2611 |
2024-07-01 14:56
|
CONT.exe 1cdf5a27c0f2ceaf51055ed3721d5c32 UPX PE File PE32 VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
1.0 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2612 |
2024-07-01 14:56
|
FIX_0x80070643_(Need_reboot).r... 177d5e4e498f2a2db92df607fe0e1692 ScreenShot Escalate priviledges KeyLogger AntiDebug AntiVM AutoRuns Code Injection Check memory unpack itself Windows |
3
https://companyupdates.ltd/act/CONT
https://companyupdates.ltd/act/FP
https://companyupdates.ltd/act/ENC
|
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2613 |
2024-07-01 11:05
|
MpMgSvc.jpg.exe 40670d0d30c6855dd2b3db30b81f9ce2 Emotet Generic Malware UPX Malicious Library Malicious Packer Downloader Anti_VM PE File PE32 DLL OS Processor Check ftp PE64 Malware SMB Traffic Potential Scan Malicious Traffic Creates executable files ICMP traffic AppData folder sandbox evasion Remote Code Execution DNS DDNS |
2
http://118.184.169.48/dyndns/getip http://45.113.194.127/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8
|
4
opendata.baidu.com(45.113.194.189) members.3322.org(118.184.169.48) 45.113.194.127 118.184.169.48
|
3
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
|
|
7.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2614 |
2024-07-01 11:03
|
Hooks.jpg.exe 422f3763021f8f9bfc31a9a7e4b049f9 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Downloader Malicious Packer .NET framework(MSIL) UPX Antivirus PE File PE32 DLL OS Processor Check VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key |
2
http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://43.198.152.240:8080/api/node/ip_validate
|
18
gtxvdqvuweqs.com(16.162.201.176) - mailcious ipv6-api.iproyal.com() down.ftp21.cc(119.203.212.165) - malware download.microsoft.com(23.207.40.161) api6.my-ip.io() www.362-com.com(1.226.84.135) www.4i7i.com(1.226.84.135) api.iproyal.com(193.228.196.69) worldtimeapi.org(213.188.196.246) 23.45.52.224 93.189.62.83 213.188.196.246 193.228.196.69 51.161.196.188 43.198.152.240 16.162.201.176 - mailcious 1.226.84.135 119.203.212.165 - malware
|
4
ET DNS Query for .cc TLD ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET INFO SSH-2.0-Go version string Observed in Network Traffic ET INFO External IP Lookup Domain DNS Lookup (my-ip .io)
|
|
11.2 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2615 |
2024-07-01 11:02
|
64.jpg.exe 72762b7ac7c6dfdc7b1c3b3a5171103a UPX PE File PE64 VirusTotal Malware Check memory unpack itself ComputerName Firmware |
|
3
xmr.330com.com(211.108.74.247) 211.108.74.247 62.48.34.99
|
|
|
3.4 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2616 |
2024-07-01 10:46
|
wmi.jpg.exe 3d3aedfaeaf39544ff74fe6fe4541fc2 UPX PE File PE32 VirusTotal Malware AutoRuns Check memory Creates executable files RWX flags setting Windows utilities WriteConsoleW Firewall state off Windows |
|
2
www.4i7i.com(1.226.84.135) 1.226.84.135
|
|
|
6.0 |
M |
60 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2617 |
2024-07-01 10:25
|
pconsnap.dll.exe 8fb5e72a31680189d9a529b49962a0b1 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.0 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2618 |
2024-07-01 09:42
|
rise2806.exe 97768ab0a4837757b74de2ae892badab Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2619 |
2024-07-01 09:40
|
meta2806.exe 2fcb3543d06f526e93c7276356f557b7 RedLine stealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
4.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2620 |
2024-07-01 09:38
|
vidar2806.exe f88272ea7674d3acedd8adcf7643c598 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2621 |
2024-07-01 09:38
|
lumma2806.exe 0309dd0131150796ea99b30a62194fae Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2622 |
2024-07-01 09:26
|
1.exe 07c1efc472c5c8424d6a4e529abc63c5 UPX PE File PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2623 |
2024-07-01 09:23
|
TQ.jpg.exe f9f5342074462fa1048fea806eef535f Emotet Generic Malware Malicious Library Downloader Malicious Packer Antivirus UPX PE File PE32 OS Processor Check DLL PE64 Malware download VirusTotal Malware SMB Traffic Potential Scan Malicious Traffic Creates executable files ICMP traffic Disables Windows Security AppData folder sandbox evasion Windows DNS DDNS Downloader |
8
http://118.184.169.48/dyndns/getip http://45.113.194.189/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8 http://ssl.ftp21.cc/MpMgDLL.jpg http://ssl.ftp21.cc/MpMgSvc.jpg http://down.ftp21.cc/64.jpg http://ssl.ftp21.cc/Hooks.jpg http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://down.ftp21.cc/Update.txt
|
22
gtxvdqvuweqs.com(16.162.201.176) members.3322.org(118.184.169.48) ipv6-api.iproyal.com() down.ftp21.cc(119.203.212.165) - malware download.microsoft.com(23.199.6.55) www.362-com.com(1.226.84.135) www.4i7i.com(1.226.84.135) opendata.baidu.com(45.113.194.189) web.362-com.com(110.11.158.238) api.iproyal.com(193.228.196.69) ssl.ftp21.cc(31.184.207.62) - malware 23.219.69.110 31.184.207.62 - malware 193.228.196.69 45.113.194.189 16.162.201.176 1.226.84.135 31.222.226.20 18.163.3.159 118.184.169.48 110.11.158.238 119.203.212.165 - malware
|
8
ET DNS Query for .cc TLD ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection
|
|
9.4 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2624 |
2024-07-01 09:23
|
wmi.jpg.exe 3d3aedfaeaf39544ff74fe6fe4541fc2 PE File PE32 Malware download VirusTotal Malware SMB Traffic Potential Scan AutoRuns Malicious Traffic Check memory Creates executable files ICMP traffic RWX flags setting Windows utilities suspicious TLD WriteConsoleW Firewall state off Windows DNS DDNS Downloader |
10
http://down.ftp21.cc/Update.txt http://ssl.ftp21.cc/445.jpg http://43.198.152.240:8080/api/node/ip_validate http://118.184.169.48/dyndns/getip http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe http://hook.ftp21.cc/MpMgSvc.dll http://45.113.194.127/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8 http://hook.ftp21.cc/MpMgSvc.jpg http://hook.ftp21.cc/Hooks.jpg http://hook.ftp21.cc/64.jpg
|
28
gtxvdqvuweqs.com(16.162.201.176) members.3322.org(118.184.169.48) ipv6-api.iproyal.com() down.ftp21.cc(119.203.212.165) - malware download.microsoft.com(23.199.6.55) hook.ftp21.cc(211.108.60.155) api6.my-ip.io() unixtime.org(172.67.175.23) www.362-com.com(1.226.84.135) web.362-com.com(110.11.158.238) opendata.baidu.com(45.113.194.127) www.4i7i.com(1.226.84.135) api.iproyal.com(93.189.62.83) ssl.ftp21.cc(31.184.207.62) - malware 172.67.175.23 93.189.62.83 31.184.207.62 - malware 193.228.196.69 211.108.60.155 43.198.152.240 45.113.194.127 16.162.201.176 1.226.84.135 51.161.196.188 104.78.73.222 118.184.169.48 110.11.158.238 119.203.212.165 - malware
|
11
ET INFO Packed Executable Download ET DNS Query for .cc TLD ET HUNTING Suspicious EXE Download Content-Type image/jpeg ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M4 ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection ET INFO DYNAMIC_DNS Query to 3322.org Domain ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection ET INFO SSH-2.0-Go version string Observed in Network Traffic ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection ET INFO External IP Lookup Domain DNS Lookup (my-ip .io)
|
|
11.2 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2625 |
2024-06-30 23:34
|
https://t.co/XCgLbVc0am b88f184324bab0b6c8aa74de052a7b34 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
t.co(117.18.232.195) - phishing 117.18.232.195 - phishing
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|