| 2881 |
2024-06-19 09:42
|
 3.exe a41dcc178717a13af8972680faa8e697
PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 9
|
|
5.0 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2882 |
2024-06-19 09:42
|
 sch.exe 60b4266cdb4dc9b44d595677680a94f2
PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 9
|
|
5.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2883 |
2024-06-19 09:41
|
 1.exe 7b099cafaf5dada250f611dfef156cdb
PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 9
|
|
5.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2884 |
2024-06-19 09:41
|
 AntiVirus.exe 06b81c8edd7f620513a06e3a5cc11483
PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 9
|
|
5.0 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2885 |
2024-06-19 09:37
|
 AntiVirus2.exe 571878c5dbb5200509fddc36d7c01643
Malicious Packer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself |
|
|
|
|
2.8 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2886 |
2024-06-19 09:36
|
 lamda.cmd 7aad5e78aa5e3c4c1fd5da339379185e
Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
3.8 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2887 |
2024-06-19 09:36
|
bbc.doc c37e66ac7c43e79fd1c771892d457314
MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed |
3
http://172.235.39.109/3090/InetCache.hta
https://uploaddeimagens.com.br/images/004/798/015/original/new_image.jpg?1718284216
https://paste.ee/d/95tJR
|
5
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware
172.235.39.109 - mailcious
104.21.84.67 - malware
172.67.215.45 - malware
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible HTA Application Download
ET INFO Dotted Quad Host HTA Request
ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
|
|
4.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2888 |
2024-06-19 09:34
|
 lamda.cmd c348551fa8fea00106049dd9ff8c07c0
Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger heapspray Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
8
http://80.76.49.148/LgGFdDAm2/AntiVirus.exe
http://80.76.49.148/LgGFdDAm2/AntiVirus2.exe
http://80.76.49.148/LgGFdDAm2/AntiVirus3.exe
http://80.76.49.148/LgGFdDAm2/AntiVirus4.exe
http://80.76.49.148/LgGFdDAm2/MicrosoftNetwork.exe
http://80.76.49.148/LgGFdDAm2/MicrosoftRegistry.exe
http://80.76.49.148/LgGFdDAm2/MicrosoftSecurity.exe
http://80.76.49.148/LgGFdDAm2/MicrosoftValidator.exe
|
|
|
|
5.8 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2889 |
2024-06-19 09:34
|
 murka.exe 9e27ed6d9855b9bfae9234f0303a8bba
Malicious Packer UPX Anti_VM PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
5
ipinfo.io(34.117.186.192)
db-ip.com(104.26.5.15)
104.26.5.15
34.117.186.192
147.45.47.126 - mailcious
|
8
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DROP Spamhaus DROP Listed Traffic Inbound group 23
ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE [ANY.RUN] RisePro TCP (External IP)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET MALWARE [ANY.RUN] RisePro TCP (Activity)
ET MALWARE RisePro CnC Activity (Inbound)
|
|
13.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2890 |
2024-06-18 22:31
|
https://qrco.de/bfAK2I?onO=XTp... 12dec78d031d4e022b462bf6373a6d21
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File icon Code Injection Creates executable files exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
5
http://apps.identrust.com/roots/dstrootcax3.p7c
https://qrco.de/bfAK2I?onO=XTpHzVDAeO?WTh=1XXH9na1GN
https://qrco.de/favicon.ico
https://qrcg-registry.qr-code-generator.com/qrapp-legacy-webcomponents/qrcg.min.js
https://qrco.de/css/build/smartphone-preview.min.css
|
8
qrcg-registry.qr-code-generator.com(54.230.176.84)
cdnjs.cloudflare.com(104.17.25.14) - mailcious
qrco.de(13.225.131.84)
182.162.106.33 - malware
104.17.25.14
54.230.176.21
13.225.131.87
23.67.53.17
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO QR Code Generator Domain in DNS Lookup (qrco .de)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2891 |
2024-06-18 18:24
|
 Radmin2018.exe 6754696a342ef288c4eeac34bddb1ab1
Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM AntiDebug AntiVM PE File PE32 DLL PE64 OS Processor Check MZP Format VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Checks debugger Creates executable files unpack itself Windows utilities Auto service suspicious process WriteConsoleW Firewall state off Windows |
|
|
|
|
9.8 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2892 |
2024-06-18 18:21
|
 127pos.exe 3445e5cbc4f883d4c8db25e193ad30d2
Generic Malware Malicious Library ASPack UPX PE File PE32 OS Processor Check VirusTotal Malware Checks debugger unpack itself Windows |
1
http://www.gdbaodao.cn:2002/time.php
|
2
www.gdbaodao.cn(14.19.217.34)
14.19.217.34
|
1
ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
|
|
2.2 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2893 |
2024-06-18 18:18
|
 Aripzlzup.exe f41b9a03e2cfb311197ac247e4e4416c
Generic Malware Malicious Library ASPack UPX PE File PE32 OS Processor Check JPEG Format VirusTotal Malware Checks debugger unpack itself sandbox evasion |
|
|
|
|
2.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2894 |
2024-06-18 18:16
|
 1.exe c51e84d4d53678605a1cb5feb6436c84
Malicious Library AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory unpack itself Windows utilities suspicious process AppData folder Windows |
|
2
gwyk.sp168.tv(156.241.4.189) - mailcious
156.241.4.189 - mailcious
|
|
|
7.4 |
M |
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2895 |
2024-06-18 18:16
|
 AV520.exe 39d865aa4171442b417c40479e63a03f
Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
2.0 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|