| 35341 |
2022-01-19 11:35
|
 DriversFix_Setup.exe e345d89e01136e84982a83abc00fb362
Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 .NET DLL DLL .NET EXE OS Processor Check PE64 GIF Format VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check human activity check Windows ComputerName |
|
|
|
|
6.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35342 |
2022-01-19 11:34
|
 vbc.exe b47dcb6d32689a4d5e552a7918a9c732
Malicious Library UPX PE File PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
3.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35343 |
2022-01-19 09:54
|
ve.html 5c2e8fbd656903baac1dbcf81ac19e78
Generic Malware Malicious Packer Malicious Library UPX Antivirus AntiDebug AntiVM PE File OS Processor Check PE32 DLL MSOffice File VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Windows Exploit ComputerName DNS Cryptographic key crashed |
4
http://apps.identrust.com/roots/dstrootcax3.p7c
http://ippur.ufrj.br/assets/W8jp7/
http://185.7.214.7/ve/ve.png
http://sarvaero.com/assets/BRrGH0HSkc/
|
32
scoute.ai(54.254.177.153)
soomaal.softuvo.xyz(112.196.72.188)
apps.identrust.com(119.207.65.153)
sarvaero.com(95.111.224.35)
ippur.ufrj.br(146.164.84.216)
wordpress.pixeleyenow.com(210.3.48.214)
51.38.71.0 - mailcious
210.3.48.214
58.227.42.236 - mailcious
54.254.177.153
23.32.56.121
79.172.212.216 - mailcious
203.114.109.124 - mailcious
45.176.232.124 - mailcious
207.38.84.195 - mailcious
51.68.175.8 - mailcious
178.79.147.66 - mailcious
192.254.71.210 - mailcious
103.8.26.102 - mailcious
217.182.143.207 - mailcious
45.142.114.231 - mailcious
185.7.214.7 - mailcious
209.59.138.75 - mailcious
112.196.72.188 - mailcious
131.100.24.231 - mailcious
103.8.26.103 - mailcious
212.237.17.99 - mailcious
178.63.25.185 - mailcious
95.111.224.35
146.164.84.216
46.55.222.11 - mailcious
104.168.155.129 - mailcious
|
|
|
16.4 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35344 |
2022-01-19 09:48
|
 ffffffffffffff.ps1 0e1653316ca12c3edbac35d9af6350a6
Generic Malware Antivirus PE File PE32 .NET DLL DLL VirusTotal Malware powershell Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder WriteConsoleW Windows ComputerName Cryptographic key |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://transfer.sh/get/UU2Iap/dddddsdsdssds.exe
|
4
apps.identrust.com(119.207.65.153)
transfer.sh(144.76.136.153) - malware
182.162.106.32
144.76.136.153 - mailcious
|
|
|
6.0 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35345 |
2022-01-19 09:48
|
 includes 82fd3b42362faaec6999856ed403c792
UPX PE64 PE File OS Processor Check DLL VirusTotal Malware |
|
|
|
|
0.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35346 |
2022-01-19 09:46
|
 pu1.exe 9d1e45a6cab91e540202b11ffe67136c
NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Emotet VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
4.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35347 |
2022-01-19 09:46
|
 nnabu.exe f2bb24f210d3e4a27842ec12e545f3fd
PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed |
|
|
|
|
10.4 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35348 |
2022-01-19 09:34
|
 12999000002490152554.xls 0c890caa5574298838e2463f2a9eec1f
Generic Malware Antivirus Malicious Packer Malicious Library UPX MSOffice File PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Interception Windows ComputerName DNS Cryptographic key |
5
http://apps.identrust.com/roots/dstrootcax3.p7c
http://ippur.ufrj.br/assets/W8jp7/
http://185.7.214.7/ve/ve.png
http://sarvaero.com/assets/BRrGH0HSkc/
http://185.7.214.7/ve/ve.html
|
38
scoute.ai(54.254.177.153)
soomaal.softuvo.xyz(112.196.72.188)
apps.identrust.com(119.207.65.81)
ippur.ufrj.br(146.164.84.216)
sarvaero.com(95.111.224.35)
wordpress.pixeleyenow.com(210.3.48.214)
51.38.71.0 - mailcious
81.0.236.90 - mailcious
210.3.48.214
45.118.115.99 - mailcious
58.227.42.236 - mailcious
54.254.177.153
104.251.214.46 - mailcious
103.75.201.2 - mailcious
79.172.212.216 - mailcious
203.114.109.124 - mailcious
45.118.135.203 - mailcious
45.176.232.124 - mailcious
182.162.106.32
207.38.84.195 - mailcious
158.69.222.101 - mailcious
51.68.175.8 - mailcious
178.79.147.66 - mailcious
192.254.71.210 - mailcious
103.8.26.102 - mailcious
217.182.143.207 - mailcious
45.142.114.231 - mailcious
185.7.214.7 - mailcious
209.59.138.75 - mailcious
112.196.72.188 - mailcious
131.100.24.231 - mailcious
103.8.26.103 - mailcious
212.237.17.99 - mailcious
178.63.25.185 - mailcious
95.111.224.35
146.164.84.216
46.55.222.11 - mailcious
104.168.155.129 - mailcious
|
|
|
16.6 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35349 |
2022-01-19 09:33
|
 YOCJA-19842.xlsm e7fa5369947b139f8f5d636791b236b8
Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File OS Processor Check PE32 DLL Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key |
3
http://92.255.57.195/ru/ru.html
http://92.255.57.195/ru/ru.png
http://chicagocloudgroup.com/wp-content/updraft/GBLpmsxC3TJzRT4iX4H/
|
16
chicagocloudgroup.com(40.114.126.95) - mailcious
54.38.242.185 - mailcious
191.252.103.16 - mailcious
51.210.242.234 - mailcious
66.42.57.149 - mailcious
185.148.168.220 - mailcious
62.171.178.147 - mailcious
69.16.218.101 - mailcious
92.255.57.195
104.131.62.48 - mailcious
168.197.250.14 - mailcious
217.182.143.207 - mailcious
40.114.126.95 - mailcious
37.44.244.177 - mailcious
142.4.219.173 - mailcious
45.138.98.34 - mailcious
|
|
|
17.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35350 |
2022-01-18 18:29
|
 yyyy.exe 5e22f82de536045419032c6f7d8a366b
NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
15
http://www.gledajtv.online/poub/?rByHBJ=WEu+XYmJdXsU67i5ZGxOwwB/1NXHC1DD+cNc/JDDZ0csswUJJOZyZkoGD6irkjdi3oWJ74+3&APcP6V=djI0xT_8YPYT
http://www.esloke-1.com/poub/?rByHBJ=C56FyHPkW62/0F94HG1xvbLHdWOZmaAdw/Va4kveEmSHD4uHNji7RY8ztGRe9z3d/TyzRwBG&APcP6V=djI0xT_8YPYT
http://www.megdb.xyz/poub/?rByHBJ=qUnoWP75LdCxbsudB8xVV6pjJ/isHCIfJNn75BS+oosKGKXqkR5NHwaIE7MtflkSovNZYr2s&APcP6V=djI0xT_8YPYT
http://www.jlg-consulting.net/poub/?rByHBJ=pCHbPKcPdibm0qNbkPOqkdMCV9UKlDcT13WZWMwD7GTxia6yaw2nW/QzYgADwVGwPhsvvSL1&APcP6V=djI0xT_8YPYT
http://www.lyetras.com/poub/?rByHBJ=zGJxWy7A1INXY2yWu17ezjgOqrZ8DTjvkiutFIYB3/E7WE0MNuZUc+x9yzAXnek7o8Rz+XMN&APcP6V=djI0xT_8YPYT
http://www.solvid.biz/poub/?rByHBJ=N5O/+JOYoK2vkWWsljNEHeLi4Nls66s7n60NsdO5kJfD2nsArU0/TYDMMJO+1WqJp7uqX5f2&APcP6V=djI0xT_8YPYT
http://www.cartwheeldesigns.com/poub/?rByHBJ=fPctErIJp7TB80QenfL/MHELk77poc5Eaz6BrUWt1XWyDa8VkP7jHlNrnsVAYWyrzxD0ieOA&APcP6V=djI0xT_8YPYT
http://www.prime-spot.store/poub/?rByHBJ=fDncAxjf/WuEuiHgVD8YfbX+qBirojTCYa8YdCI1aGTY8+Zqyou6dT8UIkYOFk21zV88oMg2&APcP6V=djI0xT_8YPYT
http://www.totalpopsociety.com/poub/?rByHBJ=lfRl+MBHLig0GassKphsvC9EBLx30WwkT1HxuuEwT2mvSBH7k9Jd+53pr+UGZZOb2fuWyXyw&oZN=6lbLphf0F
http://www.instantbookings.space/poub/?rByHBJ=1TKK4lnaxrFwB9BO5Lu5NogG8efLC6Q55tH5vrHd+rI6mWsMSM1oOCFigPJFiUUwrFoDNrB8&APcP6V=djI0xT_8YPYT
http://www.yourboxpr.com/poub/?rByHBJ=8maW02J8GKvnK80n/YdtOyqnxZkNn84HwAYMKCftrcBvF/d/WOoP77ntURxSIu9h1g3Gw8VN&APcP6V=djI0xT_8YPYT
http://www.pgonline222.online/poub/?rByHBJ=Nk+aN1bRMKhnFo9Hc3+W1QaD58hk5qJIxzMy7wOwfrya9eMMA/EvLfKDNpUUN/aTDFx4dRfE&APcP6V=djI0xT_8YPYT
http://www.idoocam.com/poub/?rByHBJ=EoV27gdOwKRSK80YiabSuXcQMKtbyYutxXW9NBlYNq+nnwcf7p7ZglncbEcUHiKh97H757q/&APcP6V=djI0xT_8YPYT
http://www.workwithmarym.com/poub/?rByHBJ=d9eOwmdY8Pd76spQA0HvRFA+fuRX1c9i8s4p4xUsR/LACNISNw0oV7gFgw2ZvCf1Yu530Fvi&APcP6V=djI0xT_8YPYT
http://www.tcmylg.com/poub/?rByHBJ=6KNzk94yN9ZIqoA5V/Xhfqhc+NUd4+ruUbl6TqcEZ6qDB6mVbKP2eZ0Gcs8a4HAZTy8fubmN&APcP6V=djI0xT_8YPYT
|
30
www.totalpopsociety.com(23.227.38.74)
www.jlg-consulting.net(172.217.175.83)
www.yourboxpr.com(23.227.38.74)
www.cartwheeldesigns.com(74.220.219.13)
www.instantbookings.space(34.102.136.180)
www.workwithmarym.com(52.71.133.130)
www.esloke-1.com(217.160.0.88)
www.solvid.biz(172.217.175.83)
www.prime-spot.store(23.227.38.74)
www.xn--vuqp5fg3jm71ahpf.net()
www.tcmylg.com(172.67.176.254)
www.lyetras.com(209.142.79.20)
www.swangchitmongolsombat.com()
www.pgonline222.online(13.251.172.64)
www.gledajtv.online(142.250.196.147)
www.megdb.xyz(104.21.19.233)
www.idoocam.com(154.81.159.67)
104.21.19.233
172.67.176.254
172.217.24.115
209.142.79.20
142.250.207.83
52.71.133.130 - mailcious
74.220.219.13
34.102.136.180 - mailcious
154.81.159.67
142.250.204.51
217.160.0.88
23.227.38.74 - mailcious
13.251.172.64 - mailcious
|
|
|
6.4 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35351 |
2022-01-18 16:47
|
 invoice.exe 9fca8332a98b2475b8c5243f70ce5058
Darkside Ransomware Cobalt Strike Malicious Library UPX PE File PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
2.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35352 |
2022-01-18 16:46
|
 8879_1642270780_4802.exe 236b3dc043d26a121949e4d5cfb13d1d
RedLine stealer[m] Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName Cryptographic key Software crashed |
2
https://cdn.discordapp.com/attachments/917178535238586432/932283488453939250/fdsddd.vmp.exe
https://api.ip.sb/ip
|
6
cdn.discordapp.com(162.159.135.233) - malware
yabynennet.xyz(185.82.202.246) - mailcious
api.ip.sb(172.67.75.172)
104.26.12.31
162.159.133.233 - malware
185.82.202.246
|
|
|
12.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35353 |
2022-01-18 16:45
|
 645_1642427720_7114.exe 80ea5601dfddd352cad47e20c2e77f86
Malicious Library UPX PE File PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
2.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35354 |
2022-01-18 16:43
|
Updated_Payments_Statements.li... 8bdf50e9270b6f6e3c461be75999305d
Darkside Ransomware Cobalt Strike Generic Malware Antivirus Malicious Library UPX AntiDebug AntiVM GIF Format PE File PE32 OS Processor Check VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Interception Windows ComputerName DNS Cryptographic key |
|
1
|
|
|
13.6 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35355 |
2022-01-18 16:43
|
 payment.exe fae3f90c433730f1920f947057a90bde
Malicious Library UPX PE File OS Processor Check PE32 PDB unpack itself |
|
|
|
|
1.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|