| 2146 |
2025-02-10 16:24
|
SysToolsvCardConverterSetup.ms... 5cbc7e749bc01170dacbdff68e128b38
MSOffice File CAB VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check ComputerName DNS |
|
1
108.181.20.39 - mailcious
|
|
|
4.8 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2147 |
2025-02-10 16:24
|
 cann.exe 4be8edd2f271ecc53882580be2e3ebee
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser |
15
http://www.fucwnq.info/8p8i/?qoKc=a5l09Qp7pmsEf5yEtumfCmA4FJVgofitYhzqP254uHRmdCJe0SpyQhm38Yzcw/+6dQGNFUTCvRXb4wQ7Y748Z1MnJQds33GHQKwPFv7Amruup7U6sDj2YIwaHo5Edb8bmBbyyTI=&yR=ndkzf3gLVCbpmz
http://www.caral.tokyo/kfme/
http://www.kjuw.party/g3xj/
http://www.boldision.website/b8eq/?qoKc=7qreF0g0yHNsuLEpIgmFDF0P7XiGJ68LmHVNrHwkTGJwi8NfRV+L+LhEs53NK3AfUFEY1ftAcCcukpd3JNcW3tIka6ByuqumFJ8wRbbsPZpUoeQDdNS0f8IqJSFmgKyEuWAryy8=&yR=ndkzf3gLVCbpmz
http://www.boldision.website/b8eq/
http://www.bellysweep.net/lpe2/?qoKc=RhVJGX3VZmae2RC4FIkpAE1HE+DPgQdHz3W6vlv0Ccn73ZE0fxGV0LjNUZTxlUpEAMNylNW9fZA+l0v/XDABfxLx+s5hMUYd3d0HcqGmB41+sDziknOopP5c4C5IcbKn17rsFi8=&yR=ndkzf3gLVCbpmz
http://www.gluconolmx.shop/iys0/
http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip
http://www.kjuw.party/g3xj/?qoKc=yzTCMKbIVqYb6b8IyghfHGOZzbQMHF7UvBh9Hut7g+oZLTYSt7eY8TwoXkohSYAGAyCDuiJelC0lIv6SYlovlQbueynCg59aEIx/oGSFfD4D1TjC9B6gWuSLGZO2+muYaEItlXc=&yR=ndkzf3gLVCbpmz
http://www.caral.tokyo/kfme/?qoKc=HwTMo50ydVuzQMtN8JDEpC8K/s71ZK5RHfRt2qeNlpKe5ZVnjscOL+fCDo3O+zY1iP1txwM/d+s2bu8J+S9L8x2ZEb3FDLALW42A67IsevToskMca8uHHJRWlUdFygGoDvtM+VA=&yR=ndkzf3gLVCbpmz
http://www.timeinsardinia.info/kwdu/
http://www.fucwnq.info/8p8i/
http://www.bellysweep.net/lpe2/
http://www.gluconolmx.shop/iys0/?qoKc=MCiAf83PE47TpUlQwZH20Vptto0FJmDRsPp81iy1ipl0xoB4AVaQcKFZKJ96H2l37Ibo7Hr6U2u3uhBbyIEHOhLZLmvHUMcDsf+HiIdiR/6iXv+if1fAh3x5pTf5XAwOW50YUus=&yR=ndkzf3gLVCbpmz
http://www.timeinsardinia.info/kwdu/?qoKc=n4q+6Qdz8o2Hnps38ZC+Mt8x7/Ivyk2kfVGRbeE6AIA5co0fwfjOCeEbo59UDreg0bfmZet6FZoo9iLfYT89x1JQ3P85dvt0HK1ARetpDlQKPgUO+iMwJLDirKhbZCj83kQCFe0=&yR=ndkzf3gLVCbpmz
|
15
www.kjuw.party(134.122.135.48)
www.timeinsardinia.info(104.21.90.239)
www.bellysweep.net(84.32.84.32)
www.caral.tokyo(199.59.243.228)
www.boldision.website(63.250.47.57)
www.fucwnq.info(47.83.1.90)
www.gluconolmx.shop(13.228.81.39)
134.122.133.80
199.59.243.228
84.32.84.32 - mailcious
47.83.1.90
104.21.90.239 - mailcious
63.250.47.57 - mailcious
45.33.6.223
13.228.81.39
|
|
|
7.2 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2148 |
2025-02-10 16:23
|
 WindowsServices.exe 746788dfe51900ef82589acdb5b5ea38
njRAT backdoor Generic Malware PE File .NET EXE PE32 ActiveXObject VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities WriteConsoleW human activity check Windows |
|
|
|
|
5.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2149 |
2025-02-10 16:22
|
 cann.exe 5917bf2e1fb602ed734ffae5e4a8dd27
PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows |
|
2
files.catbox.moe(108.181.20.39) - malware
108.181.20.39 - mailcious
|
2
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2150 |
2025-02-10 16:22
|
 1AWhJsY.exe f6fb7202ef80ed4d874eba628ba855b8
Malicious Library .NET framework(MSIL) ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself crashed |
|
|
|
|
7.4 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2151 |
2025-02-10 16:21
|
 bitcoin3000.exe 1e039f12c51a941bb072c73fe2def232
Emotet Gen1 Malicious Library UPX PE File PE64 CAB VirusTotal Malware AutoRuns PDB Checks debugger Creates executable files WriteConsoleW Windows RCE DNS |
|
1
|
|
|
4.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2152 |
2025-02-10 16:18
|
 Bjkm5hE.exe 0f2e0a4daa819b94536f513d8bb3bfe2
Vidar Themida UPX PE File PE32 VirusTotal Malware Telegram Malicious Traffic Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Tofsee Windows ComputerName DNS crashed |
1
https://steamcommunity.com/profiles/76561199824159981 - rule_id: 43856
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.76.74.15) - mailcious
104.75.33.105 - mailcious
149.154.167.99 - mailcious
95.217.25.45 - mailcious
|
3
ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://steamcommunity.com/profiles/76561199824159981
|
8.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2153 |
2025-02-10 16:16
|
https://si.ua.es/es/wifi/docum... f86c99412cf7e6c5c1ec4f68dfc30c99
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
|
3
si.ua.es(193.145.235.30)
193.145.235.30
152.199.39.108 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
3 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2154 |
2025-02-10 16:16
|
 z.exe a6b4918f763f99f90f595c201f50239f
Generic Malware Malicious Library Malicious Packer Downloader UPX PE File PE64 OS Processor Check Emotet VirusTotal Malware Buffer PE AutoRuns MachineGuid Code Injection buffers extracted Creates executable files unpack itself sandbox evasion Windows |
|
|
|
|
6.8 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2155 |
2025-02-10 16:15
|
 bin2.exe eeb081699fcfdc3e9b531990a0826587
Malicious Library Malicious Packer PE File PE32 MZP Format VirusTotal Malware MachineGuid Check memory Creates executable files unpack itself AppData folder ComputerName crashed |
|
1
|
|
|
4.4 |
M |
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2156 |
2025-02-10 16:15
|
 ServerX.exe 37e7cdd750ac364b0289287497294d10
Generic Malware UPX PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows |
|
|
|
|
6.0 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2157 |
2025-02-07 14:35
|
 giania.exe 18653ba7baa00d4eae7f02368a3b5bc2
Generic Malware Malicious Library UPX PE File PE32 DLL Browser Info Stealer VirusTotal Malware buffers extracted Creates executable files unpack itself AppData folder Browser DNS |
19
http://www.melengkung.xyz/epte/?7iLz=qZ0lqbLV9ndGFXrdtn0Z3SKcqi+r0nxBnVcReZUGJvXJFs/WjXvOz4srz5ZcVbbFlLU7YNXQmhJyi71gCAY8yoyV7MlHQhYtSsW1x4J8EPHD3xkSw4IkXajKABHjZDF+hZX9Y9E=&dQL=ERfY5WNK6VCL
http://www.travel-cure.sbs/zncw/?7iLz=6rPucfbE+4FkBCZ/C1DZqPGWQbVbwLGOEnooZk5smC2H/9chrAXXRKw1aX+tXHlN2Cx0I8Wr3ZhJ6KoQS/VdSAeiqJj3nZCt81kXeuKg7Nd2IqUE6ziB/SwV5eCpW1U4laD6Yi0=&dQL=ERfY5WNK6VCL
http://www.newanthoperso.shop/0le1/
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
http://www.melengkung.xyz/epte/
http://www.styling-fashion.shop/yi6p/
http://www.dynavision.website/qa02/
http://www.uarsg.xyz/0s8c/?7iLz=Wip+pBdTTS6Jq5vB6efzdjHo/HiX4iRfTkAXLY59j/vEaJ/+fGA54AuL7sVj7bUmz7N5YuZthPXbJXmVXPMkHUZPDhld5lekCBbu4qkvjM1uKdN2iLe3ycLSVtfRyW+xBTjvaug=&dQL=ERfY5WNK6VCL
http://www.aicycling.pro/qnps/
http://www.selcukselcuklu.xyz/xmaq/?7iLz=Nc0ahui9OuUyPWQ0wg6ddB7zfjvsIuhTYJo9+d9NbiMm9o6JrADtZGql50wZzqvTbZSQR4rd/x3lqdj1a5n74Ial39AJiquCe0FK2LNpOj8yctTDFAMGIGmIKHOmtdArY37nNnA=&dQL=ERfY5WNK6VCL
http://www.styling-fashion.shop/yi6p/?7iLz=qBhNOcMTBqfmCMUcEXvh6ShlA2gITQplXokF0NAH1+NfBcMLA0lsVYWoTIHRvU+tNy65wt0yoS+7gftlJR0RSKe0cjgKMjgDwzgQF+6JPMp+i7GST0tW3ld6oYxL3epGjqx0CYg=&dQL=ERfY5WNK6VCL
http://www.ddvids.xyz/uzuz/
http://www.aicycling.pro/qnps/?7iLz=MCJ7DzuZ6iBB0RpFWrXAftKdpydFD9ISqSO4molp0VMepsjMIELOoHRZsR0lMboGGH/TVbv+my/vFeh0fLJXgAiyE7rdadjQiRYlF8P2/Au9nMO1Bb3Zjyx3gjGvIOaKBdUtkaU=&dQL=ERfY5WNK6VCL
http://www.uarsg.xyz/0s8c/
http://www.newanthoperso.shop/0le1/?7iLz=Dx/MqlAFg1XKcbhdCtl9NXYZaNb/DbvfLlm0IsINePZ8H8nxVICNjyUJQ4fEfICAR8v0DHKlhm+FQ7oxeyJnu2RJ/Eus3rWWBRyl1PyqqKc4NuOn8OBQwZRW9f+OkAlRdJac7OQ=&dQL=ERfY5WNK6VCL
http://www.ddvids.xyz/uzuz/?7iLz=UshPKO0dNm98vEMhaNbSX2A+fJ/H21d4iWbSX/AQNqspcl+MVTRBgD3ji/S1tafiA6ZYZkh2ccHoP5V5YTirJ1qYPqv52BQNOT4EN3OvVYBIYMuLBq8bmJFPQgbmsIc9sUYEngo=&dQL=ERfY5WNK6VCL
http://www.dynavision.website/qa02/?7iLz=JNwepELy7R4E6v0RPRdvOzrYBpTx1Hv5CYoJNnmQ71pjv3Abx2q8jLvoMy2rVexceSAQngCbZ7inZxjKorg4dH8KYKEx8XpXgMreEMRLqBM2zUFWW4/GPGmnHzQ6OUfZxDxxnXM=&dQL=ERfY5WNK6VCL
http://www.travel-cure.sbs/zncw/
http://www.selcukselcuklu.xyz/xmaq/
|
20
www.styling-fashion.shop(130.185.109.77)
www.selcukselcuklu.xyz(85.159.66.93)
www.ddvids.xyz(76.223.54.146)
www.uarsg.xyz(103.42.144.142)
www.newanthoperso.shop(104.21.64.1)
www.dynavision.website(162.0.231.203)
www.travel-cure.sbs(199.59.243.160)
www.aicycling.pro(35.173.69.207)
www.melengkung.xyz(76.223.54.146)
45.33.6.223
103.117.135.13
85.159.66.93 - mailcious
35.173.69.207 - malware
199.59.243.160
76.223.54.146 - mailcious
130.185.109.77 - mailcious
91.108.241.156
13.248.169.48 - mailcious
162.0.231.203
104.21.64.1 - mailcious
|
|
|
6.0 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2158 |
2025-02-07 14:26
|
 ram.exe 72ec64d0bc0b31f8842c9b5d488c11e7
Emotet Generic Malware Malicious Library Malicious Packer ASPack UPX Admin Tool (Sysinternals etc ...) PE File PE64 CAB OS Processor Check DLL PE32 MZP Format VirusTotal Malware PDB Checks debugger Creates executable files unpack itself DNS crashed |
|
17
time.facebook.com(129.134.25.123)
ntp.nict.jp(133.243.238.164)
pool.ntp.org(121.174.142.81)
time.google.com(216.239.35.0)
time.apple.com(17.253.114.43)
ntp.time.in.ua(62.149.0.30)
ntp.time.nl(94.198.159.14)
x.ns.gin.ntt.net(129.250.35.250)
129.250.35.250
61.205.120.130
62.149.0.30
216.239.35.4
17.253.68.251
91.108.241.156
94.198.159.10
106.247.248.106
129.134.26.123
|
|
|
4.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2159 |
2025-02-07 14:23
|
 sas.exe f0328a0d719b2a80e950b562ca0d8f80
PE File PE64 VirusTotal Malware Check memory DNS |
|
1
|
|
|
2.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2160 |
2025-02-07 14:23
|
 code.exe 88ba5ea93cd4d63db0c02028808483d5
Formbook Generic Malware Malicious Library UPX PE File PE32 DLL Browser Info Stealer VirusTotal Malware buffers extracted Creates executable files unpack itself AppData folder Browser DNS |
23
http://www.laohuc58.net/q2xw/?Llh=86ngbchxwzH4i1X9t/6T/+Oi07pXbTio6Z6AqXex3cvjnWz71i6BmEbigKLnuir3o4hn/RqteaiiAlb4smyLAUyEx3YzLzbbvgN8NMjBPYT9mAET1dTBOG3s6KAnBEBCryIsKCY=&td=4M-32bF2uXv9
http://www.zltbd.top/1jgm/?Llh=eA6uj9mZZG+EKrxfswGApmXXI0p+YTaKp1gfdi5CfcM9nM+TLjgWcwBtgp/C7prMYA+QDtZzzV+0rSF+jYnqwmuWlATC+zwKaxmM0eLSIF6KRgpcsoHnjR3ICsIoHcDcBWoJljM=&td=4M-32bF2uXv9 - rule_id: 43767
http://www.lifesentials.life/ai0p/ - rule_id: 43769
http://www.031234103.xyz/dcuq/?Llh=7EIrk2a44qM8+P4T8JDW5BXJ9n28PXV7+/6L2NN5PDXBTTL/JZ98MmX8dmN4cg/v65DfsXcqsYvOJsm24QtwtT24Ily7fae4aXU265y/XHAb6zWkMeauie4snRNRUk0nTZ2JMB0=&td=4M-32bF2uXv9
http://www.dogebonus.xyz/0vny/
http://www.extremedoge.xyz/d8se/ - rule_id: 43765
http://www.extremedoge.xyz/d8se/?Llh=/SD9pFSzQOAsk6zpabHlU9ZXbxrg7PaZHGb2u7tA7jL8hbNivAh91rSnEmMQYiYm2xILAWc0h2mK7v85Eb/bwmkVaqdX4hXL1d46fAKlPCExW94pmuU+QNfSRFIryEKBz6Xtm2w=&td=4M-32bF2uXv9 - rule_id: 43765
http://www.dogebonus.xyz/0vny/?Llh=myEZ251pNFEUATDY+9yAk+s16G6gEHJ2TfH5Ex+eBmeHh8124vv24n+FuItehPX14VOi64VFrqeI2WDFhnLrQF1N78gHuIe9wI/OsVlX0IK+R23f3LJlJIi96OSfeEBtIW5OHg8=&td=4M-32bF2uXv9
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3260000.zip
http://www.lifesentials.life/ai0p/?Llh=rZDqlkYBI8Udwc1PV/KnJHNh6pEuqfnUU600R0dEHTi0g/oFcrH0VJPjKDcJsyDPkPK5dg/BoZxLcakNPxKVIp3FFoqOpAqATHzFTc0Kc7j4Hnf42/UwaR/YWWdcV10GGOZvjs0=&td=4M-32bF2uXv9 - rule_id: 43769
http://www.67051.app/fm7p/?Llh=fBQGVIP7Njvsfk9lzF9d/sdBluYbkOx9Vaqk3JyU25ETPeViuHfhuXRn/X/4l2r/aQcZiXoH+567skXIk+or+vUABT2ejmBxdOFfcD/7nc+/oBxuIH8atQY3BV9A3FWHsGb3cNA=&td=4M-32bF2uXv9 - rule_id: 43768
http://www.meacci.xyz/y3n2/ - rule_id: 43766
http://www.meacci.xyz/y3n2/?Llh=YYHifcw1ROMF/3Rui21dObVXjAOycMKtO4hXXvbRKVUVh0h/q4DM+aO7A1nlqnFctBzVAwzHmVAfM2sicI7T38fTXgwlOQpRgAWrULTRJOennTkobfA6A/gEUPp6kRoqEnphUcA=&td=4M-32bF2uXv9 - rule_id: 43766
http://www.laohuc58.net/q2xw/
http://www.shibbets.xyz/c3po/?Llh=/Wnh70q18r/I0Nchd4hywIFo9BzviYpX0j5Xn0WCxuGW1YNIN7yCv1GXQYyzHI9oVtbk0Qn7crHFX7iLWoKgAm1hHHflXN/4uvMxriDJeHGGOSWZuqMgFDJgNgOgFdkkkLhhx7k=&td=4M-32bF2uXv9
http://www.031234103.xyz/dcuq/
http://www.67051.app/fm7p/ - rule_id: 43768
http://www.shibbets.xyz/c3po/
http://www.zltbd.top/1jgm/ - rule_id: 43767
http://www.brothersharetender.xyz/zt2z/ - rule_id: 43764
http://www.brothersharetender.xyz/zt2z/?Llh=xrZBxJYgw8cIQMiqB7MJTIt56Y5x1dzsCIunmK+cvRjjBmIrzA2dl/VKD+8Ko7RwD9ZNT3MsvQ9uHPPRt337yY3SQq9c32vIKb0ZpnkUqAHAqojpvsCz/3SLl1qRQBpJo+hmuPc=&td=4M-32bF2uXv9 - rule_id: 43764
http://www.banjia0731.icu/7hg3/
http://www.banjia0731.icu/7hg3/?Llh=v5X+3+iEc/Uvt288LwqsYb5NJ0322hz3EXLj0Ccb66JVULuRjil5/VwtV230PPKy6CklN/m1lmp+ebN8FryGocLqxWElOtZH067PqeKPuYFK80ONFwqGcRNYKgFa/Hst8tVb9YA=&td=4M-32bF2uXv9
|
20
www.extremedoge.xyz(13.248.169.48) - mailcious
www.dogebonus.xyz(76.223.54.146)
www.031234103.xyz(144.76.229.203)
www.laohuc58.net(27.124.4.246)
www.banjia0731.icu(45.199.72.207)
www.meacci.xyz(76.223.54.146) - mailcious
www.zltbd.top(198.2.236.221) - mailcious
www.lifesentials.life(63.250.47.57) - mailcious
www.brothersharetender.xyz(13.248.169.48) - mailcious
www.67051.app(103.215.78.119) - mailcious
www.shibbets.xyz(13.248.169.48)
76.223.54.146 - mailcious
144.76.229.203
198.2.236.221 - mailcious
45.199.72.207
27.124.4.246
13.248.169.48 - mailcious
45.33.6.223
63.250.47.57 - mailcious
103.215.78.119 - mailcious
|
6
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET INFO Observed DNS Query to .life TLD
ET INFO DNS Query for Suspicious .icu Domain
ET INFO HTTP POST Request to Suspicious *.icu domain
ET INFO HTTP Request to Suspicious *.life Domain
|
12
http://www.zltbd.top/1jgm/
http://www.lifesentials.life/ai0p/
http://www.extremedoge.xyz/d8se/
http://www.extremedoge.xyz/d8se/
http://www.lifesentials.life/ai0p/
http://www.67051.app/fm7p/
http://www.meacci.xyz/y3n2/
http://www.meacci.xyz/y3n2/
http://www.67051.app/fm7p/
http://www.zltbd.top/1jgm/
http://www.brothersharetender.xyz/zt2z/
http://www.brothersharetender.xyz/zt2z/
|
6.6 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|