| 3466 |
2024-06-05 03:19
|
 FPTool.exe f421bbe1658cfb4615537c78e5311534
PhysicalDrive Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory unpack itself Remote Code Execution |
|
|
|
|
2.2 |
|
5 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3467 |
2024-06-04 23:46
|
 svchost.exe 8ec922c7a58a8701ab481b7be9644536
Gen1 Generic Malware Malicious Packer UPX PE64 PE File PDB Remote Code Execution |
|
|
|
|
0.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3468 |
2024-06-04 17:23
|
 Resume+LetterofSI-2023.10.7-Fo... cfb5465e301f3850d70480660f188e17
MSOffice File unpack itself |
|
|
|
|
1.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3469 |
2024-06-04 13:26
|
 new_image.jpg.exe 34401908a80bd0bedd2a44cd93beb367
Malicious Library Malicious Packer Antivirus UPX PE File DLL PE32 OS Processor Check .NET DLL VirusTotal Malware PDB |
|
|
|
|
1.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3470 |
2024-06-04 13:25
|
 new_image.jpg.exe 34401908a80bd0bedd2a44cd93beb367
Malicious Library Malicious Packer Antivirus UPX PE File DLL PE32 OS Processor Check .NET DLL VirusTotal Malware PDB |
|
|
|
|
1.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3471 |
2024-06-04 11:06
|
 BjDYewiY.vbs 7b5b8d04475bc1ebbb77601f57e3e625
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634
https://paste.ee/d/mtmOb/0
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
61.111.58.34 - malware
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3472 |
2024-06-04 10:19
|
 temp1.zip 25d2fe0a75b2e677c1ce76e732c5b59c
ZIP Format VirusTotal Malware IP Check Tofsee DNS |
|
4
ipinfo.io(34.117.186.192)
grupotecnosege.likescandy.com(92.205.226.128)
92.205.226.128
34.117.186.192
|
6
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO DYNAMIC_DNS Query to a *.likescandy .com Domain
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io)
SURICATA Applayer Wrong direction first Data
|
|
2.0 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3473 |
2024-06-04 10:14
|
StatRKZU.msi b896c2b2ae51f7100a342c73f5062896
ScreenShot AntiDebug AntiVM MSOffice File CAB Lnk Format GIF Format Malware download NetWireRC VirusTotal Email Client Info Stealer Malware Campaign suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Konni Browser RAT Email ComputerName |
3
http://victory-2024.mywebcommunity.org/dn.php?name=TEST22-PC&prefix=tt
http://victory-2024.mywebcommunity.org/up.php?name=TEST22-PC
http://victory-2024.mywebcommunity.org/dn.php?name=TEST22-PC&prefix=cc%20(0)
|
2
victory-2024.mywebcommunity.org(185.176.43.110)
185.176.43.110 - mailcious
|
3
ET MALWARE Konni RAT Querying CnC for Commands
ET MALWARE TA406 Win32/Updog CnC Checkin
ET MALWARE MalDoc/Konni APT CnC Activity (GET) M1
|
|
6.8 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3474 |
2024-06-04 09:57
|
StatRKZU.msi b896c2b2ae51f7100a342c73f5062896
MSOffice File CAB VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check ComputerName |
|
|
|
|
3.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3475 |
2024-06-04 09:33
|
 avg_secure_browser_setup.exe 60feb08011db31607cee2a5bc1f2206f
HermeticWiper NSIS Generic Malware PhysicalDrive Malicious Library UPX Malicious Packer PE File PE32 DLL DllRegisterServer dll OS Processor Check PE64 MSOffice File CAB Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications Auto service Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware Fortinet Windows Browser ComputerName Firmware DNS |
5
http://update.avgbrowser.com/service/update2
http://apps.identrust.com/roots/dstrootcax3.p7c
http://update.avgbrowser.com/service/update2?cup2key=9:283269675&cup2hreq=aa761c4c78c12df5c3450c172e959808e6ee2cca746d691e17a93b16d42cf812
http://browser-update.avg.com/browser-avg/win/x64/109.0.24111.121/AVGBrowserInstaller.exe
https://stats.securebrowser.com/?_=1717476269278&retry_tracking_count=0&last_request_error_code=0&last_request_error_message=&last_request_status=0&last_request_system_error=0&request_proxy=0
|
8
update.avgbrowser.com(104.22.63.125)
stats.securebrowser.com(104.20.86.8)
browser-update.avg.com(104.100.168.72)
104.22.62.125
104.20.87.8
114.108.166.82
103.186.117.142
23.52.128.157
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
21.0 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3476 |
2024-06-04 09:27
|
X.vbs d5313cc18e38615e3a8eb94ea331cf1d
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://pastebin.com/raw/BjDYewiY
https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634
|
5
pastebin.com(104.20.3.235) - mailcious
uploaddeimagens.com.br(104.21.45.138) - malware
104.20.3.235 - malware
114.108.166.96
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3477 |
2024-06-04 09:25
|
 ocean.scr fe4ebc62a5498c4d43699abe554febb0
Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) UPX ScreenShot Create Service Socket Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebug An Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
oceansss.duckdns.org(103.186.117.142)
178.237.33.50
103.186.117.142
|
4
ET MALWARE Remcos 3.x Unencrypted Checkin
ET MALWARE Remcos 3.x Unencrypted Server Response
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
14.0 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3478 |
2024-06-04 09:25
|
lionsareinternationallykingoft... 99e65c433745f1db70b929bf97d855c7
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
3
http://103.182.19.148/700911/lionandtigetpictureinhighqualities.bmp
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/mCWhT
|
6
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware
103.182.19.148 - malware
172.67.187.200 - mailcious
61.111.58.35 - malware
172.67.215.45 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
|
|
4.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3479 |
2024-06-04 09:13
|
 ATHM.txt.exe 4cadcfbc01966e7247d9baa9c39ad5bf
Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS keylogger |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50)
107.172.31.6 - mailcious
178.237.33.50
|
2
ET MALWARE Remcos 3.x Unencrypted Checkin
ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
11.8 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3480 |
2024-06-04 07:37
|
 igcc.exe cfaef1fbcfc3a09ccc8baf621b681025
AgentTesla Malicious Library .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed |
1
|
4
api.ipify.org(172.67.74.152)
172.67.75.166
204.137.14.135 - mailcious
172.67.74.152
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|