| 1831 |
2024-07-29 17:06
|
 vnm2.txt.vbs 8b2d2b9a6d36abcb2b1b8a60f9898374
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://paste.ee/d/Cyxef/0
|
2
paste.ee(104.21.84.67) - mailcious
104.21.84.67 - malware
|
3
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1832 |
2024-07-29 17:06
|
 vnm.txt.vbs 44c6625fcc0a287d7d618359268c9abf
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://paste.ee/d/DIWK2/0
|
2
paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
|
3
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1833 |
2024-07-29 17:05
|
 vc55.txt.vbs caca97ae9511fcda7e89e9e70cdb8dc4
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://104.223.22.86:440/nn.jpg
|
|
|
|
5.2 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1834 |
2024-07-29 17:00
|
 respaldo.txt.exe 1568abb08de05c87e94ce4f639a05636
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
wwwwwwwwww.duckdns.org(152.201.163.76)
152.201.163.76
178.237.33.50
|
4
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET MALWARE Remcos 3.x Unencrypted Checkin
ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
3.8 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1835 |
2024-07-29 17:00
|
tgmes.ps1 11d77b86c5517ba4327f712c6f5853a7
Generic Malware Antivirus VirusTotal Malware powershell WMI unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName Cryptographic key |
1
http://secure.globalsign.com/cacert/codesigningrootr45.crt
|
2
secure.globalsign.com(151.101.194.133)
104.18.20.226
|
|
|
4.4 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1836 |
2024-07-29 17:00
|
 MonetarySummary.js 8af1b69d823c1b6cb3a9a3102e73bf3aVirusTotal Malware VBScript wscript.exe payload download Tofsee Dropper |
1
https://pastie.io/raw/yjuddx
|
2
pastie.io(172.67.162.195)
172.67.162.195
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1837 |
2024-07-29 16:55
|
 Tranx_not_receive_Ref_Ba092001... 117bc3a7fa3309e3f443ea02c267f1d4
Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection BitCoin Internet API persistenc Browser Info Stealer VirusTotal Malware VBScript AutoRuns Code Injection Checks debugger buffers extracted wscript.exe payload download Creates executable files exploit crash unpack itself malicious URLs installed browsers check Tofsee Windows Exploit Browser crashed Dropper |
1
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.pdf
|
2
ddfcbb9325637bcdeff.mxttbszhh1.free.hr(172.67.154.165) - mailcious
172.67.154.165 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1838 |
2024-07-29 16:51
|
 kiss.txt.vbs e18a46ead29fa590d71256bca05fac76
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://paste.ee/d/9gCcH/0
|
2
paste.ee(172.67.187.200) - mailcious
104.21.84.67 - malware
|
3
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1839 |
2024-07-29 16:51
|
 Monetary_Funding_Sheet_2024.js 71b47c3b941616d457f0edc4234a91a0VirusTotal Malware VBScript wscript.exe payload download Tofsee Dropper |
1
https://pastie.io/raw/yjuddx
|
2
pastie.io(172.67.162.195)
172.67.162.195
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1840 |
2024-07-29 16:51
|
 eaz.txt.vbs ee3604ddfe9c20f08d2bf9e3ec7c7ac5
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://paste.ee/d/80ee0/0
|
2
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
|
3
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)
|
|
8.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1841 |
2024-07-29 16:45
|
 Transaction_File_9812009_End_I... 117bc3a7fa3309e3f443ea02c267f1d4
ZIP Format VirusTotal Malware VBScript AutoRuns suspicious privilege buffers extracted wscript.exe payload download Creates shortcut Creates executable files Windows utilities sandbox evasion installed browsers check Tofsee Windows Browser ComputerName Dropper |
7
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/279_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.pdf
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.js
|
2
ddfcbb9325637bcdeff.mxttbszhh1.free.hr(104.21.5.141) - mailcious
172.67.154.165 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1842 |
2024-07-29 16:44
|
 YesBnk_Transaction_File_981200... 117bc3a7fa3309e3f443ea02c267f1d4VirusTotal Malware VBScript AutoRuns suspicious privilege buffers extracted wscript.exe payload download Creates shortcut Creates executable files unpack itself Windows utilities sandbox evasion installed browsers check Tofsee Windows Browser ComputerName Dropper |
2
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.pdf
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.js
|
2
ddfcbb9325637bcdeff.mxttbszhh1.free.hr(104.21.5.141) - mailcious
172.67.154.165 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1843 |
2024-07-29 14:06
|
 server.exe 2de7d28d6a79983ee82356f91fb0859c
Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger buffers extracted Creates executable files unpack itself |
|
|
|
|
2.8 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1844 |
2024-07-29 14:04
|
 file.exe 987780c119053443d858af831068bb47
Generic Malware ASPack UPX Antivirus PE File ftp PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key |
2
http://uamgayumeqmwemas.xyz:1775/avast_update
http://uamgayumeqmwemas.xyz:1775/api/client_hello
|
10
ugmkmoigiimgmaaw.xyz()
iqowocguasswcmca.xyz() - mailcious
scqekwyoswaguuyo.xyz(188.40.187.174)
skssoeqouussusyi.xyz(15.197.192.55)
kmiigggyqiwkeeci.xyz()
kgeyscaqeacwaccu.xyz()
uamgayumeqmwemas.xyz(185.172.129.25) - mailcious
15.197.192.55
188.40.187.174
185.172.129.25 - mailcious
|
2
ET HUNTING EXE Base64 Encoded potential malware
ET SHELLCODE Common 0a0a0a0a Heap Spray String
|
|
8.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1845 |
2024-07-29 13:53
|
 gate3.exe 1cbf0540443b57f70f8f09dfb0386d94
Generic Malware VMProtect Anti_VM PE File PE64 VirusTotal Malware Disables Windows Security Windows Remote Code Execution DNS crashed |
|
6
193.42.32.118 - mailcious
142.250.196.238
94.142.138.131 - mailcious
94.142.138.113 - mailcious
208.67.104.60 - mailcious
142.250.71.225
|
|
|
6.2 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|