| 15391 |
2021-11-14 18:53
|
 3709_1636788860_785.exe e2b1b315921b100a562396ad39aa4537
Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM PE File PE32 Browser Info Stealer Malware download NetWireRC VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Checks Bios Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VMware anti-virtualization VM Disk Size Check DCRat Windows Browser ComputerName DNS crashed |
7
http://82.146.43.67/home/usersuploads/testcdn.php?3DJ5ZAx4hQDGwIsVPfNK8GLIIm=aAr5mXdMdden987sYP6vJ7JGRH1&w2AxwJX3zVbsS5O2u1NLBXx3L0q=0lnegmalcr1zlD3&xNd=tRVZ4pzY&b7e16282c3ccb86017a00fb12af1ac41=kBDNzgzNhRjY5IjM2YzMygDNjlDO2gjY2kTO0YWM0E2YiJmM1MWMidDNxcDO4ATOyYzMwczN&9b5370cd32b1a9509b7baaec65be22f1=gMiNzN3QzNykTOhRWYxYTNlVTYzMzM0AjNmVTNjlTOjRDMidjN0QGZ&59260a3b0a5d7c318b2867ee8fb5c3a5=0VfiIiOiUjZkN2M4ITM1YDZhJzY1YjZyMWOjFmY2MWO1Y2MxgDZiwiI0gTMxcjYjNjM3gzYwcTO3gDZ2UDNmdjM3QTOhRWY5MTNyQjMkJTNkJiOiEmNhFDMjdjZyIWO2kTYhFmNxcDMzIWMhZTOwYWNkJjZiwiI0QWY1ImYwE2YlZjNlBzYlRDZ2UDNyITM5Y2YhhTOmJjMyIDZhZjMhJiOiY2MxUDZ4ITZ4kDNkFGNxEWZwImNxYzYhRDZ5U2M0MTOis3W
http://82.146.43.67/home/usersuploads/testcdn.php?3DJ5ZAx4hQDGwIsVPfNK8GLIIm=aAr5mXdMdden987sYP6vJ7JGRH1&w2AxwJX3zVbsS5O2u1NLBXx3L0q=0lnegmalcr1zlD3&xNd=tRVZ4pzY&48a269404f4dc26a9b646f0957e489dd=0fdfe5c67ef13e9eaf26e3c297f7ebf3&9b5370cd32b1a9509b7baaec65be22f1=QNmRDOzgTMmdDMzUDNidDNxQjY2IDZwEGNjVDZ3MmY3MWY3MTN3IWM&3DJ5ZAx4hQDGwIsVPfNK8GLIIm=aAr5mXdMdden987sYP6vJ7JGRH1&w2AxwJX3zVbsS5O2u1NLBXx3L0q=0lnegmalcr1zlD3&xNd=tRVZ4pzY
http://82.146.43.67/home/usersuploads/testcdn.php?3DJ5ZAx4hQDGwIsVPfNK8GLIIm=aAr5mXdMdden987sYP6vJ7JGRH1&w2AxwJX3zVbsS5O2u1NLBXx3L0q=0lnegmalcr1zlD3&xNd=tRVZ4pzY&b7e16282c3ccb86017a00fb12af1ac41=kBDNzgzNhRjY5IjM2YzMygDNjlDO2gjY2kTO0YWM0E2YiJmM1MWMidDNxcDO4ATOyYzMwczN&9b5370cd32b1a9509b7baaec65be22f1=gMiNzN3QzNykTOhRWYxYTNlVTYzMzM0AjNmVTNjlTOjRDMidjN0QGZ&59260a3b0a5d7c318b2867ee8fb5c3a5=QX9JSUNJiOiUjZkN2M4ITM1YDZhJzY1YjZyMWOjFmY2MWO1Y2MxgDZiwiIhRWOwEWY2YDZxMjNyETNmFDZ0kjZ2cjNwQTYkhTZkRTZ0IjM3UGMxIiOiEmNhFDMjdjZyIWO2kTYhFmNxcDMzIWMhZTOwYWNkJjZiwiI0QWY1ImYwE2YlZjNlBzYlRDZ2UDNyITM5Y2YhhTOmJjMyIDZhZjMhJiOiY2MxUDZ4ITZ4kDNkFGNxEWZwImNxYzYhRDZ5U2M0MTOis3W
http://82.146.43.67/home/usersuploads/testcdn.php?3DJ5ZAx4hQDGwIsVPfNK8GLIIm=aAr5mXdMdden987sYP6vJ7JGRH1&w2AxwJX3zVbsS5O2u1NLBXx3L0q=0lnegmalcr1zlD3&xNd=tRVZ4pzY&b7e16282c3ccb86017a00fb12af1ac41=kBDNzgzNhRjY5IjM2YzMygDNjlDO2gjY2kTO0YWM0E2YiJmM1MWMidDNxcDO4ATOyYzMwczN&9b5370cd32b1a9509b7baaec65be22f1=gMiNzN3QzNykTOhRWYxYTNlVTYzMzM0AjNmVTNjlTOjRDMidjN0QGZ&4067fc81c594aa49a1e3bab5fdfc7f4f=d1nIyEzM2MzMzMWYmZzM2YjMlJmMihDNyMTMzYGOjhDM0QzM5QDNxYjZ4IiOiEmNhFDMjdjZyIWO2kTYhFmNxcDMzIWMhZTOwYWNkJjZiwiI0QWY1ImYwE2YlZjNlBzYlRDZ2UDNyITM5Y2YhhTOmJjMyIDZhZjMhJiOiY2MxUDZ4ITZ4kDNkFGNxEWZwImNxYzYhRDZ5U2M0MTOis3W&59260a3b0a5d7c318b2867ee8fb5c3a5=QX9JiI6ISNmR2YzgjMxUjNkFmMjVjNmJzY5MWYiZzY5UjZzEDOkJCLiITMzYzMzMzYhZmNzYjNyUmYyIGO0IzMxMjZ4MGOwQDNzkDN0EjNmhjI6ISY2EWMwM2NmJjY5YTOhFWY2EzNwMjYxEmN5AjZ1QmMmJCLiQDZhVjYiBTYjVmN2UGMjVGNkZTN0IjMxkjZjFGO5YmMyIjMkFmNyEmI6IiZzETNkhjMlhTO0QWY0ETYlBjY2EjNjFGNklTZzQzM5Iyes0nIw4WS5ZlMahWNXllTCNlYop0MaZnSIVVavpWSzkzRaVHbyYVVOVVUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJNFWNhXVRVlTsRlS0xWS2kUeSJkUsl0cJNEZwpURJBTWEl0TCNkYoVjMiBnTzMGbaJjY5JkRJNTQ5N2M5ckW1xmMWl2bqlUeW1mV1xmMWl2dTZWa3dFZ2ZlMVZXRXFmeGtWS2k0UaVXOtVGbxcVYwo0QMlWQE10dBRUT3lUaPl2dXlFMONjY3p0QMlWRXpVe5IzUnd2RkFTOyU1ZwMUSrZ1Vh1GbykFbCNzYnF1Mi9kSp9Uaj12Y2p0QMl2aE9EeFpGTzkEVNNXSU10dVpGTz0kaJZTS5lld41WSzlUaVxkSp9Uar52YwUzVkZnTtl0cJNkYxkzVaRlSp9Ua0IjYwR2ValnSDxUaVNjW0V0Rj5WNyIGVKl2TptGSkBnTtl0cJNUTxUkaMBTTU1UdnRUT5RzUONTRqlkNJN0YwpUelZTS5JWb1c1U3x2aJNXSp1UeRNzYsJlbJZTSTpFdG1GV5ZlMjZlSDxUaNVUV0lkaNVlTWJVVKl2TpV1VihWNwEVUKNETpFEVNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUp0QMlGNrlkNJNlYo5UbZxGZxMGcKNETptGbJZTSTpVd5cUY3lTbjpGbXRles1WSzlUallEZF1EN0kWTnFURJZlQxE1ZBRUTwcGVMFzaHlEcwUkVvVVbjZnTFlEcJZ0SzZ1RkVHbrlkNJNlW0ZUbUZlQxEVa3lWSDJ0QNdGMDl0dTl1NSlHN2ATYKdzZwwEb0pGcuJna3QXcENVUIplRJF0ULdzYHp1Np9maJxWMXl1TWZUVIpUelJiOiUjZkN2M4ITM1YDZhJzY1YjZyMWOjFmY2MWO1Y2MxgDZiwiIihDO2cTYiJmM1UTNzI2NwcDN1M2YjNzMwgTO1MTOiVjZ1EWYhFTMzIiOiEmNhFDMjdjZyIWO2kTYhFmNxcDMzIWMhZTOwYWNkJjZiwiI0QWY1ImYwE2YlZjNlBzYlRDZ2UDNyITM5Y2YhhTOmJjMyIDZhZjMhJiOiY2MxUDZ4ITZ4kDNkFGNxEWZwImNxYzYhRDZ5U2M0MTOis3W
http://82.146.43.67/home/usersuploads/testcdn.php?3DJ5ZAx4hQDGwIsVPfNK8GLIIm=aAr5mXdMdden987sYP6vJ7JGRH1&w2AxwJX3zVbsS5O2u1NLBXx3L0q=0lnegmalcr1zlD3&xNd=tRVZ4pzY&b7e16282c3ccb86017a00fb12af1ac41=kBDNzgzNhRjY5IjM2YzMygDNjlDO2gjY2kTO0YWM0E2YiJmM1MWMidDNxcDO4ATOyYzMwczN&9b5370cd32b1a9509b7baaec65be22f1=gMiNzN3QzNykTOhRWYxYTNlVTYzMzM0AjNmVTNjlTOjRDMidjN0QGZ&9d0ea80b3e1e55a78ac2a99270f93e31=d1nIRZWaNhlWzxWbaZnSIVVd5cVYw40VadnTuJGc4ZEWoZ1RaBXNDh1YkNDZ1k0VjBjQYJGM4ZEW200aJZTSDFGMGdUVpdXaJFDND5UavpWS1lzVhpnSYp1V012Y2RGWaRnRtN2RKNETpRjMkZXNyEWdWxWS2k0QhBjRHV1aKNjYq5EWhVkSDxUa0IDZ2VjMhVnVslkNJNUYwY0RVRnRtNmbWdkYsJFbJNXSplkNJl3Y3JEWRRnRXpFMOxWSzlUaiNTOtJmc1clVp9maJVEbrNGbOhlV0Z0VaBjTsl0cJlmYzkTbiJXNXZVavpWS5ZlMjZVMXlFbSNTVpdXaJVHZzIWd01mYWpUaPl2YtJGa4VlYoZ1RkRlSDxUa0IDZ2VjMhVnVslkNJNUYwY0RVRnRXpFMOxWSzlUaiNmSIhFerZVUNJUMVpkUFh1Y1MEWjhnRYl2bqlke1clWsp0MZRlSDxUaJBjUnVlaJZTSTRlQKxWSzl0QNVXOXFGMG12Y2JkbjZnTFlEb4JTWop0MUl2bql0aKhVW2pUbjxGaHRmdxsWSzl0URZHNrlkNJNkYzZkMkxmSYF2RKNETpVEMM9kSp9UaNhFZ5xWbkBnUuJmQKNETpRjMkZXNyEWdWxWS2k0QVpUNVFVTKNETpd2aZRHZFlkcWdEZ2VTbiBnSp9UaNFDVKp0aJNXSTtUWtx0NsZjS3cGOXF2aWhVUnRjMiBnUYFWds1mWsJVRJ9GZXFWSoNkcCJzT0RWePlmb1VXS2kUejxWNyI2bCNjY550Vh5kSDxUaJl2Tp1EWihmTtlFbkxWSzlUallEZF1EN0kWTnFURJZlQxE1ZBRUTwcGVMFzaHlEcwUkVvVVbjZnTFlEcJZ0SzZ1RkVHbrlkNJNlW0ZUbUZlQxEVa3lWSDJ0QNdGMDl0dTl1NSlHN2ATYKdzZwwEb0pGcuJna3QXcENVUIplRJF0ULdzYHp1Np9maJxWMXl1TWZUVIpUelJiOiUjZkN2M4ITM1YDZhJzY1YjZyMWOjFmY2MWO1Y2MxgDZiwiI0gTMxcjYjNjM3gzYwcTO3gDZ2UDNmdjM3QTOhRWY5MTNyQjMkJTNkJiOiEmNhFDMjdjZyIWO2kTYhFmNxcDMzIWMhZTOwYWNkJjZiwiI0QWY1ImYwE2YlZjNlBzYlRDZ2UDNyITM5Y2YhhTOmJjMyIDZhZjMhJiOiY2MxUDZ4ITZ4kDNkFGNxEWZwImNxYzYhRDZ5U2M0MTOis3W
http://82.146.43.67/home/usersuploads/testcdn.php?3DJ5ZAx4hQDGwIsVPfNK8GLIIm=aAr5mXdMdden987sYP6vJ7JGRH1&w2AxwJX3zVbsS5O2u1NLBXx3L0q=0lnegmalcr1zlD3&xNd=tRVZ4pzY&b7e16282c3ccb86017a00fb12af1ac41=kBDNzgzNhRjY5IjM2YzMygDNjlDO2gjY2kTO0YWM0E2YiJmM1MWMidDNxcDO4ATOyYzMwczN&9b5370cd32b1a9509b7baaec65be22f1=gMiNzN3QzNykTOhRWYxYTNlVTYzMzM0AjNmVTNjlTOjRDMidjN0QGZ
http://82.146.43.67/home/usersuploads/testcdn.php?3DJ5ZAx4hQDGwIsVPfNK8GLIIm=aAr5mXdMdden987sYP6vJ7JGRH1&w2AxwJX3zVbsS5O2u1NLBXx3L0q=0lnegmalcr1zlD3&xNd=tRVZ4pzY&b7e16282c3ccb86017a00fb12af1ac41=kBDNzgzNhRjY5IjM2YzMygDNjlDO2gjY2kTO0YWM0E2YiJmM1MWMidDNxcDO4ATOyYzMwczN&9b5370cd32b1a9509b7baaec65be22f1=gMiNzN3QzNykTOhRWYxYTNlVTYzMzM0AjNmVTNjlTOjRDMidjN0QGZ&4067fc81c594aa49a1e3bab5fdfc7f4f=d1nIhRWOwEWY2YDZxMjNyETNmFDZ0kjZ2cjNwQTYkhTZkRTZ0IjM3UGMxIiOiEmNhFDMjdjZyIWO2kTYhFmNxcDMzIWMhZTOwYWNkJjZiwiI0QWY1ImYwE2YlZjNlBzYlRDZ2UDNyITM5Y2YhhTOmJjMyIDZhZjMhJiOiY2MxUDZ4ITZ4kDNkFGNxEWZwImNxYzYhRDZ5U2M0MTOis3W
|
1
|
2
ET MALWARE DCRAT Activity (GET)
ET MALWARE Win32/DCRat CnC Exfil
|
|
17.4 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15392 |
2021-11-14 18:53
|
 Trumpeters.exe 16682361862d0d1d86d8021286fee3fd
RAT BitCoin Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
1
79.134.225.10 - mailcious
|
|
|
9.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15393 |
2021-11-14 18:56
|
 build.exe 7819fce8aca798a7b78bd00d28399b64
AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Collect installed applications Detects VirtualBox Detects VMWare VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed |
|
1
|
|
|
15.0 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15394 |
2021-11-14 18:58
|
 etl_00382_0541_0165410000.exe abbd913fabcce80fe6c14f8103800378
RAT Generic Malware Malicious Library AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.6 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15395 |
2021-11-14 18:59
|
 asdfg.exe 6966182dd20351152ea815d31e735067
PWS Loki[b] Loki.m RAT Gen1 Gen2 [m] Generic Malware Generic Malware task schedule UPX Malicious Packer Malicious Library Socket DNS Internet API HTTP KeyLogger ScreenShot Http API Steal credential AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Browser Info Stealer Malware download FTP Client Info Stealer Vidar Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Ransomware Zeus OskiStealer Stealer Windows Chrome Browser Email ComputerName DNS Cryptographic key Software crashed Downloader Password |
15
http://colonna.ac.ug/ - rule_id: 7517
http://colonna.ac.ug/
http://colonna.ac.ug/nss3.dll
http://colonna.ug/pm.exe
http://colonna.ac.ug/softokn3.dll
http://colonna.ac.ug/msvcp140.dll
http://colonna.ug/index.php - rule_id: 7513
http://colonna.ug/index.php
http://colonna.ug/cc.exe
http://colonna.ac.ug/mozglue.dll
http://colonna.ac.ug/vcruntime140.dll
http://colonna.ac.ug/main.php
http://colonna.ac.ug/freebl3.dll
http://colonna.ac.ug/sqlite3.dll
https://cdn.discordapp.com/attachments/909035193627705347/909036151287971850/Egfckkoxgosufdyqxdmlgfdwpjkldcw
|
13
t.me(149.154.167.99)
colonna.ac.ug(185.215.113.77)
colonna.ug(185.215.113.77)
cdn.discordapp.com(162.159.135.233) - malware
149.154.167.99
91.219.236.162
185.163.47.176 - mailcious
193.38.54.238
91.219.236.240
162.159.135.233 - malware
82.146.43.67
185.215.113.77 - malware
74.119.192.122
|
11
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET MALWARE AZORult v3.3 Server Response M3
ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)
|
2
http://colonna.ac.ug/
http://colonna.ug/index.php
|
27.8 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15396 |
2021-11-15 09:52
|
 asdfg.exe 6966182dd20351152ea815d31e735067
PWS Loki[b] Loki.m RAT Gen1 Generic Malware UPX Malicious Library Malicious Packer Socket DNS Internet API HTTP KeyLogger ScreenShot Http API Steal credential AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee OskiStealer Stealer Windows Chrome Browser Email ComputerName DNS Cryptographic key crashed Password |
12
http://colonna.ac.ug/nss3.dll
http://colonna.ug/index.php - rule_id: 7513
http://colonna.ug/index.php
http://colonna.ac.ug/mozglue.dll
http://colonna.ac.ug/softokn3.dll
http://colonna.ac.ug/msvcp140.dll
http://colonna.ac.ug/ - rule_id: 7517
http://colonna.ac.ug/
http://colonna.ac.ug/vcruntime140.dll
http://colonna.ac.ug/main.php
http://colonna.ac.ug/freebl3.dll
http://colonna.ac.ug/sqlite3.dll
|
10
t.me(149.154.167.99)
colonna.ac.ug(185.215.113.77)
colonna.ug(185.215.113.77)
149.154.167.99
91.219.236.162
185.163.47.176 - mailcious
193.38.54.238
91.219.236.240
185.215.113.77 - malware
74.119.192.122
|
8
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO TLS Handshake Failure
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)
|
2
http://colonna.ug/index.php
http://colonna.ac.ug/
|
22.4 |
|
27 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15397 |
2021-11-15 14:30
|
 2267_1636828447_4225.exe 0f9d1f2e3aaad601bb95a039b0aedcfb
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15398 |
2021-11-15 14:30
|
 Goels.exe 31071ff37a004d1409f24abc64d14ac1
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed |
1
|
4
molerreneta.xyz(45.8.124.72)
api.ip.sb(104.26.12.31)
45.8.124.72
104.26.13.31
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.0 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15399 |
2021-11-15 14:32
|
 stenc.exe 0eed73c62d0e4786e27e66a1cbedc15a
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware unpack itself crashed |
|
|
|
|
1.4 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15400 |
2021-11-15 14:32
|
 666777666.exe 60772ab816ff660abbe13f426a57005d
RAT PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File OS Processor Check PE32 .NET EXE PNG Format MSOffice File JPEG Format Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications installed browsers check Tofsee Windows Exploit Browser ComputerName DNS Cryptographic key Software crashed |
|
3
axiebox.axieinfinity.to(162.0.217.24)
162.0.217.24
93.115.20.139 - mailcious
|
3
ET DNS Query for .to TLD
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
8.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15401 |
2021-11-15 14:34
|
hubris.exe 9b58b4fa3bec6452d6ff2902342705e0
Emotet Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15402 |
2021-11-15 14:34
|
 f1_f.exe 2b981c5d303d855ff0b7784ea7082860
Generic Malware Themida Packer Anti_VM UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed |
1
https://cdn.discordapp.com/attachments/688809529202442354/908412484648591370/FULL.exe
|
3
cdn.discordapp.com(162.159.135.233) - malware
86.107.197.248
162.159.130.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15403 |
2021-11-15 14:36
|
 664_1636917001_7631.exe 0db3251c697b3c254c36b60edcf4a63f
RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee |
1
https://cdn.discordapp.com/attachments/904087972113158144/908022245379674122/60493b64af7d0d9a.exe
|
2
cdn.discordapp.com(162.159.133.233) - malware
162.159.129.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15404 |
2021-11-15 14:36
|
 Faints.exe 5e34695c9f46f1e69ce731d3b7359c88
RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed |
1
https://cdn.discordapp.com/attachments/906160963437363273/909474633428893706/Goels.exe
|
3
cdn.discordapp.com(162.159.133.233) - malware
185.159.80.90
162.159.133.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.4 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15405 |
2021-11-15 14:38
|
 almost.exe a9a18e24fe81eaadcfaf2fde2b6d40ca
RAT Generic Malware PE File PE32 .NET EXE VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW ComputerName DNS DDNS |
|
1
cedarfalls.hopto.org(0.0.0.0)
|
1
ET POLICY DNS Query to DynDNS Domain *.hopto .org
|
|
3.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|