| 22411 |
2022-12-10 15:15
|
 vbc.exe 4c974d9519a2bfe890a2fd763224d1e7
Malicious Library UPX PE32 PE File OS Processor Check FormBook Malware download VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder Windows |
10
http://www.carooathome.com/dwdp/?GzuX=MAADYRIEe2aG1T7dNFa2K0171HicbyJlj+TceWEp1ZcLdyKm8xMKOoMvtsis6rN6D7P+pp43h+IoZQ65itX69WNF2x0PlUoXeYvN1tA=&AnB=P2Mxwr280
http://www.a8-group.com/dwdp/?GzuX=DSbK0Z5FDwQug92xry8wcMqtrV4BKsmWbm0zJjXp1SGH3e562FU2UfFNuwZolaOM38PBSXODgljLa+mxRSNVdqJfXoFnGNZljj7PMck=&AnB=P2Mxwr280
http://www.t4yfrance.com/dwdp/
http://www.booth-desin.com/dwdp/
http://www.inhomeyoga.com/dwdp/?GzuX=as8dBOCYMIlGkdFtveaHkIN9icAD8qernbVKNux/Lg6XWSTTcIv/7gG9EmYy/XWhX8OCt4YHZcx2d0FAJJzy1lZKXvNPLZyNssyv4Wg=&AnB=P2Mxwr280
http://www.carooathome.com/dwdp/
http://www.t4yfrance.com/dwdp/?GzuX=NWgjuoil9S/+22DuMtX3m1ZcaTnsfGvnsPD5fu3f3YQDroVAltOsnoot1AKDJLceSAVLQMw6Q/jv3hlsLZQqG3FtNHHM4A9pE7ZB8KI=&AnB=P2Mxwr280
http://www.a8-group.com/dwdp/
http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip
http://www.booth-desin.com/dwdp/?GzuX=QJQfeD7qWFgXxf9G0GjGAB7Km6u3jhMOuXezCT15m1Ba5XbDZiImLpY26pO9KiCGiN+FeUHjnNrUC0BbJzH8YiEpQzdZCNRDn1WeXeI=&AnB=P2Mxwr280
|
14
www.a8-group.com(194.58.112.174)
www.inhomeyoga.com(195.110.124.133)
www.fedefarmatour.online(81.88.48.71) - mailcious
www.t4yfrance.com(50.87.143.200)
www.sqlite.org(45.33.6.223)
www.booth-desin.com(38.26.187.59)
www.carooathome.com(172.67.220.110)
38.26.187.59
81.88.48.71 - mailcious
104.21.70.54
195.110.124.133 - mailcious
194.58.112.174 - mailcious
45.33.6.223
50.87.143.200
|
2
ET MALWARE FormBook CnC Checkin (POST) M2
ET MALWARE FormBook CnC Checkin (GET)
|
|
5.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22412 |
2022-12-10 15:14
|
 syncfiles.dll 0d079a931e42f554016db36476e55ba7
Malicious Library UPX PE32 DLL PE File VirusTotal Malware Checks debugger unpack itself DNS crashed |
|
1
|
|
|
3.0 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22413 |
2022-12-10 15:12
|
 cred64.dll e113dcc5c601be8b2601aa83d5a8ebaa
PWS Loki[b] Loki.m Malicious Library PE32 DLL PE File FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email RCE DNS Software crashed |
2
http://62.204.41.158/b7ck3X/index.php - rule_id: 25074
http://62.204.41.158/b7ck3X/index.php
|
2
62.204.41.158
45.159.188.118 - mailcious
|
1
ET DROP Dshield Block Listed Source group 1
|
1
http://62.204.41.158/b7ck3X/index.php
|
6.0 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22414 |
2022-12-10 15:09
|
 new_2.exe 0c653d72ba0cc516ac9957f77f80391e
Malicious Library PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22415 |
2022-12-10 15:08
|
 cred64.dll 2b62e02b3581980ee5a1dda42fa4f3fe
Malicious Library PE32 DLL PE File FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger RWX flags setting unpack itself Email DNS Software crashed |
1
http://85.209.135.109/jg94cVd30f/index.php - rule_id: 25064
|
1
85.209.135.109 - mailcious
|
|
1
http://85.209.135.109/jg94cVd30f/index.php
|
6.2 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22416 |
2022-12-10 15:07
|
 Emit64.exe 7a5155b804e592d83f8319cbdb27e164
Malicious Library PE File PE64 VirusTotal Malware |
|
|
|
|
1.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22417 |
2022-12-10 15:05
|
 umciavi32.exe 19d3006a093ae7f7dddd0f0fb812bbc3
Malicious Library Malicious Packer PE File PE64 |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22418 |
2022-12-10 15:05
|
 avicapn32.exe 0f6ef96c5e687631ef27f1dcd1afe7b4
Malicious Library Malicious Packer UPX PE32 PE File VirusTotal Malware Malicious Traffic RWX flags setting unpack itself DNS crashed |
2
http://45.159.188.118/bot/online?guid=test22-PC\test22&key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34 - rule_id: 24799
http://45.159.188.118/bot/regex?key=afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34 - rule_id: 24798
|
1
45.159.188.118 - mailcious
|
1
ET USER_AGENTS Go HTTP Client User-Agent
|
2
http://45.159.188.118/bot/online
http://45.159.188.118/bot/regex
|
4.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22419 |
2022-12-10 15:03
|
 File.exe 45dab627ec085226117ee481dc240b01
Malicious Library PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22420 |
2022-12-10 15:03
|
 Moy.exe ecfed14bb2f56b0b2f6a21c43a007aec
RAT PWS .NET framework Loki[b] Loki.m Malicious Library Malicious Packer UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 OS Processor Check PE File .NET EXE DLL JPEG Format Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW installed browsers check Interception Windows Browser Email ComputerName RCE DNS Cryptographic key Software crashed |
6
http://62.204.41.158/b7ck3X/index.php?scr=1
http://62.204.41.158/b7ck3X/index.php
http://31.41.244.253/new/linda5.exe - rule_id: 25020
http://31.41.244.253/ano/anon.exe
http://31.41.244.253/lodo/mine.exe
http://62.204.41.158/b7ck3X/Plugins/cred64.dll
|
4
185.106.92.214 - mailcious
31.41.244.253 - malware
31.41.244.186
62.204.41.158
|
7
ET DROP Dshield Block Listed Source group 1
ET MALWARE Amadey CnC Check-In
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Dotted Quad Host DLL Request
|
1
http://31.41.244.253/new/linda5.exe
|
16.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22421 |
2022-12-10 14:59
|
 soso.exe e17b0be6e0c42a0c39c5da63523af8d8
Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
4
http://www.coffeeforyou56.com/wh23/?u6Ad=+Z/9GnRooy4uMI/2ytyzBxmfIRzkEihmLnUbG9gon5BvVZqaawbrlsvFopSkMy8/ynATbtGm&9rQl7P=xPJtLXbP - rule_id: 23557
http://www.floridaindianrivergeoves.com/wh23/?u6Ad=HQs9sY6MfmjvG4BCT+S8X4weKQ3jHGmqz4mij5NJ3M2nb+7m/H8tNbVgpdoIwpufVMaXPBq3&9rQl7P=xPJtLXbP - rule_id: 23555
http://www.suratdimond.com/wh23/?u6Ad=jUJ7bRHoxkHA5rahzGpJGSe+g9rlOc6E7RlDBgSrRJk0jchNThhp3wI7m3+F7bQyA0QFLd33&9rQl7P=xPJtLXbP - rule_id: 23277
http://www.lesyeuxdanslespoches.com/wh23/?u6Ad=2UBdbPyJ3BJ1PizOWtFy1nFuYMz29j0z90R/CygIgf7oXdu1OYqDC0mFcr3+ZljEfmCRWGcD&9rQl7P=xPJtLXbP
|
8
www.coffeeforyou56.com(104.21.69.166) - mailcious
www.suratdimond.com(163.197.224.28) - mailcious
www.lesyeuxdanslespoches.com(199.15.163.148)
www.floridaindianrivergeoves.com(185.53.179.174) - mailcious
163.197.224.28 - mailcious
199.15.163.128 - mailcious
104.21.69.166
185.53.179.174 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
3
http://www.coffeeforyou56.com/wh23/
http://www.floridaindianrivergeoves.com/wh23/
http://www.suratdimond.com/wh23/
|
3.8 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22422 |
2022-12-10 14:57
|
svcrun.exe fe99d84663aac2ced931d6f608103362
UPX .NET EXE PE File PE64 VirusTotal Malware unpack itself Windows RCE crashed |
|
|
|
|
2.6 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22423 |
2022-12-10 14:56
|
 hd1.exe 1f86a2100f277a00334aebe88e7f8718
Malicious Library PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22424 |
2022-12-10 14:55
|
 dll.exe 7eda71eafddb7d81e610d8744d4add24
Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware Buffer PE PDB Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder sandbox evasion WriteConsoleW Windows ComputerName |
|
1
tvkqei7ejowocyrblfy6r7pgnyi.80lgn773spunnvewtq4t1m1uk64w()
|
|
|
4.6 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22425 |
2022-12-10 14:54
|
 nppshell32.exe 2584569678635504f1194c08ad1e545c
UPX PE32 OS Processor Check PE File VirusTotal Malware PDB |
|
|
|
|
1.4 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|