| 22591 |
2022-12-05 17:10
|
 asdasdsa.exe 066725f0d958d14460e6c658abd81666
Generic Malware Antivirus PE32 .NET EXE PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName DNS Cryptographic key Downloader |
1
https://cdn.discordapp.com/attachments/1042477417668808785/1042477608803242024/dlpcdildom.exe
|
2
cdn.discordapp.com(162.159.130.233)
45.159.189.115 -
|
|
|
10.0 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22592 |
2022-12-05 17:10
|
 hjasgfhjasgdas.exe 378deda0d1313deba917adfc74173962
Generic Malware Antivirus PE32 .NET EXE PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader |
1
https://cdn.discordapp.com/attachments/1042477417668808785/1042477506483195964/pllmmdiipm.exe
|
2
cdn.discordapp.com(162.159.133.233) -
162.159.133.233 -
|
3
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
|
|
10.0 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22593 |
2022-12-05 17:08
|
 rtyrryr.exe f853ede612b21de687500cd9892c37ad
Generic Malware Antivirus PE32 .NET EXE PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader |
1
https://cdn.discordapp.com/attachments/1042477417668808785/1042477554847719444/SecurityHealthService.exe
|
2
cdn.discordapp.com(162.159.133.233) -
162.159.135.233 -
|
3
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
|
|
10.0 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22594 |
2022-12-05 17:08
|
 ewtewrewrwe.exe a587de0abd290c0cca50352cd98c3f2d
Generic Malware Antivirus PE32 .NET EXE PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader |
1
https://cdn.discordapp.com/attachments/1042477417668808785/1042477519888199730/CR.exe
|
2
cdn.discordapp.com(162.159.130.233) -
162.159.135.233 -
|
3
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22595 |
2022-12-05 17:07
|
 ccc.exe 3f8fd73111b5a34fea68b5248fba52ea
NPKI Malicious Library Malicious Packer UPX PE32 PE File VirusTotal Malware AutoRuns Creates executable files Windows utilities suspicious process AppData folder Windows ComputerName |
4
http://clipper.guru/bot/regex?key=d3bce09c5961a898f079f77978bcaecea30c9172b520f467e4faa82cf9ab7ef4 - rule_id: 23132
http://clipper.guru/bot/regex?key=d3bce09c5961a898f079f77978bcaecea30c9172b520f467e4faa82cf9ab7ef4
http://clipper.guru/bot/online?guid=test22-PC\test22&key=d3bce09c5961a898f079f77978bcaecea30c9172b520f467e4faa82cf9ab7ef4 - rule_id: 23131
http://clipper.guru/bot/online?guid=test22-PC\test22&key=d3bce09c5961a898f079f77978bcaecea30c9172b520f467e4faa82cf9ab7ef4
|
2
clipper.guru(45.159.189.115) -
45.159.189.115 -
|
1
ET USER_AGENTS Go HTTP Client User-Agent
|
2
http://clipper.guru/bot/regex
http://clipper.guru/bot/online
|
6.2 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22596 |
2022-12-05 17:07
|
 vbc.exe c2b83e9986717633910e995173e50063
PWS .NET framework UPX AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
2
http://www.theplantgranny.net/dv22/?FFQL=eYdgt7I7vhFKcy7r5qfDCH2+TYsM6wqkdqwrIsTBKIeZJgk/012iFxiRM98z/2Lbn/fB5hWY&Rb=VtxXE
http://www.longpostaltubes.co.uk/dv22/?FFQL=QehU5v/fQhEMx9PnYXmuGQy2yulTqSF4FEw+gzdq1rqRDbor2eELTz6NcN54kNr6vv9fe2xg&Rb=VtxXE
|
4
www.longpostaltubes.co.uk(45.8.225.141) -
www.theplantgranny.net(192.185.60.72) -
192.185.60.72 -
45.8.225.141 -
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.0 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22597 |
2022-12-05 17:03
|
 f429fjd4uf84u.sdfh 8cd1ea50f8f4c45055400e70da52b326
Gen2 Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware |
|
|
|
|
2.0 |
|
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22598 |
2022-12-05 17:02
|
 ofg7d45fsdfgg312.sfhg 33dad992607d0ffd44d2c81fe67f8fb1
Ave Maria WARZONE RAT Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware AutoRuns Windows utilities suspicious process WriteConsoleW Windows ComputerName |
|
|
|
|
3.0 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22599 |
2022-12-05 15:38
|
Vbs_Startup_LNK30.vbs 301fed92d48e2477e6bb070b6854e853
Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://4.204.233.44/Dll/Dll.ppam
|
1
|
2
ET MALWARE Powershell commands sent B64 2
ET HUNTING EXE Base64 Encoded potential malware
|
|
10.0 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22600 |
2022-12-05 15:38
|
2dode8002.vbs 9792c84f24e1492cc4d179523fdfcb9d
Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://4.204.233.44/Dll/Dll.ppam
|
1
|
2
ET MALWARE Powershell commands sent B64 2
ET HUNTING EXE Base64 Encoded potential malware
|
|
10.0 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22601 |
2022-12-05 15:10
|
 IPCommandExamples.pdf 221c99afe2a8d4e19007fcf70f14af85
PDF Suspicious Link PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22602 |
2022-12-05 09:55
|
 KDSIE.exe 0de080bdd3889d099ced53db9d587ca3
RAT UPX Create Service Socket ScreenShot DNS Escalate priviledges AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Check virtual network interfaces sandbox evasion Tofsee Ransomware Stealer Windows Browser ComputerName DNS Cryptographic key Software |
1
|
3
www.google.com(172.217.161.228)
172.217.27.4
194.190.152.92
|
7
ET MALWARE Win32/Unknown Stealer Command (geoblock) (Outbound)
ET MALWARE Win32/Unknown Stealer Command (filegrab) (Outbound)
ET MALWARE Win32/Unknown Stealer Command (loader) (Outbound)
ET MALWARE Win32/Unknown Stealer Command (domaindetect) (Outbound)
ET MALWARE Win32/Unknown Stealer CnC Log Exfil
SURICATA Applayer Protocol detection skipped
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
18.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22603 |
2022-12-05 09:53
|
 svchost.exe b8d23f55d8924b617a57035db1cd3eb0
PWS[m] Downloader Malicious Library UPX Create Service DGA Socket ScreenShot DNS Internet API Code injection Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM PE32 PE File VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory WMI Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName DNS |
|
1
|
|
|
7.2 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22604 |
2022-12-05 09:53
|
 Dmombia.jpeg.exe 0842d415e86405a5ef80626af1224855
NPKI RAT PE32 .NET DLL DLL PE File VirusTotal Malware |
|
|
|
|
0.8 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 22605 |
2022-12-05 09:51
|
 spacemen.exe d1e2721997a49175744d36d9eaa2a946
Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware Buffer PE PDB Checks debugger buffers extracted unpack itself ComputerName |
|
1
gem9twla6xbkkmlk0pnbh5yosth2xrxe.8mzefdh7t()
|
|
|
3.0 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|