1951 |
2024-07-25 09:02
|
54gtxx.exe 1b1c6f48b7c91a48a0dcd736ed0c8d24 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1952 |
2024-07-25 09:01
|
lobo.exe 848abdbd09c052799a0e0180b59f6fee Generic Malware Malicious Library UPX Malicious Packer ScreenShot Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check PE64 .NET EXE DLL Malware download Email Client Info Stealer Malware Buffer PE AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios suspicious process AppData folder suspicious TLD WriteConsoleW anti-virtualization Tofsee Windows Email ComputerName DNS Cryptographic key crashed |
9
http://185.216.214.218/Population.exe - rule_id: 41325
http://185.196.10.57/selectex-file-host/linkedin.exe
http://185.196.10.57/selectex-file-host/Tgnviazinc.exe
http://185.196.10.57/selectex-file-host/acev.exe
https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5C9F
https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5F91
https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7
https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5D
https://solutionhub.cc/socket/?id=08CA843D0A15D2560E8FA7EE94E71AC9B38318DF02721EA26194DF153A2BEEA0&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=1CC68878051DC553418AD7&tsk=5F90
|
4
solutionhub.cc(172.67.128.126) - malware 185.196.10.57 - malware
185.216.214.218 - mailcious
172.67.128.126 - mailcious
|
8
ET MALWARE ZharkBot CnC Domain in DNS Lookup (solutionhub .cc) ET DNS Query for .cc TLD ET MALWARE Observed ZharkBot Domain (solutionhub .cc in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE ZharkBot User-Agent Observed ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
1
http://185.216.214.218/Population.exe
|
16.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1953 |
2024-07-25 09:00
|
judit1.exe c8cf26425a6ce325035e6da8dfb16c4e Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself |
|
|
|
|
3.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1954 |
2024-07-25 08:58
|
verygoodthingstobegreatadvance... 0244568fb48a51a72c3581e220328e90 MS_RTF_Obfuscation_Objects RTF File doc Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed |
1
http://198.46.174.139/42/winiti.exe
|
1
|
1
ET INFO Executable Download from dotted-quad Host
|
|
3.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1955 |
2024-07-25 08:57
|
judit1.exe c8cf26425a6ce325035e6da8dfb16c4e Gen1 Generic Malware Malicious Library UPX Malicious Packer Antivirus Anti_VM PE File PE64 DLL OS Processor Check ftp wget VirusTotal Malware Check memory Creates executable files unpack itself |
|
|
|
|
3.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1956 |
2024-07-25 08:55
|
OneDrive.exe f468ae483026819d6977e2a5e34ea52a Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files |
|
|
|
|
1.8 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1957 |
2024-07-25 08:54
|
Authenticator.exe 24c76871e844d80ed4b9622853ba3492 Malicious Library UPX PE File PE64 MZP Format OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
1.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1958 |
2024-07-25 08:51
|
csrss.exe f6bf8ada032d17192526ffebb48aed79 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader Malicious Library Malicious Packer Antivirus UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDe Remcos VirusTotal Malware Code Injection Check memory buffers extracted Remote Code Execution |
|
3
bossnacarpet.com(173.255.204.62) - mailcious vegetachcnc.com(173.255.204.62) 173.255.204.62
|
1
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
7.2 |
|
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1959 |
2024-07-25 08:51
|
winiti.exe a7d6f198863dada7ed361290544efc77 Malicious Library UPX PE File PE32 MZP Format VirusTotal Malware Checks debugger unpack itself Tofsee Interception crashed |
|
2
onedrive.live.com(13.107.139.11) - mailcious 13.107.139.11 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1960 |
2024-07-24 21:45
|
test.exe 0784da3d1a6ab997b2842fbf73b29688 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory |
|
|
|
|
1.2 |
|
2 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1961 |
2024-07-24 15:43
|
megreatwithyourlovertothinkabo... 29b3fc11ab9d647ec19d3e02364355b2 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed |
1
http://198.46.178.229/55433/winiti.exe
|
1
|
1
ET INFO Executable Download from dotted-quad Host
|
|
4.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1962 |
2024-07-24 15:41
|
wethkingwearereallyamazingtoge... 54092cf8f48bd4f9f31bdb16b2f6ee65 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed |
1
http://198.46.174.139/66077/winiti.exe
|
1
|
5
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1963 |
2024-07-24 15:39
|
hersomethingnewhaveforwintoget... a819430cdd5da2c289f594ceac0f0035 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
1
http://46.183.222.11/935/crosscheckupdationsonhere.gIF
|
1
46.183.222.11 - mailcious
|
|
|
4.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1964 |
2024-07-24 15:38
|
Purchase _Order_0000089.exe 9ce741958a80db120217ebad36bd9652 Malicious Library PE File PE64 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key crashed |
|
|
|
|
2.8 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1965 |
2024-07-24 15:30
|
scan0001.doc e96e2ed88e2f2fb80d02e7cd99a1420d Doc XML Downloader Generic Malware Malicious Library UPX Word 2007 file format(docx) ZIP Format PE File DLL PE32 .NET DLL OS Processor Check RTF File doc VirusTotal Malware Microsoft buffers extracted Creates executable files unpack itself AppData folder Tofsee DNS |
9
http://office-updatecentral.com/armorer/opposing/stratifies/ http://office-updatecentral.com/armorer/opposing http://office-updatecentral.com/armorer/opposing/stratifies/beachheads/canto http://office-updatecentral.com/armorer/opposing/ http://office-updatecentral.com/armorer/opposing/stratifies/beachheads/ http://office-updatecentral.com/armorer/opposing/stratifies/beachheads/exacerbating http://office-updatecentral.com/armorer/opposing/stratifies/beachheads http://office-updatecentral.com/armorer/opposing/stratifies/beachheads/knolls http://office-updatecentral.com/armorer/opposing/stratifies
|
2
office-updatecentral.com(94.141.120.137) 94.141.120.137
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 15 ET INFO TLS Handshake Failure ET USER_AGENTS Microsoft Office Existence Discovery User-Agent ET WEB_CLIENT DRIVEBY GENERIC ShellExecute in Hex No Seps
|
|
3.8 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|