| 15421 |
2021-11-15 14:59
|
 2.exe ce5df5626f2facc562ea61aad3d5d312
Generic Malware UPX Antivirus Create Service DGA Socket DNS SMTP Internet API Code injection Sniff Audio KeyLogger Escalate priviledges Downloader ScreenShot AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key crashed keylogger |
|
1
|
|
|
17.0 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15422 |
2021-11-15 15:00
|
 Entrepreneur.exe d663f5a1f4c8bf1bacb90324e7a38b64
RAT Generic Malware PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15423 |
2021-11-15 15:02
|
 index.php ae43eeced75fa3cb00434d1c43a821fd
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
1.8 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15424 |
2021-11-15 15:05
|
 f2_f.exe 2855945a6869f6118a4a0bf2c88fd40b
Lazarus Family Themida Packer Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed |
1
https://cdn.discordapp.com/attachments/688809529202442354/908412484648591370/FULL.exe
|
3
cdn.discordapp.com(162.159.134.233) - malware
162.159.133.233 - malware
86.107.197.248
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.6 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15425 |
2021-11-15 15:07
|
 index.php c4f80edfc9b700b7b3c49d52a4e024bb
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
1.8 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15426 |
2021-11-15 17:18
|
 asdfg.exe 6966182dd20351152ea815d31e735067
PWS Loki[b] Loki.m RAT Gen1 Generic Malware UPX Malicious Library Malicious Packer Socket DNS Internet API HTTP KeyLogger ScreenShot Http API Steal credential AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee OskiStealer Stealer Windows Chrome Browser Email ComputerName DNS Cryptographic key crashed Password |
12
http://colonna.ac.ug/nss3.dll
http://colonna.ug/index.php - rule_id: 7513
http://colonna.ug/index.php
http://colonna.ac.ug/mozglue.dll
http://colonna.ac.ug/softokn3.dll
http://colonna.ac.ug/msvcp140.dll
http://colonna.ac.ug/ - rule_id: 7517
http://colonna.ac.ug/
http://colonna.ac.ug/vcruntime140.dll
http://colonna.ac.ug/main.php
http://colonna.ac.ug/freebl3.dll
http://colonna.ac.ug/sqlite3.dll
|
10
t.me(149.154.167.99)
colonna.ac.ug(185.215.113.77)
colonna.ug(185.215.113.77)
149.154.167.99
91.219.236.162
185.163.47.176 - mailcious
193.38.54.238
91.219.236.240
185.215.113.77 - malware
74.119.192.122
|
8
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)
|
2
http://colonna.ug/index.php
http://colonna.ac.ug/
|
23.0 |
|
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15427 |
2021-11-15 17:33
|
 asdfg.exe 6966182dd20351152ea815d31e735067
PWS Loki[b] Loki.m RAT Gen1 Generic Malware UPX Malicious Library Malicious Packer Socket DNS Internet API HTTP KeyLogger ScreenShot Http API AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check OskiStealer Stealer Windows Chrome Browser Email ComputerName Cryptographic key crashed Password |
12
http://colonna.ac.ug/nss3.dll
http://colonna.ug/index.php - rule_id: 7513
http://colonna.ug/index.php
http://colonna.ac.ug/mozglue.dll
http://colonna.ac.ug/softokn3.dll
http://colonna.ac.ug/msvcp140.dll
http://colonna.ac.ug/ - rule_id: 7517
http://colonna.ac.ug/
http://colonna.ac.ug/vcruntime140.dll
http://colonna.ac.ug/main.php
http://colonna.ac.ug/freebl3.dll
http://colonna.ac.ug/sqlite3.dll
|
3
colonna.ac.ug(185.215.113.77)
colonna.ug(185.215.113.77)
185.215.113.77 - malware
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)
|
2
http://colonna.ug/index.php
http://colonna.ac.ug/
|
20.8 |
|
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15428 |
2021-11-15 17:38
|
 asdfg.exe 6966182dd20351152ea815d31e735067
PWS Loki[b] Loki.m RAT Gen1 Generic Malware UPX Malicious Library Malicious Packer Steal credential ScreenShot Http API Socket DNS Internet API HTTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee OskiStealer Stealer Windows Chrome Browser Email ComputerName DNS Cryptographic key crashed Password |
12
http://colonna.ac.ug/nss3.dll
http://colonna.ug/index.php - rule_id: 7513
http://colonna.ug/index.php
http://colonna.ac.ug/mozglue.dll
http://colonna.ac.ug/softokn3.dll
http://colonna.ac.ug/msvcp140.dll
http://colonna.ac.ug/ - rule_id: 7517
http://colonna.ac.ug/
http://colonna.ac.ug/vcruntime140.dll
http://colonna.ac.ug/main.php
http://colonna.ac.ug/freebl3.dll
http://colonna.ac.ug/sqlite3.dll
|
10
t.me(149.154.167.99)
colonna.ac.ug(185.215.113.77)
colonna.ug(185.215.113.77)
149.154.167.99
91.219.236.162
185.163.47.176 - mailcious
193.38.54.238
91.219.236.240
185.215.113.77 - malware
74.119.192.122
|
8
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET POLICY PE EXE or DLL Windows file download HTTP
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)
|
2
http://colonna.ug/index.php
http://colonna.ac.ug/
|
23.0 |
|
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15429 |
2021-11-15 17:43
|
 asdfg.exe 6966182dd20351152ea815d31e735067
PWS Loki[b] Loki.m RAT Gen1 Generic Malware UPX Malicious Library Malicious Packer Steal credential ScreenShot Http API Socket DNS Internet API HTTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee OskiStealer Stealer Windows Chrome Browser Email ComputerName DNS Cryptographic key crashed Password |
12
http://colonna.ac.ug/nss3.dll
http://colonna.ug/index.php - rule_id: 7513
http://colonna.ug/index.php
http://colonna.ac.ug/mozglue.dll
http://colonna.ac.ug/softokn3.dll
http://colonna.ac.ug/msvcp140.dll
http://colonna.ac.ug/ - rule_id: 7517
http://colonna.ac.ug/
http://colonna.ac.ug/vcruntime140.dll
http://colonna.ac.ug/main.php
http://colonna.ac.ug/freebl3.dll
http://colonna.ac.ug/sqlite3.dll
|
10
t.me(149.154.167.99)
colonna.ac.ug(185.215.113.77)
colonna.ug(185.215.113.77)
149.154.167.99
91.219.236.162
185.163.47.176 - mailcious
193.38.54.238
91.219.236.240
185.215.113.77 - malware
74.119.192.122
|
8
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)
|
2
http://colonna.ug/index.php
http://colonna.ac.ug/
|
22.2 |
|
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15430 |
2021-11-15 17:49
|
 asdfg.exe 6966182dd20351152ea815d31e735067
PWS Loki[b] Loki.m RAT Gen1 Generic Malware UPX Malicious Library Malicious Packer Steal credential ScreenShot Http API Socket DNS Internet API HTTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE JPEG Format OS Processor Check DLL Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee OskiStealer Stealer Windows Chrome Browser Email ComputerName DNS Cryptographic key crashed Password |
12
http://colonna.ac.ug/nss3.dll
http://colonna.ug/index.php - rule_id: 7513
http://colonna.ug/index.php
http://colonna.ac.ug/mozglue.dll
http://colonna.ac.ug/softokn3.dll
http://colonna.ac.ug/msvcp140.dll
http://colonna.ac.ug/ - rule_id: 7517
http://colonna.ac.ug/
http://colonna.ac.ug/vcruntime140.dll
http://colonna.ac.ug/main.php
http://colonna.ac.ug/freebl3.dll
http://colonna.ac.ug/sqlite3.dll
|
10
t.me(149.154.167.99)
colonna.ac.ug(185.215.113.77)
colonna.ug(185.215.113.77)
149.154.167.99
91.219.236.162
185.163.47.176 - mailcious
193.38.54.238
91.219.236.240
185.215.113.77 - malware
74.119.192.122
|
8
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET POLICY PE EXE or DLL Windows file download HTTP
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)
|
2
http://colonna.ug/index.php
http://colonna.ac.ug/
|
22.6 |
|
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15431 |
2021-11-15 17:56
|
 asdfg.exe 6966182dd20351152ea815d31e735067
PWS Loki[b] Loki.m RAT Gen1 Generic Malware UPX Malicious Library Malicious Packer Socket DNS Internet API HTTP KeyLogger ScreenShot Http API Steal credential AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee OskiStealer Stealer Windows Chrome Browser Email ComputerName DNS Cryptographic key crashed Password |
12
http://colonna.ac.ug/nss3.dll
http://colonna.ug/index.php - rule_id: 7513
http://colonna.ug/index.php
http://colonna.ac.ug/mozglue.dll
http://colonna.ac.ug/softokn3.dll
http://colonna.ac.ug/msvcp140.dll
http://colonna.ac.ug/ - rule_id: 7517
http://colonna.ac.ug/
http://colonna.ac.ug/vcruntime140.dll
http://colonna.ac.ug/main.php
http://colonna.ac.ug/freebl3.dll
http://colonna.ac.ug/sqlite3.dll
|
10
t.me(149.154.167.99)
colonna.ac.ug(185.215.113.77)
colonna.ug(185.215.113.77)
149.154.167.99
91.219.236.162
185.163.47.176 - mailcious
193.38.54.238
91.219.236.240
185.215.113.77 - malware
74.119.192.122
|
8
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)
|
2
http://colonna.ug/index.php
http://colonna.ac.ug/
|
22.0 |
|
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15432 |
2021-11-15 18:03
|
 asdfg.exe 6966182dd20351152ea815d31e735067
RAT Gen1 Generic Malware UPX Malicious Library Malicious Packer Steal credential ScreenShot Http API AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW anti-virtualization installed browsers check Tofsee OskiStealer Stealer Windows Chrome Browser Email ComputerName DNS Cryptographic key crashed Password |
10
http://colonna.ac.ug/nss3.dll
http://colonna.ac.ug/mozglue.dll
http://colonna.ac.ug/softokn3.dll
http://colonna.ac.ug/msvcp140.dll
http://colonna.ac.ug/ - rule_id: 7517
http://colonna.ac.ug/
http://colonna.ac.ug/vcruntime140.dll
http://colonna.ac.ug/main.php
http://colonna.ac.ug/freebl3.dll
http://colonna.ac.ug/sqlite3.dll
|
9
t.me(149.154.167.99)
colonna.ac.ug(185.215.113.77)
149.154.167.99
91.219.236.162
185.163.47.176 - mailcious
193.38.54.238
91.219.236.240
185.215.113.77 - malware
74.119.192.122
|
8
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)
|
1
|
21.8 |
|
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15433 |
2021-11-16 10:52
|
 bird.png 0229f8f8d584db985b35dd57661f94bd
Gen2 UPX PE File OS Processor Check PE32 Remote Code Execution |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15434 |
2021-11-16 10:54
|
adal.jar 70b108c4541b2158a0ece7a7977e4a38VirusTotal Malware Check memory heapspray unpack itself Java |
|
|
|
|
2.0 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15435 |
2021-11-16 11:07
|
adal.jar 70b108c4541b2158a0ece7a7977e4a38VirusTotal Malware Check memory RWX flags setting unpack itself WriteConsoleW crashed |
|
|
|
|
1.8 |
|
7 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|