2491 |
2024-07-04 17:03
|
UtilityR.dll 09a621243e242bc725c811cd4efac771 Malicious Library PE File DLL PE64 DllRegisterServer dll VirusTotal Malware Checks debugger RWX flags setting unpack itself ComputerName DNS |
|
1
89.197.154.116 - mailcious
|
|
|
5.4 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2492 |
2024-07-04 17:02
|
UtilityR.exe 64d9a7da3f1aa599a9656fb0894fabeb Malicious Library PE File PE64 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS |
|
1
89.197.154.116 - mailcious
|
|
|
5.2 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2493 |
2024-07-04 17:02
|
uh.uh.uhuhuh.uu.uh.doc 2065f134f20986527b4023d59e12081c MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit Java DNS crashed |
4
http://198.46.178.139/33144/creatingfollowerswithflowereseverytime.gif
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg?1719846235 - rule_id: 40876
http://91.92.254.29/Users_API/syscore/file_ygeik543.xh0.txt
http://198.46.178.139/33144/ORES.txt
|
4
uploaddeimagens.com.br(172.67.215.45) - malware 91.92.254.29 - mailcious
198.46.178.139 - malware
172.67.215.45 - malware
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Malicious Base64 Encoded Payload In Image SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET WEB_CLIENT Obfuscated Javascript // ptth
|
1
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg
|
5.0 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2494 |
2024-07-04 17:01
|
goodnews.bmp.vbs cdf4aa1d6873ed8897e4ac1f9b1b14b2 ActiveXObject unpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2495 |
2024-07-04 16:59
|
UpdaterLOC.dll d5f8785aedca631c7c8e123dc0e6e35f Swrort Malicious Library PE File DLL PE32 VirusTotal Malware |
|
|
|
|
1.2 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2496 |
2024-07-04 16:59
|
4444.exe 1aca2436ee8c1ef6271dfebd4312b3d7 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
|
|
|
3.6 |
M |
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2497 |
2024-07-04 16:59
|
TrialR.exe e18a6528feb2a80af9a1cc435ed30bed MPRESS PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
89.197.154.116 - mailcious
|
|
|
4.2 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2498 |
2024-07-04 16:59
|
profilegoodforinvestreturntogo... a93733bf3912d34ee7074f64f2d93156 Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Java ComputerName DNS Cryptographic key |
3
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://91.92.254.14/Users_API/syscore/file_fdncluho.ggk.txt
http://23.95.235.16/55099/UGH.txt
|
2
91.92.254.14 - malware
91.92.254.194 - malware
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Malicious Base64 Encoded Payload In Image ET WEB_CLIENT Obfuscated Javascript // ptth ET MALWARE Base64 Encoded MZ In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
9.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2499 |
2024-07-04 16:57
|
UpdaterP.exe 40094e123c89625468665c8c196c2ffd PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
89.197.154.116 - mailcious
|
|
|
4.8 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2500 |
2024-07-04 16:57
|
UpdaterR.exe be101f8181d00ee2196fbc988d85d7d3 PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
89.197.154.116 - mailcious
|
|
|
4.8 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2501 |
2024-07-04 16:52
|
Retest6.txt.lnk a21f40ab52c9bec0288b86656af166bd Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://89.197.154.116/Retest6.vbs
|
|
|
|
5.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2502 |
2024-07-04 16:52
|
QuarterR.txt.lnk 7ef9148b9dabbc71fd47c8d2e2cbf079 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://89.197.154.116/QuarterR.vbs
|
|
|
|
5.0 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2503 |
2024-07-04 11:31
|
Update.js 616eae241a26b57cf9d5efc97ff8491fVBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://shryr.fans.smalladventureguide.com/orderReview
|
2
shryr.fans.smalladventureguide.com(162.252.175.117) 162.252.175.117 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2504 |
2024-07-04 11:29
|
new-image_v.jpg.exe 9152c6d4256e91955c25bcdfa97fb9e0 Generic Malware PE File DLL PE32 .NET DLL VirusTotal Malware PDB |
|
|
|
|
1.0 |
|
29 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2505 |
2024-07-04 10:42
|
eveningfiledatinglover.vbs e69758681e577aa06dfa9425821283b6 Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Java ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://91.92.254.14/Users_API/negrocock/file_in0kfcuh.ojw.txt
|
2
91.92.254.14 - malware
91.92.254.194 - malware
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Malicious Base64 Encoded Payload In Image ET MALWARE Base64 Encoded MZ In Image ET WEB_CLIENT Obfuscated Javascript // ptth
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
10.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|