1831 |
2024-07-29 17:06
|
vnm2.txt.vbs 8b2d2b9a6d36abcb2b1b8a60f9898374 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://paste.ee/d/Cyxef/0
|
2
paste.ee(104.21.84.67) - mailcious 104.21.84.67 - malware
|
3
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee) ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1832 |
2024-07-29 17:06
|
vnm.txt.vbs 44c6625fcc0a287d7d618359268c9abf Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://paste.ee/d/DIWK2/0
|
2
paste.ee(104.21.84.67) - mailcious 172.67.187.200 - mailcious
|
3
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee) ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1833 |
2024-07-29 17:05
|
vc55.txt.vbs caca97ae9511fcda7e89e9e70cdb8dc4 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://104.223.22.86:440/nn.jpg
|
|
|
|
5.2 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1834 |
2024-07-29 17:00
|
respaldo.txt.exe 1568abb08de05c87e94ce4f639a05636 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) wwwwwwwwww.duckdns.org(152.201.163.76) 152.201.163.76 178.237.33.50
|
4
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET MALWARE Remcos 3.x Unencrypted Checkin ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
3.8 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1835 |
2024-07-29 17:00
|
tgmes.ps1 11d77b86c5517ba4327f712c6f5853a7 Generic Malware Antivirus VirusTotal Malware powershell WMI unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName Cryptographic key |
1
http://secure.globalsign.com/cacert/codesigningrootr45.crt
|
2
secure.globalsign.com(151.101.194.133) 104.18.20.226
|
|
|
4.4 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1836 |
2024-07-29 17:00
|
MonetarySummary.js 8af1b69d823c1b6cb3a9a3102e73bf3aVirusTotal Malware VBScript wscript.exe payload download Tofsee Dropper |
1
https://pastie.io/raw/yjuddx
|
2
pastie.io(172.67.162.195) 172.67.162.195
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1837 |
2024-07-29 16:55
|
Tranx_not_receive_Ref_Ba092001... 117bc3a7fa3309e3f443ea02c267f1d4 Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection BitCoin Internet API persistenc Browser Info Stealer VirusTotal Malware VBScript AutoRuns Code Injection Checks debugger buffers extracted wscript.exe payload download Creates executable files exploit crash unpack itself malicious URLs installed browsers check Tofsee Windows Exploit Browser crashed Dropper |
1
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.pdf
|
2
ddfcbb9325637bcdeff.mxttbszhh1.free.hr(172.67.154.165) - mailcious 172.67.154.165 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
21 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1838 |
2024-07-29 16:51
|
kiss.txt.vbs e18a46ead29fa590d71256bca05fac76 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://paste.ee/d/9gCcH/0
|
2
paste.ee(172.67.187.200) - mailcious 104.21.84.67 - malware
|
3
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee) ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1839 |
2024-07-29 16:51
|
Monetary_Funding_Sheet_2024.js 71b47c3b941616d457f0edc4234a91a0VirusTotal Malware VBScript wscript.exe payload download Tofsee Dropper |
1
https://pastie.io/raw/yjuddx
|
2
pastie.io(172.67.162.195) 172.67.162.195
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
10.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1840 |
2024-07-29 16:51
|
eaz.txt.vbs ee3604ddfe9c20f08d2bf9e3ec7c7ac5 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://paste.ee/d/80ee0/0
|
2
paste.ee(172.67.187.200) - mailcious 172.67.187.200 - mailcious
|
3
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)
|
|
8.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1841 |
2024-07-29 16:45
|
Transaction_File_9812009_End_I... 117bc3a7fa3309e3f443ea02c267f1d4 ZIP Format VirusTotal Malware VBScript AutoRuns suspicious privilege buffers extracted wscript.exe payload download Creates shortcut Creates executable files Windows utilities sandbox evasion installed browsers check Tofsee Windows Browser ComputerName Dropper |
7
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/279_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.pdf
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.js
|
2
ddfcbb9325637bcdeff.mxttbszhh1.free.hr(104.21.5.141) - mailcious 172.67.154.165 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1842 |
2024-07-29 16:44
|
YesBnk_Transaction_File_981200... 117bc3a7fa3309e3f443ea02c267f1d4VirusTotal Malware VBScript AutoRuns suspicious privilege buffers extracted wscript.exe payload download Creates shortcut Creates executable files unpack itself Windows utilities sandbox evasion installed browsers check Tofsee Windows Browser ComputerName Dropper |
2
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.pdf
https://ddfcbb9325637bcdeff.mxttbszhh1.free.hr/oauth/pdf/Monetary_Funding_Sheet_2024.js
|
2
ddfcbb9325637bcdeff.mxttbszhh1.free.hr(104.21.5.141) - mailcious 172.67.154.165 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1843 |
2024-07-29 14:06
|
server.exe 2de7d28d6a79983ee82356f91fb0859c Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger buffers extracted Creates executable files unpack itself |
|
|
|
|
2.8 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1844 |
2024-07-29 14:04
|
file.exe 987780c119053443d858af831068bb47 Generic Malware ASPack UPX Antivirus PE File ftp PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote suspicious process AppData folder Windows ComputerName Cryptographic key |
2
http://uamgayumeqmwemas.xyz:1775/avast_update http://uamgayumeqmwemas.xyz:1775/api/client_hello
|
10
ugmkmoigiimgmaaw.xyz() iqowocguasswcmca.xyz() - mailcious scqekwyoswaguuyo.xyz(188.40.187.174) skssoeqouussusyi.xyz(15.197.192.55) kmiigggyqiwkeeci.xyz() kgeyscaqeacwaccu.xyz() uamgayumeqmwemas.xyz(185.172.129.25) - mailcious 15.197.192.55 188.40.187.174 185.172.129.25 - mailcious
|
2
ET HUNTING EXE Base64 Encoded potential malware ET SHELLCODE Common 0a0a0a0a Heap Spray String
|
|
8.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1845 |
2024-07-29 13:53
|
gate3.exe 1cbf0540443b57f70f8f09dfb0386d94 Generic Malware VMProtect Anti_VM PE File PE64 VirusTotal Malware Disables Windows Security Windows Remote Code Execution DNS crashed |
|
6
193.42.32.118 - mailcious 142.250.196.238 94.142.138.131 - mailcious 94.142.138.113 - mailcious 208.67.104.60 - mailcious 142.250.71.225
|
|
|
6.2 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|