| 32866 |
2022-04-01 17:34
|
 xOvCgoYFAIVjwy6I 5d9072ac79b1bb3bf7eb14ba453b2dd7
UPX Malicious Library OS Processor Check DLL PE32 PE File Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS |
|
17
54.38.143.246 - mailcious
5.189.160.61 - mailcious
202.29.239.162 - mailcious
2.58.16.87 - mailcious
78.47.204.80 - mailcious
188.166.229.148 - mailcious
94.177.178.26 - mailcious
185.148.168.15 - mailcious
87.106.97.83 - mailcious
37.59.209.141 - mailcious
103.82.248.59 - mailcious
103.133.214.242 - mailcious
104.131.62.48 - mailcious
128.199.192.135 - mailcious
59.148.253.194 - mailcious
195.77.239.39 - mailcious
119.59.125.140 - mailcious
|
9
ET CNC Feodo Tracker Reported CnC Server group 24
ET CNC Feodo Tracker Reported CnC Server group 20
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 14
ET CNC Feodo Tracker Reported CnC Server group 11
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 19
|
|
6.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32867 |
2022-04-01 10:17
|
 ikenna.exe 0b117d9e4b5490cc16047ac4e88c39a1
UPX Malicious Library PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself |
2
http://www.taller-del-movil.com/i1a6/?r6=dlCLdhZvqdJzz1ZZjlDF6gZQE6bgsjC1hvQvVhqreZHxHygLB4GsJM6irYY3f0Zna0CJdH07&rByDBJ=Gxotn4QpxRiDed
http://www.masata-blog.com/i1a6/?r6=UX3L2NLPu5y+Xe0FvelOlDmky+j+T8mpa74UiwYi722qjVbFplF0vXpLYfBQHFFniwqDNxth&rByDBJ=Gxotn4QpxRiDed
|
5
www.masata-blog.com(118.27.122.87)
www.taller-del-movil.com(85.208.118.100)
www.blueberrytv.xyz()
85.208.118.100
118.27.122.87
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
5.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32868 |
2022-04-01 10:17
|
 random.exe aa205cebb1ffbbf7b96723fe050920f4
PWS .NET framework AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.2 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32869 |
2022-04-01 10:15
|
 DeliveryFailure-1355544076.xls... 4e0c433fb83e4f67c7a8513c534ab430
Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself suspicious process Exploit DNS crashed |
2
http://194.62.42.128/44651,6679619213.dat - rule_id: 15574
http://188.127.237.46/44651,6679619213.dat - rule_id: 15575
|
3
188.127.237.46 - mailcious
213.109.192.31 - mailcious
194.62.42.128 - mailcious
|
|
2
http://194.62.42.128/
http://188.127.237.46/
|
5.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32870 |
2022-04-01 10:12
|
 4HYGX d913ef1d26e6be4f24fa54acad316d15
UPX Malicious Library OS Processor Check DLL PE32 PE File Dridex TrickBot ENERGETIC BEAR Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS |
|
27
103.70.28.102 - mailcious
5.9.116.246 - mailcious
212.24.98.99 - mailcious
79.143.187.147 - mailcious
206.189.28.199 - mailcious
196.218.30.83 - mailcious
187.84.80.182 - mailcious
51.91.7.5 - mailcious
176.104.106.96 - mailcious
1.234.21.73 - mailcious
203.114.109.124 - mailcious
68.183.94.239 - mailcious
104.131.11.205 - mailcious
72.15.201.15 - mailcious
134.122.66.193 - mailcious
91.207.28.33 - mailcious
158.69.222.101 - mailcious
209.250.246.206 - mailcious
138.197.109.175 - mailcious
192.99.251.50 - mailcious
164.68.99.3 - mailcious
216.158.226.206 - mailcious
188.44.20.25 - mailcious
185.157.82.211 - mailcious
167.99.115.35 - mailcious
153.126.146.25 - mailcious
46.55.222.11 - mailcious
|
8
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 24
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 18
ET CNC Feodo Tracker Reported CnC Server group 14
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
4.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32871 |
2022-04-01 10:11
|
 DeliveryFailure-1024814197.xls... 203d53a5ebf20ae245d32aa992cfde1b
Malicious Library Excel Binary Workbook file format(xlsb) Malware Malicious Traffic Creates executable files unpack itself suspicious process DNS |
2
http://194.62.42.128/44651,6679619213.dat - rule_id: 15574
http://188.127.237.46/44651,6679619213.dat - rule_id: 15575
|
3
213.109.192.31 - mailcious
194.62.42.128 - mailcious
188.127.237.46 - mailcious
|
|
2
http://194.62.42.128/
http://188.127.237.46/
|
4.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32872 |
2022-04-01 10:07
|
 LXZv9wBqLH 095a6022bc409e929e1aa60d411f966f
UPX Malicious Library DLL PE32 PE File Dridex TrickBot ENERGETIC BEAR Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS |
|
17
54.38.143.246 - mailcious
5.189.160.61 - mailcious
202.29.239.162 - mailcious
2.58.16.87 - mailcious
78.47.204.80 - mailcious
188.166.229.148 - mailcious
94.177.178.26 - mailcious
185.148.168.15 - mailcious
87.106.97.83 - mailcious
37.59.209.141 - mailcious
103.82.248.59 - mailcious
103.133.214.242 - mailcious
104.131.62.48 - mailcious
128.199.192.135 - mailcious
59.148.253.194 - mailcious
195.77.239.39 - mailcious
119.59.125.140 - mailcious
|
9
ET CNC Feodo Tracker Reported CnC Server group 24
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 14
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 11
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 19
|
|
5.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32873 |
2022-04-01 10:04
|
 IwvOXl d6bd5d7cb234e255224fb22e071e5732
UPX Malicious Library DLL PE32 PE File Dridex TrickBot ENERGETIC BEAR Malware Report Checks debugger RWX flags setting unpack itself sandbox evasion Kovter ComputerName RCE DNS |
|
17
87.106.97.83 - mailcious
54.38.143.246 - mailcious
5.189.160.61 - mailcious
202.29.239.162 - mailcious
103.133.214.242 - mailcious
78.47.204.80 - mailcious
188.166.229.148 - mailcious
94.177.178.26 - mailcious
185.148.168.15 - mailcious
2.58.16.87 - mailcious
37.59.209.141 - mailcious
103.82.248.59 - mailcious
104.131.62.48 - mailcious
128.199.192.135 - mailcious
59.148.253.194 - mailcious
195.77.239.39 - mailcious
119.59.125.140 - mailcious
|
9
ET CNC Feodo Tracker Reported CnC Server group 24
ET CNC Feodo Tracker Reported CnC Server group 14
ET CNC Feodo Tracker Reported CnC Server group 19
ET CNC Feodo Tracker Reported CnC Server group 20
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 11
ET CNC Feodo Tracker Reported CnC Server group 2
ET INFO TLS Handshake Failure
|
|
5.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32874 |
2022-04-01 09:59
|
 jw4uRpR7XrZnvyTJN2ge 2f277053236a9ce84c78412a34de3a64
MS_XLSX_Macrosheet UPX Malicious Library OS Processor Check DLL PE32 PE File Malware download Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report AutoRuns Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Kovter Windows Exploit ComputerName DNS crashed |
|
29
eles-tech.com(185.46.40.47) - mailcious
103.70.28.102 - mailcious
5.9.116.246 - mailcious
212.24.98.99 - mailcious
79.143.187.147 - mailcious
206.189.28.199 - mailcious
196.218.30.83 - mailcious
187.84.80.182 - mailcious
51.91.7.5 - mailcious
185.46.40.47 - mailcious
176.104.106.96 - mailcious
1.234.21.73 - mailcious
203.114.109.124 - mailcious
68.183.94.239 - mailcious
104.131.11.205 - mailcious
72.15.201.15 - mailcious
134.122.66.193 - mailcious
91.207.28.33
158.69.222.101 - mailcious
209.250.246.206 - mailcious
138.197.109.175 - mailcious
46.55.222.11 - mailcious
164.68.99.3 - mailcious
216.158.226.206 - mailcious
188.44.20.25 - mailcious
185.157.82.211 - mailcious
167.99.115.35 - mailcious
153.126.146.25 - mailcious
192.99.251.50 - mailcious
|
11
ET CNC Feodo Tracker Reported CnC Server group 5
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 18
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2
ET INFO EXE - Served Attached HTTP
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 14
ET CNC Feodo Tracker Reported CnC Server group 24
|
|
10.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32875 |
2022-04-01 09:58
|
 kaks.exe f2b4fdf20acd1e717e3db2605d2b8734
Generic Malware Malicious Packer AntiDebug AntiVM PE32 PE File Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Malicious Traffic Check memory unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW anti-virtualization installed browsers check Mars Stealer Stealer Windows Browser Email ComputerName DNS |
2
http://62.204.41.179/request - rule_id: 15547
http://62.204.41.179/game.php - rule_id: 15546
|
1
|
1
ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
|
2
http://62.204.41.179/request
http://62.204.41.179/game.php
|
10.8 |
M |
40 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32876 |
2022-04-01 09:34
|
 O e148a3deac1b1fffc9b34e9877ed936f
MS_XLSX_Macrosheet UPX Malicious Library OS Processor Check DLL PE32 PE File Malware download Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report AutoRuns Creates executable files ICMP traffic RWX flags setting unpack itself Auto service suspicious process sandbox evasion Kovter Windows ComputerName DNS |
1
http://eles-tech.com/css/KzMysMqFMs/
|
29
eles-tech.com(185.46.40.47) - mailcious
103.70.28.102 - mailcious
5.9.116.246 - mailcious
212.24.98.99 - mailcious
79.143.187.147 - mailcious
206.189.28.199 - mailcious
196.218.30.83 - mailcious
187.84.80.182 - mailcious
51.91.7.5 - mailcious
185.46.40.47 - mailcious
176.104.106.96 - mailcious
1.234.21.73 - mailcious
203.114.109.124 - mailcious
68.183.94.239
104.131.11.205 - mailcious
72.15.201.15 - mailcious
134.122.66.193 - mailcious
91.207.28.33
158.69.222.101 - mailcious
209.250.246.206 - mailcious
138.197.109.175 - mailcious
46.55.222.11 - mailcious
164.68.99.3 - mailcious
216.158.226.206 - mailcious
188.44.20.25 - mailcious
185.157.82.211 - mailcious
167.99.115.35 - mailcious
153.126.146.25 - mailcious
192.99.251.50 - mailcious
|
11
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 18
ET INFO TLS Handshake Failure
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2
ET INFO EXE - Served Attached HTTP
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 14
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 24
|
|
9.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32877 |
2022-04-01 09:28
|
 WCD7JXOaNqO6.sct 9ee87d1b88207939d3560670a939fe79
Antivirus ScreenShot AntiDebug AntiVM Code Injection |
|
|
|
|
1.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32878 |
2022-04-01 09:17
|
 8eIaFcv4BzK ee566bce2f129e661d5382c16435031b
MS_XLSX_Macrosheet UPX Malicious Library OS Processor Check DLL PE32 PE File Malware download Dridex TrickBot ENERGETIC BEAR Malware Report AutoRuns Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Auto service suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Kovter Windows Exploit ComputerName DNS crashed |
1
http://eles-tech.com/css/KzMysMqFMs/
|
29
eles-tech.com(185.46.40.47) - mailcious
103.70.28.102 - mailcious
5.9.116.246 - mailcious
212.24.98.99 - mailcious
79.143.187.147 - mailcious
206.189.28.199 - mailcious
196.218.30.83 - mailcious
187.84.80.182 - mailcious
51.91.7.5 - mailcious
185.46.40.47 - mailcious
176.104.106.96 - mailcious
1.234.21.73 - mailcious
203.114.109.124 - mailcious
68.183.94.239
104.131.11.205 - mailcious
72.15.201.15 - mailcious
134.122.66.193 - mailcious
91.207.28.33
158.69.222.101 - mailcious
209.250.246.206 - mailcious
138.197.109.175 - mailcious
46.55.222.11 - mailcious
164.68.99.3 - mailcious
216.158.226.206 - mailcious
188.44.20.25 - mailcious
185.157.82.211 - mailcious
167.99.115.35 - mailcious
153.126.146.25 - mailcious
192.99.251.50 - mailcious
|
11
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 14
ET INFO TLS Handshake Failure
ET CNC Feodo Tracker Reported CnC Server group 18
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 24
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2
ET INFO EXE - Served Attached HTTP
ET CNC Feodo Tracker Reported CnC Server group 4
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32879 |
2022-04-01 07:49
|
 VeBot_Cracked.exe 764a4529f34a0f66b39fc95335ad5e8c
Gen1 UPX Malicious Library Malicious Packer AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Vidar VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process WriteConsoleW anti-virtualization installed browsers check Mars Stealer Stealer Windows Browser Email ComputerName DNS |
2
http://62.204.41.179/request - rule_id: 15547
http://62.204.41.179/game.php - rule_id: 15546
|
1
|
1
ET MALWARE Win32/Vidar Variant/Mars Stealer CnC Exfil
|
2
http://62.204.41.179/request
http://62.204.41.179/game.php
|
15.8 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32880 |
2022-03-31 23:56
|
 vbc.exe 02074cf4dd384bc2a4bb2e40d057b36e
Loki UPX Malicious Library PE32 PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://62.197.136.186/oluwa/five/fre.php - rule_id: 14521
|
1
62.197.136.186 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://62.197.136.186/oluwa/five/fre.php
|
10.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|