2986 |
2024-06-15 08:12
|
Bio Data Form.jpg.lnk e10c8df203a7a195a44ee629fcf0c756 Generic Malware AntiDebug AntiVM GIF Format Lnk Format Code Injection Check memory buffers extracted Creates shortcut RWX flags setting unpack itself Check virtual network interfaces suspicious process Tofsee Interception |
3
http://x1.i.lencr.org/ https://mailnepalarmymil.mods.email/dispachofapc-46703841?yui=1 - rule_id: 40280 https://mailnepalarmymil.mods.email/dispachofapc-46703841?yui=1
|
4
mailnepalarmymil.mods.email(91.223.208.175) x1.i.lencr.org(23.52.33.11) 91.223.208.175 23.41.113.9
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://mailnepalarmymil.mods.email/dispachofapc-46703841
|
5.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2987 |
2024-06-15 08:12
|
Appendix.jpg.lnk b8be125e6f496b0d5856fd4c2b59d778 Generic Malware AntiDebug AntiVM GIF Format Lnk Format Code Injection Check memory buffers extracted Creates shortcut RWX flags setting unpack itself Check virtual network interfaces suspicious process Tofsee Interception |
3
http://x1.i.lencr.org/ https://mailnepalarmymil.mods.email/dispachofapc-46703841?yui=2 - rule_id: 40280 https://mailnepalarmymil.mods.email/dispachofapc-46703841?yui=2
|
4
mailnepalarmymil.mods.email(91.223.208.175) x1.i.lencr.org(23.52.33.11) 91.223.208.175 23.41.113.9
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://mailnepalarmymil.mods.email/dispachofapc-46703841
|
4.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2988 |
2024-06-14 19:20
|
ade4f437.exe b6a77e293a158f046f39ab50f276ef9f Malicious Packer Malicious Library UPX PE File PE32 Malware buffers extracted ICMP traffic WriteConsoleW Windows DNS |
|
722
zstupu.power-peak.com.cn(49.7.60.22) www.campusvirtual.neotedi.edu.bo() cpcalendars.page-naver688.com() sale.joinye.com(60.190.234.151) sas-ir.com(68.178.165.202) cpcontacts.lucky88vip.com(103.145.62.222) smtp.novusthailand.com(118.174.23.90) wbsubdomain.a.bb.ccc.dddd.mantle.dlt-tech.com(139.196.144.53) amharaocaca.gov.et() cpanel.pcsmart.site() ww.npage-naver0723.com() mails.rwjansen.com(219.88.70.10) mail.yatesfamilyartisans.com() www.qgiscentral.com(190.111.30.52) mail.vm67.com(103.85.226.45) www.salimsali-mall.com() cpcontacts.page-naver615.com() cpcontacts.huidesuye.com(82.156.18.143) what.website.cursos.neotedi.edu.bo() panel.plebeianmc.com() nsotiensv.click(103.116.52.244) hqrjswd.ndbykglhmcyuqh.amkeuvwl.fun() tawatur-einv.com(38.54.114.104) collaborate.scaledagile.com(18.190.140.7) ns1.sinaibg.com(37.143.207.223) hmsliaison.hotelchristopher.com(90.82.50.115) helpdesk.pittrace.com(24.101.151.68) jzewvmcdn.33song.com(218.244.156.233) what.website.xn--fastighetsvrme-gib.nu(194.14.207.177) smtp.radafi.pl(83.0.116.139) fgtivolhk.amkeuvwl.fun() www.rriveram.com(201.206.158.237) server5.33song.com(218.244.156.233) acevcajwqhun.fwphysyclim.pbyqwddi.fun() rhtny.com(39.108.71.105) www14.duzui360.com(114.55.170.8) webdisk.mappzi.com(190.111.30.52) wbsubdomain.a.bb.ccc.dddd.pcsmart.site() mail.wellness360pro.com(172.67.156.76) jvuslgpamnhl.bstdgvtb.fun() ct.PHP-CGI.COM(43.155.10.234) en.dowpol.com(103.24.119.233) webdisk.sms-murah.com(23.106.122.175) dddd.www.navra.org(13.90.224.212) mail.littlegemscakes.com() app.npage-naver625.com() 49.7.60.22 121.101.130.150 174.138.17.231 36.90.153.102 189.177.181.0 87.26.88.136 65.132.44.131 180.242.188.142 118.173.247.33 38.9.117.83 50.16.234.185 62.3.14.112 144.86.40.137 47.96.186.135 36.92.143.55 91.14.89.137 36.37.84.210 121.123.72.47 105.154.186.114 202.186.65.234 197.255.161.18 60.53.1.62 5.183.171.153 18.230.206.237 35.213.114.107 31.25.135.75 74.117.58.250 175.107.239.0 60.246.217.247 23.106.122.175 103.164.98.205 49.48.69.125 189.139.150.180 187.155.52.135 1.52.245.253 147.189.174.16 201.119.189.71 186.48.163.147 113.211.54.54 5.57.39.252 68.178.165.202 8.215.31.219 103.127.169.42 36.65.198.217 41.63.27.17 109.250.51.88 113.11.120.202 36.90.6.209 151.196.48.165 202.92.144.27 36.89.237.10 130.164.167.43 199.87.210.195 31.6.1.104 83.118.89.164 213.226.117.12 13.90.224.212 54.243.89.72 36.84.144.226 37.143.207.223 223.206.36.114 42.119.31.241 179.253.188.113 219.92.42.130 103.184.181.38 182.53.129.11 87.126.253.224 113.211.54.25 36.90.21.111 171.101.123.157 45.136.4.169 60.50.80.19 60.190.234.151 113.211.54.134 87.123.176.173 54.255.196.19 36.95.107.163 123.19.207.137 171.6.161.151 64.227.153.151 185.249.202.230 171.101.123.234 125.166.52.109 161.97.113.121 49.48.127.52 95.130.175.87 185.208.23.233 113.211.71.137 182.53.129.102 189.172.94.69 182.53.129.106 171.101.144.130 177.202.224.158 173.234.31.45 43.155.10.234 36.84.145.13 78.3.91.170 109.237.7.112 79.119.80.26 49.48.110.189 189.172.62.18 103.190.29.200 37.1.201.146 36.71.164.74 190.108.90.26 189.162.138.43 219.88.70.10 20.246.22.202 112.78.191.131 223.204.201.209 189.172.98.170 58.124.18.22 49.48.84.105 189.162.136.169 130.164.150.59 103.142.111.180 110.22.151.47 190.111.30.52 116.5.192.223 89.213.41.237 180.245.130.168 187.144.254.76 171.101.144.65 92.247.117.225 125.166.52.4 49.48.127.186 201.40.90.60 189.163.201.155 36.71.166.249 189.182.203.237 107.208.145.240 54.159.142.212 187.1.68.125 223.206.136.215 194.219.215.204 118.99.124.71 125.166.52.44 143.92.147.63 180.183.114.213 77.49.249.107 103.155.201.137 202.186.163.152 20.231.211.201 181.115.182.188 217.113.49.125 185.252.179.105 103.165.35.90 4.236.130.26 185.229.237.32 89.117.76.249 144.86.17.167 4.240.78.12 38.55.216.113 94.66.184.8 223.204.14.74 122.154.56.133 175.138.229.53 189.128.199.156 36.90.152.144 24.66.24.187 190.145.170.206 220.135.216.3 171.101.52.217 45.14.185.30 171.101.138.82 183.88.62.151 158.220.91.166 190.8.227.207 212.87.213.247 1.174.15.218 111.230.17.153 52.178.128.156 110.139.175.86 60.51.226.119 59.96.165.173 36.71.166.80 135.148.77.82 103.100.135.58 36.71.161.89 115.241.144.10 187.144.142.242 18.141.55.63 190.119.76.68 171.101.53.201 3.139.91.193 103.91.211.200 86.127.176.138 103.85.226.45 52.221.97.212 36.71.174.86 189.127.165.191 49.48.145.225 192.41.102.47 163.158.99.61 187.150.96.72 49.48.104.229 80.32.8.140 83.0.116.139 103.90.227.110 220.247.174.189 60.51.47.79 93.217.176.106 218.244.156.233 185.229.237.86 187.141.247.90 189.172.44.168 85.127.37.101 38.54.114.104 185.229.237.162 37.72.71.19 49.48.84.180 49.48.193.61 47.36.13.62 113.211.54.197 188.4.203.108 60.51.156.85 36.71.164.30 189.177.213.169 46.136.144.14 139.196.144.53 84.196.43.122 187.192.245.9 223.206.138.48 104.42.182.200 181.225.12.91 216.146.24.107 190.6.166.112 14.139.182.3 180.253.11.253 193.92.236.12 49.48.127.179 182.53.129.2 177.53.55.199 180.183.9.213 79.117.126.197 60.49.92.252 49.48.124.23 202.186.132.37 182.53.129.92 107.23.115.168 189.172.18.166 103.116.52.244 115.246.185.219 177.125.237.57 79.131.102.225 134.255.220.40 113.211.54.227 125.111.168.45 203.166.207.254 139.144.120.232 183.88.36.161 43.239.205.221 36.79.200.2 186.87.84.238 46.45.185.52 201.51.188.215 154.127.222.136 125.166.52.10 183.88.60.176 190.30.242.89 14.225.44.218 118.100.255.116 77.49.87.98 217.231.245.124 20.226.35.48 49.48.107.203 171.5.27.251 171.5.138.230 218.253.253.73 35.199.106.10 45.89.30.90 180.241.159.108 187.155.0.221 180.75.4.170 171.5.131.130 14.187.171.245 37.72.37.160 189.172.56.232 178.128.82.168 36.72.14.142 36.90.152.179 125.163.157.142 187.175.13.146 109.59.51.151 13.250.47.47 187.155.26.5 221.124.102.126 167.86.134.24 183.88.56.254 217.15.164.206 36.238.206.205 36.90.208.169 41.140.41.118 172.67.156.76 49.48.194.112 162.248.93.192 175.139.130.187 189.177.233.194 103.253.73.212 124.122.106.214 202.150.150.108 223.204.13.148 103.24.119.233 180.247.214.215 5.225.38.54 117.193.145.199 3.23.25.111 78.24.205.196 103.164.132.123 150.107.140.75 36.76.98.20 135.125.202.216 223.204.206.73 58.71.205.159 78.3.177.233 188.152.175.197 111.125.76.63 85.206.72.16 212.14.238.22 139.64.23.244 94.154.33.168 187.155.7.4 103.144.183.156 18.214.64.114 49.48.124.64 189.180.98.211 186.67.151.100 125.165.150.148 171.5.143.210 187.172.94.201 185.229.237.230 188.4.232.102 59.149.150.197 41.141.49.161 182.53.129.110 125.160.59.77 202.186.76.61 125.166.52.55 125.166.52.56 87.122.53.69 36.73.93.146 187.155.12.214 137.59.22.187 189.170.161.160 38.152.53.74 180.183.135.141 186.210.13.164 95.52.94.166 201.246.113.60 49.49.43.101 36.91.46.44 185.229.237.120 51.222.255.58 45.153.7.11 179.104.65.247 38.242.223.23 202.152.20.115 189.177.169.227 113.211.54.166 223.206.37.79 45.144.167.158 45.87.173.36 189.238.33.85 181.60.69.36 93.104.113.207 202.186.64.36 49.49.29.66 187.147.41.222 187.133.39.212 62.48.177.122 114.55.170.8 124.77.29.239 189.237.191.233 189.172.254.191 168.227.96.102 171.5.138.194 49.48.194.157 133.142.117.245 182.53.129.76 49.248.126.138 89.213.5.176 83.250.3.23 62.77.156.72 131.196.199.138 181.163.200.69 46.246.158.84 49.0.82.206 46.152.40.138 113.211.54.111 14.207.2.101 189.174.35.201 124.106.166.170 103.10.231.194 46.246.161.240 36.82.127.105 49.48.120.219 103.8.151.129 201.108.152.229 111.251.137.62 167.61.87.205 213.14.138.253 103.100.128.230 36.71.160.233 180.183.103.246 175.122.36.148 171.101.144.110 182.53.129.26 189.127.164.73 124.122.104.64 116.204.250.84 113.211.54.189 103.89.64.236 188.166.220.51 202.88.209.109 198.244.228.207 189.141.0.76 194.199.109.217 194.45.197.28 195.206.235.71 192.95.51.54 171.5.139.249 200.150.105.229 201.206.158.237 195.85.205.17 180.243.208.234 39.108.71.105 189.172.63.126 194.156.88.183 185.163.116.177 200.34.226.46 182.53.129.85 36.64.141.138 180.183.127.10 113.211.54.231 171.5.132.136 49.48.119.126 217.240.196.88 223.204.204.150 49.49.152.176 187.214.99.103 36.67.214.19 87.184.181.174 131.196.198.225 125.166.52.63 167.94.158.150 181.161.50.9 36.90.152.15 49.48.118.7 162.33.178.179 171.5.143.137 62.33.7.173 36.90.20.89 46.246.213.42 182.53.129.31 103.15.144.178 113.211.54.140 191.108.129.131 109.177.56.137 34.197.23.97 186.210.111.88 14.207.12.53 36.90.161.48 171.96.102.91 212.18.114.92 83.42.110.235 202.185.38.52 45.117.169.199 45.149.93.204 223.206.35.65 103.180.1.131 187.156.221.17 41.139.201.39 187.155.35.134 52.253.115.16 223.206.187.188 185.126.10.125 124.122.103.161 119.8.3.39 103.56.206.107 3.145.97.183 182.53.129.121 95.246.35.95 171.5.130.189 213.136.84.14 36.90.1.224 90.82.50.115 181.60.86.190 139.91.183.28 45.88.191.4 103.84.208.182 186.3.164.72 103.109.45.5 207.188.6.56 5.189.168.170 146.83.123.29 84.32.231.115 180.183.121.165 171.5.130.112 49.48.138.60 36.81.75.211 180.245.206.1 191.252.156.146 124.120.48.126 184.168.31.6 92.219.161.58 121.202.27.61 171.5.137.99 36.84.28.142 36.90.22.59 36.71.173.220 188.36.215.62 45.118.145.218 151.33.211.27 202.186.104.183 36.73.134.12 187.155.87.37 200.88.57.81 203.114.109.139 110.235.247.171 49.48.113.189 180.254.87.240 38.17.55.107 41.196.248.4 183.91.87.163 49.48.113.71 182.53.129.109 171.5.137.231 190.134.70.138 36.90.153.63 187.232.236.201 180.183.102.244 223.204.15.210 105.98.140.16 189.161.91.38 111.243.137.185 124.122.105.96 60.48.82.128 86.144.72.241 103.72.96.239 187.155.53.175 45.146.106.51 118.174.23.90 134.255.225.198 31.126.94.86 36.71.163.68 125.166.52.32 68.134.91.81 109.165.225.84 171.7.149.24 217.20.242.60 122.121.7.83 190.57.37.70 175.201.211.42 213.238.177.114 185.229.238.39 124.122.107.148 190.219.8.220 49.48.107.184 36.91.60.20 181.206.7.48 130.164.189.18 186.107.125.235 177.221.205.214 114.35.14.101 189.174.35.210 189.237.103.209 186.116.15.45 81.227.71.249 54.232.49.151 84.245.8.180 194.14.207.177 38.25.129.221 36.94.130.58 179.70.214.40 51.81.249.201 45.137.69.113 77.49.249.132 47.108.196.23 122.103.101.126 103.125.154.3 103.140.50.24 180.243.78.113 189.172.247.13 5.249.165.152 103.86.156.82 49.48.198.10 200.55.241.74 36.90.21.51 202.152.32.66 87.125.173.162 36.91.9.105 201.146.145.180 171.101.144.252 110.137.159.12 189.248.170.33 58.152.104.216 62.227.152.130 24.101.151.68 20.0.194.184 62.122.229.94 190.57.34.71 45.88.9.42 117.121.211.35 179.110.44.252 79.127.60.2 8.219.230.175 58.71.205.163 49.48.127.149 37.41.80.99 124.120.145.179 36.71.171.101 102.101.163.154 200.48.185.142 131.221.184.195 103.145.62.222 103.247.14.129 173.207.147.199 223.206.141.232 110.139.20.7 194.219.38.182 82.156.18.143 210.186.48.102 79.159.56.153 45.127.133.73 36.91.184.67 160.177.81.160 189.131.243.83 197.4.45.132 112.135.220.65 123.231.237.70 210.91.34.123 189.245.8.222 36.64.141.140 110.136.178.56 191.96.229.8 45.160.18.29 79.42.203.226 217.171.153.175 150.107.136.36 185.84.160.114 49.232.60.34 202.93.227.34 187.148.99.86 180.183.113.221 102.68.77.196 58.71.205.195 189.172.85.39 36.71.198.253 187.188.186.252 36.95.73.81 190.219.196.251 189.177.240.127 94.156.71.142 81.70.87.12 182.53.129.58 171.5.139.127 189.172.32.70 85.172.39.196 36.71.175.65 187.155.40.31 46.246.242.235 177.94.26.24 67.2.161.191 168.149.89.93 189.250.169.132 18.220.224.124 37.138.32.115 36.74.236.233 160.177.37.86 63.225.206.105 77.230.91.9 130.43.54.246 219.76.169.10 130.185.77.34 103.146.196.24 93.225.56.56
|
6
ET USER_AGENTS Go HTTP Client User-Agent ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 15
|
|
5.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2989 |
2024-06-14 18:48
|
help.scr 2d927fdb462570728a981443bf36d19f Emotet Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File PE32 OS Processor Check DLL PE64 ftp Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns suspicious privilege Check memory buffers extracted WMI Creates executable files unpack itself Windows utilities Auto service suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows Exploit ComputerName Remote Code Execution |
|
4
auto.c3pool.org(47.76.164.119) sadan.8b8n.com(166.88.61.212) 47.76.164.119 166.88.61.212
|
5
ET POLICY Cryptocurrency Miner Checkin ET MALWARE Lucifer CnC Checkin ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010
|
|
14.0 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2990 |
2024-06-14 18:46
|
Asusdebug.exe 9d3b19c8bf21723224e6885db1eea012 Malicious Packer Malicious Library UPX PE File PE32 VirusTotal Malware suspicious privilege WMI Windows utilities Windows ComputerName DNS |
|
2
47.76.164.119 166.88.61.212
|
|
|
3.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2991 |
2024-06-14 18:46
|
appverify.dll 6a4f16c2ac0de1c9c11946f0e92b49b4 Generic Malware Malicious Library UPX DLL PE64 PE File OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Exploit crashed |
|
|
3
ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010
|
|
3.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2992 |
2024-06-14 18:45
|
Gqgsm.exe c6cd0f62d86d87344a7d7483d82ac6d3 Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Ransomware Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
http://103.195.103.33/nf/Useya.pdf
|
2
103.195.100.219 103.195.103.33 - malware
|
5
ET INFO Dotted Quad Host PDF Request ET MALWARE PE EXE or DLL Windows file download disguised as ASCII ET MALWARE PE EXE or DLL Windows file download Text M2 ET HUNTING [TW] Likely Hex Executable String ET SHELLCODE Common 0a0a0a0a Heap Spray String
|
|
17.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2993 |
2024-06-14 18:42
|
drivermanager.exe c28a2d0a008788b49690b333d501e3f3 Generic Malware Malicious Library ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Remote Code Execution |
|
|
|
|
8.0 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2994 |
2024-06-14 18:42
|
hecto.doc dd2d12d4f427963b4334a6f1061a252b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS crashed |
1
https://covid19help.top/hecto.scr
|
3
covid19help.top(104.21.83.128) - mailcious 45.33.6.223 104.21.83.128 - mailcious
|
5
ET DNS Query to a *.top domain - Likely Hostile ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1 ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Possible COVID-19 Domain in SSL Certificate M2
|
|
4.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2995 |
2024-06-14 18:40
|
rothc.doc 40d18ab9b48c16d917ab69e101fa45eb Formbook MS_RTF_Obfuscation_Objects RTF File doc Cobalt Strike Cobalt VirusTotal Malware c&c exploit crash unpack itself Tofsee Exploit DNS crashed |
|
23
www.themirrorproject.org() - mailcious www.tpsideanchor.com(154.38.187.252) www.5597043.com(172.66.47.183) - mailcious covid19help.top(172.67.175.222) - mailcious www.baldjourney.com(35.212.60.56) - mailcious www.ekvassf.store() - mailcious www.planningexcellence.org(172.67.195.9) - mailcious www.heolty.xyz(162.0.238.43) - mailcious www.usebanq.com(198.54.117.242) - mailcious www.mildhicky.com(149.88.71.203) - mailcious www.ar-robotics.com(34.149.87.45) www.vt0lcffi5.sbs(47.239.13.172) - mailcious 47.239.13.172 - mailcious 35.212.60.56 - mailcious 172.66.44.73 34.149.87.45 - phishing 172.67.195.9 154.38.187.252 198.54.117.242 - mailcious 104.21.83.128 - mailcious 45.33.6.223 149.88.71.203 - mailcious 162.0.238.43 - mailcious
|
7
ET DNS Query to a *.top domain - Likely Hostile ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M1 ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Possible COVID-19 Domain in SSL Certificate M2 ET Threatview.io High Confidence Cobalt Strike C2 IP group 3 SURICATA HTTP Request abnormal Content-Encoding header
|
14
http://www.usebanq.com/8lx9/ http://www.mildhicky.com/i5j9/ http://www.baldjourney.com/bgvg/ http://www.mildhicky.com/i5j9/ http://www.5597043.com/twtt/ http://www.5597043.com/twtt/ http://www.heolty.xyz/fo0a/ http://www.vt0lcffi5.sbs/l7g9/ http://www.baldjourney.com/bgvg/ http://www.planningexcellence.org/uid7/ http://www.planningexcellence.org/uid7/ http://www.vt0lcffi5.sbs/l7g9/ http://www.usebanq.com/8lx9/ http://www.heolty.xyz/fo0a/
|
3.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2996 |
2024-06-14 18:40
|
natcontroler.exe 381e4d25d271d8fd15f8b04b180be401 Malicious Library .NET framework(MSIL) UPX Socket Http API HTTP DNS Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
8.8 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2997 |
2024-06-14 18:39
|
licc.doc af079d569c6115b1f3998c7cce495168 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
2
https://paste.ee/d/pjkOs
http://216.9.224.18/2999/pillowgoodandcleanimg.png
|
3
paste.ee(104.21.84.67) - mailcious 172.67.187.200 - mailcious
216.9.224.18 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2998 |
2024-06-14 18:38
|
Ejpba.exe 1c56623199e1959f271a191d603360bf AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces installed browsers check Ransomware Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
http://103.195.103.33/nf/Qtdxulkcon.wav
|
2
103.195.100.219 103.195.103.33 - malware
|
5
ET MALWARE PE EXE or DLL Windows file download disguised as ASCII ET MALWARE PE EXE or DLL Windows file download Text M2 ET HUNTING [TW] Likely Hex Executable String ET SHELLCODE Common 0a0a0a0a Heap Spray String SURICATA Applayer Protocol detection skipped
|
|
15.8 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2999 |
2024-06-14 18:27
|
help.scr 2d927fdb462570728a981443bf36d19f Emotet Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File PE32 OS Processor Check DLL PE64 ftp Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns suspicious privilege Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows ComputerName Remote Code Execution |
1
|
5
auto.c3pool.org(18.163.115.97) sadan.8b8n.com(166.88.61.212) 18.163.115.97 47.76.164.119 166.88.61.212
|
2
ET MALWARE Lucifer CnC Checkin ET POLICY Cryptocurrency Miner Checkin
|
|
14.8 |
|
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3000 |
2024-06-14 17:49
|
tes.ps1 bfb1332339eda5252ef18e4a877bccba Generic Malware Antivirus unpack itself Windows Cryptographic key |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|