| 2581 |
2024-07-02 15:45
|
 C.jpg.exe b3623c2ff1b7635712d8ff50d58560d2
UPX PE File DLL PE32 VirusTotal Malware Checks debugger unpack itself crashed |
|
|
|
|
2.8 |
M |
44 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2582 |
2024-07-02 15:45
|
 Content_497179.exe 52070a9adf4787ece9b80af208603030
Generic Malware NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL BMP Format Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder sandbox evasion anti-virtualization Tofsee |
1
|
2
codeonicinc.com(104.26.8.6)
104.26.9.6
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2583 |
2024-07-02 14:10
|
 Update.js 365d4f4e6ffed01288e0fae6e352e8a5VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://czvqr.fans.smalladventureguide.com/orderReview
|
2
czvqr.fans.smalladventureguide.com(162.252.175.117) - mailcious
162.252.175.117 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2584 |
2024-07-02 13:49
|
 Update.js a17403e9e32d19f46d7796f574136b61VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://vlms.fans.smalladventureguide.com/orderReview
|
2
vlms.fans.smalladventureguide.com(162.252.175.117)
162.252.175.117 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2585 |
2024-07-02 10:53
|
mck.kc.kc.kcckckckck.doc 418c12bd742fe4bc4cf4849870bfc01c
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash Windows Exploit DNS crashed |
1
http://198.46.178.137/88133/igccu.exe
|
3
dashboardproducts.info(91.92.240.69)
91.92.240.69
198.46.178.137 - malware
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.8 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2586 |
2024-07-02 10:29
|
 pic2.jpg.exe bd2eac64cbded877608468d86786594a
UPX PE File PE32 VirusTotal Malware |
|
|
|
|
2.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2587 |
2024-07-02 10:21
|
 C.jpg.exe b3623c2ff1b7635712d8ff50d58560d2
PE File DLL PE32 VirusTotal Malware Checks debugger unpack itself crashed |
|
|
|
|
2.8 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2588 |
2024-07-02 10:19
|
 controlfirebase65.txt.exe eb34eabec4f015fb2c9d8949545dc480
AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware AgentTesla suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName crashed |
1
http://ip-api.com/line/?fields=hosting
|
4
mail.controlfire.com.mx(192.185.123.104)
ip-api.com(208.95.112.1)
192.185.123.104
208.95.112.1
|
3
ET POLICY External IP Lookup ip-api.com
SURICATA Applayer Detect protocol only one direction
ET MALWARE AgentTesla Exfil Via SMTP
|
|
7.8 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2589 |
2024-07-02 10:19
|
 baze644444444444444444444444.t... e0659414477aceed1bd5ef7c92dc6b7b
AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Browser Email ComputerName crashed |
1
http://ip-api.com/line/?fields=hosting
|
2
ip-api.com(208.95.112.1)
208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
|
6.0 |
|
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2590 |
2024-07-02 10:15
|
 spoofer.sys ece894602ee9353cce23dc4ece8a5445
PE File PE64 VirusTotal Malware PDB |
|
|
|
|
1.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2591 |
2024-07-02 10:05
|
mck.kc.kc.kcckckckck.doc 418c12bd742fe4bc4cf4849870bfc01c
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed |
|
|
|
|
3.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2592 |
2024-07-02 09:49
|
 25.txt.exe b2e56a7b3dd03c8000e78544f540677d
AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware DNS DDNS |
|
2
wins19junspam.duckdns.org(192.169.69.26)
192.169.69.26 - phishing
|
2
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
1.6 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2593 |
2024-07-02 09:48
|
 27.txt.exe cfa3c233dbdff5cf57692484c4e50e6a
AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware DNS DDNS |
|
2
wins26junspam.duckdns.org(191.93.112.233)
191.93.112.233
|
2
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
1.6 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2594 |
2024-07-02 09:47
|
 28.txt.exe 3b2129194c379040d94f02260925b029
AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware DNS DDNS |
|
2
wins26junspam.duckdns.org(191.93.112.233)
191.93.112.233
|
2
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
1.6 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2595 |
2024-07-02 09:45
|
package_full.pdf.lnk 87e1217cd4517d2c3ea39b1b970a5550
Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Tofsee Interception Windows ComputerName Cryptographic key |
1
https://scratchedcards.com/can/cantruck
|
2
scratchedcards.com(5.188.88.146) - malware
5.188.88.146 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.0 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|