com/pufi/?Sj=KVpxRsxBLGyR/dA5dRco2gV7HLwBacBO7g/vDRrLDRjj50ANKbl2DTrEUGdcD8sCaL2jKW82&RX=dnC4O0dPddHd4N7 - rule_id: 7398
http://www.silvanaribeirocake.com/pufi/?Sj=KVpxRsxBLGyR/dA5dRco2gV7HLwBacBO7g/vDRrLDRjj50ANKbl2DTrEUGdcD8sCaL2jKW82&RX=dnC4O0dPddHd4N7
http://www.opinionprofesional.com/pufi/?Sj=SoCL1OGG2aF+S/uRy7OgDJtS2MINmGMhaCWkDQqggbMkLGHh3Gz10tmbZTFPSD7uFiv8opbc&RX=dnC4O0dPddHd4N7
http://84.252.121.97/ken/ConsoleApp17.png
http://www.nishiki-sougou.com/pufi/?Sj=L8fDVh1OUVeer350YRvQBaLd51y9m5TNxA7YU60IN4EJ7RSsSlr3SNitagTtpEnQ6WCpTHPd&RX=dnC4O0dPddHd4N7 - rule_id: 7401
http://www.nishiki-sougou.com/pufi/?Sj=L8fDVh1OUVeer350YRvQBaLd51y9m5TNxA7YU60IN4EJ7RSsSlr3SNitagTtpEnQ6WCpTHPd&RX=dnC4O0dPddHd4N7
http://www.50003008.com/pufi/?Sj=uJkDQXLW+vjml4mTD2qRvRRVGceOs1ip8Zh+ZSBGGyaAUHjL1aigFwJTpVX97pYFfRNybcHp&RX=dnC4O0dPddHd4N7
http://www.donaldpowers.store/pufi/?Sj=nyHN3ANVlMAzfqaDgI1iNAQsgXcCValkrJwU6bpJcZrtEB2xC+87EoJfCKs3HzM0uPrvSfK0&RX=dnC4O0dPddHd4N7 - rule_id: 7274
http://www.donaldpowers.store/pufi/?Sj=nyHN3ANVlMAzfqaDgI1iNAQsgXcCValkrJwU6bpJcZrtEB2xC+87EoJfCKs3HzM0uPrvSfK0&RX=dnC4O0dPddHd4N7
|
20
www.opinionprofesional.com(198.59.144.28)
www.50003008.com(156.235.230.196)
www.nishiki-sougou.com(156.234.138.185)
www.ndust.net(104.18.27.58)
www.203040302.xyz(44.227.65.245)
www.phnurse.com(199.59.242.153)
www.donaldpowers.store(104.26.10.41)
www.afroonline.net(154.23.98.181)
www.silvanaribeirocake.com(139.162.67.26)
www.rednacionaldejuecesrd.net()
156.235.230.196 - mailcious
44.227.76.166 - mailcious
139.162.67.26
156.234.138.185
198.59.144.28
84.252.121.97
199.59.242.153 - mailcious
154.23.98.181
104.26.11.41
104.18.26.58
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
6
http://www.afroonline.net/pufi/
http://www.203040302.xyz/pufi/
http://www.ndust.net/pufi/
http://www.silvanaribeirocake.com/pufi/
http://www.nishiki-sougou.com/pufi/
http://www.donaldpowers.store/pufi/
|
8.8 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15222 |
2021-11-11 09:31
|
 ConsoleApp17.exe 521339ae9fa89c3af1b50456781272a8
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key crashed |
2
http://84.252.121.97/ken/ConsoleApp17.png - rule_id: 7838
http://84.252.121.97/ken/ConsoleApp17.png
|
1
|
|
1
http://84.252.121.97/ken/ConsoleApp17.png
|
8.8 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15223 |
2021-11-11 10:10
|
 ConsoleApp17.exe 521339ae9fa89c3af1b50456781272a8
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key crashed |
2
http://84.252.121.97/ken/ConsoleApp17.png - rule_id: 7838
http://84.252.121.97/ken/ConsoleApp17.png
|
1
|
|
1
http://84.252.121.97/ken/ConsoleApp17.png
|
8.8 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15224 |
2021-11-11 11:30
|
 ConsoleApp17.exe 521339ae9fa89c3af1b50456781272a8
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key crashed |
2
http://84.252.121.97/ken/ConsoleApp17.png - rule_id: 7838
http://84.252.121.97/ken/ConsoleApp17.png
|
1
|
|
1
http://84.252.121.97/ken/ConsoleApp17.png
|
8.8 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15225 |
2021-11-11 12:33
|
 lots.exe 5575302eba0ea0e5f6b9fda28d1e1eb7
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|