| 151 |
2024-09-13 09:36
|
 account.aspx e73d75e539b7e9acf48683fc6b2cb4ab
Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Checks debugger unpack itself Tofsee crashed |
|
2
motorans.com(193.109.85.43) - malware
193.109.85.43 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
1.6 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 152 |
2024-09-13 09:35
|
 66e2cce3eae78_Pink_0x000872A65... 00465490b449aa57d0e1ac7cba51af72
Generic Malware Malicious Library UPX PE File PE64 OS Processor Check crashed |
|
|
|
|
0.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 153 |
2024-09-13 09:34
|
 Graphic.bat c64838099d6a9eeffb87c15a15c96892
Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
4.6 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 154 |
2024-09-13 09:33
|
 1.exe 95bb292a795c5c517e405f698fbd3fed
Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 DLL Malware download VirusTotal Malware Malicious Traffic AppData folder suspicious TLD CryptBot DNS |
1
http://tventyvd20ht.top/v1/upload.php
|
2
tventyvd20ht.top(194.87.248.136)
194.87.248.136 - mailcious
|
3
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4
ET INFO HTTP Request to a *.top domain
|
|
3.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 155 |
2024-09-13 09:33
|
 useraccount.aspx 5fb15984b6312b2de010679b77c2e3b4
Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 156 |
2024-09-13 09:33
|
 66e316a0373e2_crypted.exe#1 11506bb939332f58920d0a3c8ad1c5c2
RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
185.203.241.68 - mailcious
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
14.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 157 |
2024-09-13 09:33
|
 frownked2.1.exe ab7caff90a8347576988a104a322a916
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS |
18
http://www.trapkitten.website/vzgx/?Jht=fAt7pIVPpGXAvBzfbofxH6KLA/SKUI8tR0TDZSipM2iZbUNyxYUxThLLESsgo4hlkDzs7nheSjoc1Sj/m3Gn3caq3+Ik36hEeLqFX7XS2ZCHg+ZK2jYSb1UZmcKhE1PtLCklngg=&fl=WtGo
http://www.dfmagazine.shop/wc8m/
http://www.kevin-torkelson.info/gekb/?Jht=5z2j4JvjBCmnxDGmXhsNUCzyBEeNU+efumCOi9/ZiiqSem4bSPmiC7+SQGIeXbOACmsQlkv/nReqN9BPj1atBFP4iljpjZG37OmieLn9iAg49nsR4NFlAX0ACoZEb3mOX8X6rtg=&fl=WtGo
http://www.disn-china.buzz/za6x/
http://www.qwefs.org/toq1/
http://www.disn-china.buzz/za6x/?Jht=EgAkyEJNK52+6mt3E5/kJbXdEzdYowDWwvgRo5oIQtO9ZSuXgOHTA+BJ7wLJ2gaYF8C47CtaBGKeFv/a+P8O0H1n59GM1zMsYaWK1AmiqPY5ZahcO8GJtNWa29lHrhEg3yNDlxM=&fl=WtGo
http://www.pmjjewels.online/risb/
http://www.sqlite.org/2016/sqlite-dll-win32-x86-3120000.zip
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip
http://www.mandemj.top/to69/?Jht=jnxbIh9toY3Lk087C6fRSAIIDhtmtOIIZy5Q1YpSMvmzprTTtz9chlCe8JLifgChZqJUy3cTTTxPfarkAUDrW4VnhfiXjSai62R1N2pl8mrhOBQxiL5e+vemTWR4j4PbfMHKe5c=&fl=WtGo
http://www.trapkitten.website/vzgx/
http://www.kevin-torkelson.info/gekb/
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip
http://www.mandemj.top/to69/
http://www.qwefs.org/toq1/?Jht=uFBHOFjbtFvxqkcdxVd4tJdULw7QnIRXIDe+8RHTfxNdoahKRW8U0UCbhdOPwbKTgOK/uYLPOnJNTHSrlEGfXzyIhJOeIq51xyFm40Ibheoc9HKPcTfbc4gFNH+mWXon7XUk+C8=&fl=WtGo
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip
http://www.dfmagazine.shop/wc8m/?Jht=LNw/HBPP4tr5bvxRqEHHjPwHzHq/oSZ3YB7NlE9rWxPCxu7fGi7WVymEaD0ez69xv6ZMfJiRCRJpj/kbYTwl2Jp3vmj/K6IWSBhtVJ2AAHCG128jD1oExGyyLZzj9OMbCV/AQw0=&fl=WtGo
http://www.pmjjewels.online/risb/?Jht=eaaelBCTiJBUEmuLZOnRpNwStkEgMLy/XK1YEbKYGwCJmco23DW+jwYfw/wGti4g6zAdqT8YjPqv8SPTYnHAaF9kOPWwjHlUiv4xVtfBSx2ls1nJs2JEa5QE0YkRP5wLYmM3P0s=&fl=WtGo
|
16
www.pmjjewels.online(199.59.243.226)
www.trapkitten.website()
www.mandemj.top(162.0.238.43)
www.disn-china.buzz(161.97.168.245)
www.dfmagazine.shop(84.32.84.32)
www.qwefs.org(45.114.171.236)
www.mktimediato.online()
www.kevin-torkelson.info(208.91.197.27)
199.59.243.226 - phishing
84.32.84.32 - mailcious
208.91.197.27 - mailcious
161.97.168.245
45.114.171.236
45.33.6.223
162.0.238.43 - mailcious
195.161.68.8 - mailcious
|
3
ET INFO HTTP Request to a *.buzz domain
ET INFO HTTP Request to a *.top domain
ET DNS Query to a *.top domain - Likely Hostile
|
|
7.6 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 158 |
2024-09-13 09:31
|
seennewthingsentireworldseethe... e586cee8737a0875953be251a6b08be7
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
2
ia601706.us.archive.org(207.241.227.96) - malware
207.241.227.96 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 159 |
2024-09-13 09:29
|
greennicepicturegetmebackwithy... fa071ef25a60e1eaea926347f324dd13
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
2
ia601706.us.archive.org(207.241.227.96) - malware
207.241.227.96 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 160 |
2024-09-13 09:28
|
 66e30a27e0efe_tmpD.exe af91873c641aab500eba3a3ad6f17b74
Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Creates executable files RWX flags setting Windows utilities suspicious process Tofsee Windows Remote Code Execution |
1
https://wlnrar.shop/json.php
|
2
wlnrar.shop(172.67.177.42)
104.21.80.99
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 161 |
2024-09-13 09:27
|
 setup3.exe 2ff26b3561bd1921720cc328a0199d4c
Malicious Library UPX PE File PE32 OS Processor Check unpack itself |
|
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 162 |
2024-09-13 09:27
|
beautifuldaysbeautyofthedayher... 68862cb17d442aee2608c7216f929e37
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
2
ia601706.us.archive.org(207.241.227.96) - malware
207.241.227.96 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 163 |
2024-09-13 09:26
|
 useraccount.aspx 9b73c82d8f0e6cae3bce7b2fc98b3383
Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Checks debugger unpack itself Tofsee crashed |
|
4
seburage.com(194.67.193.73)
banydox.com(194.67.193.74)
194.67.193.74
194.67.193.73
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
2.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 164 |
2024-09-13 09:26
|
gooddaycomingwithgoodthingsent... 4dada1c43d8218485ddb6a4ae1fd8fa1
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://107.172.148.248/82/pictureonmewithgreatthingsonhere.tIF
|
3
ia600100.us.archive.org(207.241.227.240)
107.172.148.248
207.241.227.240
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 165 |
2024-09-13 09:24
|
 vstdlib_s.exe 3a7af8198a80e2c90488ac8353a5cbd1
North Korea task schedule Downloader Malicious Library .NET framework(MSIL) ScreenShot PWS DNS KeyLogger Create Service Socket DGA Http API Escalate priviledges Steal credential Sniff Audio HTTP Code injection Internet API FTP P2P AntiDebug AntiVM PE File VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
7.8 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|