151 |
2024-09-13 09:36
|
account.aspx e73d75e539b7e9acf48683fc6b2cb4ab Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Checks debugger unpack itself Tofsee crashed |
|
2
motorans.com(193.109.85.43) - malware 193.109.85.43 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
1.6 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
152 |
2024-09-13 09:35
|
66e2cce3eae78_Pink_0x000872A65... 00465490b449aa57d0e1ac7cba51af72 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check crashed |
|
|
|
|
0.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
153 |
2024-09-13 09:34
|
Graphic.bat c64838099d6a9eeffb87c15a15c96892 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
4.6 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
154 |
2024-09-13 09:33
|
1.exe 95bb292a795c5c517e405f698fbd3fed Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 DLL Malware download VirusTotal Malware Malicious Traffic AppData folder suspicious TLD CryptBot DNS |
1
http://tventyvd20ht.top/v1/upload.php
|
2
tventyvd20ht.top(194.87.248.136) 194.87.248.136 - mailcious
|
3
ET DNS Query to a *.top domain - Likely Hostile ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 ET INFO HTTP Request to a *.top domain
|
|
3.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
155 |
2024-09-13 09:33
|
useraccount.aspx 5fb15984b6312b2de010679b77c2e3b4 Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
156 |
2024-09-13 09:33
|
66e316a0373e2_crypted.exe#1 11506bb939332f58920d0a3c8ad1c5c2 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
185.203.241.68 - mailcious
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
14.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
157 |
2024-09-13 09:33
|
frownked2.1.exe ab7caff90a8347576988a104a322a916 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS |
18
http://www.trapkitten.website/vzgx/?Jht=fAt7pIVPpGXAvBzfbofxH6KLA/SKUI8tR0TDZSipM2iZbUNyxYUxThLLESsgo4hlkDzs7nheSjoc1Sj/m3Gn3caq3+Ik36hEeLqFX7XS2ZCHg+ZK2jYSb1UZmcKhE1PtLCklngg=&fl=WtGo http://www.dfmagazine.shop/wc8m/ http://www.kevin-torkelson.info/gekb/?Jht=5z2j4JvjBCmnxDGmXhsNUCzyBEeNU+efumCOi9/ZiiqSem4bSPmiC7+SQGIeXbOACmsQlkv/nReqN9BPj1atBFP4iljpjZG37OmieLn9iAg49nsR4NFlAX0ACoZEb3mOX8X6rtg=&fl=WtGo http://www.disn-china.buzz/za6x/ http://www.qwefs.org/toq1/ http://www.disn-china.buzz/za6x/?Jht=EgAkyEJNK52+6mt3E5/kJbXdEzdYowDWwvgRo5oIQtO9ZSuXgOHTA+BJ7wLJ2gaYF8C47CtaBGKeFv/a+P8O0H1n59GM1zMsYaWK1AmiqPY5ZahcO8GJtNWa29lHrhEg3yNDlxM=&fl=WtGo http://www.pmjjewels.online/risb/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip http://www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip http://www.mandemj.top/to69/?Jht=jnxbIh9toY3Lk087C6fRSAIIDhtmtOIIZy5Q1YpSMvmzprTTtz9chlCe8JLifgChZqJUy3cTTTxPfarkAUDrW4VnhfiXjSai62R1N2pl8mrhOBQxiL5e+vemTWR4j4PbfMHKe5c=&fl=WtGo http://www.trapkitten.website/vzgx/ http://www.kevin-torkelson.info/gekb/ http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.mandemj.top/to69/ http://www.qwefs.org/toq1/?Jht=uFBHOFjbtFvxqkcdxVd4tJdULw7QnIRXIDe+8RHTfxNdoahKRW8U0UCbhdOPwbKTgOK/uYLPOnJNTHSrlEGfXzyIhJOeIq51xyFm40Ibheoc9HKPcTfbc4gFNH+mWXon7XUk+C8=&fl=WtGo http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.dfmagazine.shop/wc8m/?Jht=LNw/HBPP4tr5bvxRqEHHjPwHzHq/oSZ3YB7NlE9rWxPCxu7fGi7WVymEaD0ez69xv6ZMfJiRCRJpj/kbYTwl2Jp3vmj/K6IWSBhtVJ2AAHCG128jD1oExGyyLZzj9OMbCV/AQw0=&fl=WtGo http://www.pmjjewels.online/risb/?Jht=eaaelBCTiJBUEmuLZOnRpNwStkEgMLy/XK1YEbKYGwCJmco23DW+jwYfw/wGti4g6zAdqT8YjPqv8SPTYnHAaF9kOPWwjHlUiv4xVtfBSx2ls1nJs2JEa5QE0YkRP5wLYmM3P0s=&fl=WtGo
|
16
www.pmjjewels.online(199.59.243.226) www.trapkitten.website() www.mandemj.top(162.0.238.43) www.disn-china.buzz(161.97.168.245) www.dfmagazine.shop(84.32.84.32) www.qwefs.org(45.114.171.236) www.mktimediato.online() www.kevin-torkelson.info(208.91.197.27) 199.59.243.226 - phishing 84.32.84.32 - mailcious 208.91.197.27 - mailcious 161.97.168.245 45.114.171.236 45.33.6.223 162.0.238.43 - mailcious 195.161.68.8 - mailcious
|
3
ET INFO HTTP Request to a *.buzz domain ET INFO HTTP Request to a *.top domain ET DNS Query to a *.top domain - Likely Hostile
|
|
7.6 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
158 |
2024-09-13 09:31
|
seennewthingsentireworldseethe... e586cee8737a0875953be251a6b08be7 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
2
ia601706.us.archive.org(207.241.227.96) - malware 207.241.227.96 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
159 |
2024-09-13 09:29
|
greennicepicturegetmebackwithy... fa071ef25a60e1eaea926347f324dd13 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
2
ia601706.us.archive.org(207.241.227.96) - malware 207.241.227.96 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
160 |
2024-09-13 09:28
|
66e30a27e0efe_tmpD.exe af91873c641aab500eba3a3ad6f17b74 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Creates executable files RWX flags setting Windows utilities suspicious process Tofsee Windows Remote Code Execution |
1
https://wlnrar.shop/json.php
|
2
wlnrar.shop(172.67.177.42) 104.21.80.99
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
161 |
2024-09-13 09:27
|
setup3.exe 2ff26b3561bd1921720cc328a0199d4c Malicious Library UPX PE File PE32 OS Processor Check unpack itself |
|
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
162 |
2024-09-13 09:27
|
beautifuldaysbeautyofthedayher... 68862cb17d442aee2608c7216f929e37 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
2
ia601706.us.archive.org(207.241.227.96) - malware 207.241.227.96 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
163 |
2024-09-13 09:26
|
useraccount.aspx 9b73c82d8f0e6cae3bce7b2fc98b3383 Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Checks debugger unpack itself Tofsee crashed |
|
4
seburage.com(194.67.193.73) banydox.com(194.67.193.74) 194.67.193.74 194.67.193.73
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
2.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
164 |
2024-09-13 09:26
|
gooddaycomingwithgoodthingsent... 4dada1c43d8218485ddb6a4ae1fd8fa1 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://107.172.148.248/82/pictureonmewithgreatthingsonhere.tIF
|
3
ia600100.us.archive.org(207.241.227.240) 107.172.148.248 207.241.227.240
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
165 |
2024-09-13 09:24
|
vstdlib_s.exe 3a7af8198a80e2c90488ac8353a5cbd1 North Korea task schedule Downloader Malicious Library .NET framework(MSIL) ScreenShot PWS DNS KeyLogger Create Service Socket DGA Http API Escalate priviledges Steal credential Sniff Audio HTTP Code injection Internet API FTP P2P AntiDebug AntiVM PE File VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
7.8 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|