| 35446 |
2022-01-20 09:40
|
 5510542784046312.exe f49ec9a85b03f6f03d3e05329ba80f91
RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://ozzyingilizce.com/wp-content/sgu/5510542784046312.png
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
6
freegeoip.app(162.159.137.85)
ozzyingilizce.com(159.253.41.162) - malware
checkip.dyndns.org(193.122.130.0)
132.226.8.169
159.253.41.162 - malware
162.159.137.85
|
|
|
15.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35447 |
2022-01-20 09:40
|
 bryantzx.exe 98dbb3a09173419e5b0ea454d47f5bd2
PWS Loki[b] Loki.m .NET framework Generic Malware DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
http://178.128.244.245/search.php?key=804bbca69db34fdedd7e35b325f9dcac
|
2
178.128.244.245
162.159.137.85
|
|
|
13.8 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35448 |
2022-01-20 09:39
|
 Confirm Invoice Payment.pdf.ex... a61ffe0d35b03412243beb998d032775
RAT PWS .NET framework Generic Malware TEST PE File PE32 .NET EXE VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces |
1
https://cdn.discordapp.com/attachments/929051695600775252/932924349235757076/AsyncClient_.exe
|
2
cdn.discordapp.com(162.159.135.233) - malware
162.159.129.233 - malware
|
|
|
3.6 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35449 |
2022-01-20 09:39
|
 JCM.exe 860b0a92b07e6a2ef28c93195537f86d
RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(162.159.138.85)
checkip.dyndns.org(193.122.6.168)
162.159.137.85
158.101.44.242
|
|
|
13.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35450 |
2022-01-20 09:38
|
 0377654_642.xlsm f8e68c7017b69142a2ac0aab8cbe8582
Generic Malware Antivirus Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key |
3
http://seven-lines.com/wp-includes/QEGNF4XUSR2Ps/
http://92.255.57.195/sec/se1.html
http://92.255.57.195/sec/se1.png
|
15
seven-lines.com(178.208.83.22)
178.208.83.22
54.38.242.185 - mailcious
185.148.168.220 - mailcious
51.210.242.234 - mailcious
191.252.103.16 - mailcious
62.171.178.147 - mailcious
69.16.218.101 - mailcious
92.255.57.195 - mailcious
104.131.62.48 - mailcious
168.197.250.14 - mailcious
217.182.143.207 - mailcious
37.44.244.177 - mailcious
142.4.219.173 - mailcious
45.138.98.34 - mailcious
|
|
|
16.8 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35451 |
2022-01-20 09:31
|
 905347967268907.xls 5be91dbfe71e171c5e33cf97f6e9d018
Generic Malware Antivirus Malicious Packer Malicious Library UPX MSOffice File PE File OS Processor Check PE32 DLL Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key |
8
http://fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/ - rule_id: 11350
http://fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/
http://peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/ - rule_id: 11349
http://peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/
http://185.7.214.7/fer/fer.html - rule_id: 11347
http://185.7.214.7/fer/fer.html
http://185.7.214.7/fer/fer.png - rule_id: 11348
http://185.7.214.7/fer/fer.png
|
30
peterpolz.to-create.eu(185.46.123.38)
fr7.anbo5288.cc(128.199.157.63)
51.38.71.0 - mailcious
81.0.236.90 - mailcious
45.118.115.99 - mailcious
58.227.42.236 - mailcious
104.251.214.46 - mailcious
103.75.201.2 - mailcious
79.172.212.216 - mailcious
203.114.109.124 - mailcious
178.63.25.185 - mailcious
185.46.123.38
45.176.232.124 - mailcious
207.38.84.195 - mailcious
158.69.222.101 - mailcious
51.68.175.8 - mailcious
178.79.147.66 - mailcious
103.8.26.103 - mailcious
103.8.26.102 - mailcious
217.182.143.207 - mailcious
45.142.114.231 - mailcious
128.199.157.63
185.7.214.7 - mailcious
209.59.138.75 - mailcious
131.100.24.231 - mailcious
192.254.71.210 - mailcious
212.237.17.99 - mailcious
45.118.135.203 - mailcious
46.55.222.11 - mailcious
104.168.155.129 - mailcious
|
|
4
http://fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/
http://peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/
http://185.7.214.7/fer/fer.html
http://185.7.214.7/fer/fer.png
|
17.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35452 |
2022-01-20 09:30
|
 RMT18122.vbs 790d4e4139b05312a0c85ced4466ec02
AgentTesla Gen2 browser info stealer Generic Malware Google Chrome User Data Antivirus Malicious Packer Malicious Library Create Service Socket DNS Code injection Sniff Audio KeyLogger Escalate priviledges Downloader AntiDebug AntiVM PE File PE32 DLL VirusTotal Malware VBScript powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI heapspray wscript.exe payload download Creates shortcut Creates executable files ICMP traffic unpack itself Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger Dropper |
1
http://192.210.214.174/Images/CreditMemo.jpg
|
5
google.com(142.250.196.142)
saptransmissions.dvrlists.com(103.231.91.59) - mailcious
192.210.214.174 - malware
172.217.24.238
103.231.91.59
|
|
|
10.0 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35453 |
2022-01-20 09:19
|
 8775220308147463.xls 76c11124bf3b762351093c424880a516
Generic Malware Antivirus Malicious Packer Malicious Library UPX MSOffice File PE File OS Processor Check PE32 DLL Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process suspicious TLD sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key |
4
http://fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/
http://peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/
http://185.7.214.7/fer/fer.html
http://185.7.214.7/fer/fer.png
|
30
peterpolz.to-create.eu(185.46.123.38)
fr7.anbo5288.cc(128.199.157.63)
51.38.71.0 - mailcious
81.0.236.90 - mailcious
45.118.115.99 - mailcious
58.227.42.236 - mailcious
104.251.214.46 - mailcious
103.75.201.2 - mailcious
79.172.212.216 - mailcious
203.114.109.124 - mailcious
178.63.25.185 - mailcious
185.46.123.38
45.176.232.124 - mailcious
207.38.84.195 - mailcious
158.69.222.101 - mailcious
51.68.175.8 - mailcious
178.79.147.66 - mailcious
103.8.26.103 - mailcious
103.8.26.102 - mailcious
217.182.143.207 - mailcious
45.142.114.231 - mailcious
128.199.157.63
185.7.214.7 - mailcious
209.59.138.75 - mailcious
131.100.24.231 - mailcious
192.254.71.210 - mailcious
212.237.17.99 - mailcious
45.118.135.203 - mailcious
46.55.222.11 - mailcious
104.168.155.129 - mailcious
|
|
|
17.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35454 |
2022-01-20 09:18
|
 MFUM-455871.xlsm 25fde11ef3cfb28d66468b42923961cb
Generic Malware Antivirus Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Interception Windows ComputerName DNS Cryptographic key keylogger |
2
http://92.255.57.195/sec/sec.html - rule_id: 11343
http://92.255.57.195/sec/sec.png - rule_id: 11344
|
15
kastamonulezzetrehberi.com(185.98.60.242) - malware
185.98.60.242 - malware
54.38.242.185 - mailcious
185.148.168.220 - mailcious
51.210.242.234 - mailcious
191.252.103.16 - mailcious
62.171.178.147 - mailcious
69.16.218.101 - mailcious
92.255.57.195 - mailcious
104.131.62.48 - mailcious
168.197.250.14 - mailcious
217.182.143.207 - mailcious
37.44.244.177 - mailcious
142.4.219.173 - mailcious
45.138.98.34 - mailcious
|
|
2
http://92.255.57.195/sec/sec.html
http://92.255.57.195/sec/sec.png
|
17.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35455 |
2022-01-20 09:18
|
 905347967268907.xls 5be91dbfe71e171c5e33cf97f6e9d018
KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection unpack itself |
|
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35456 |
2022-01-20 08:09
|
http://192.210.214.174/PmtAdv/... 790d4e4139b05312a0c85ced4466ec02
Create Service DGA Socket DNS Internet API Hijack Network Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot P2P persistence Steal credential Http API AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection Malicious Traffic Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Windows Exploit DNS crashed |
1
http://192.210.214.174/favicon.ico
|
1
192.210.214.174 - malware
|
|
|
6.0 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35457 |
2022-01-20 07:54
|
 AxVZTvof0xPasb9nP 81e77ccebc0c638812cd75368710b856
Malicious Packer Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware Checks debugger ICMP traffic RWX flags setting unpack itself sandbox evasion ComputerName DNS |
|
13
54.38.242.185 - mailcious
191.252.103.16 - mailcious
51.210.242.234 - mailcious
66.42.57.149 - mailcious
185.148.168.220 - mailcious
62.171.178.147 - mailcious
69.16.218.101 - mailcious
104.131.62.48 - mailcious
168.197.250.14 - mailcious
217.182.143.207 - mailcious
37.44.244.177 - mailcious
142.4.219.173 - mailcious
45.138.98.34 - mailcious
|
|
|
6.6 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35458 |
2022-01-19 18:20
|
 pngebanoe.hta.html 72f2b5e794eb3c55b38720bbaadb3385VirusTotal Malware unpack itself crashed |
|
|
|
|
1.0 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35459 |
2022-01-19 18:04
|
 pngebanoe.hta 72f2b5e794eb3c55b38720bbaadb3385unpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35460 |
2022-01-19 18:01
|
 054051873-734596.xlsm 88c58c8bcec46e2ea81ba586254e8098
Generic Malware Malicious Packer Malicious Library UPX Antivirus PE File OS Processor Check PE32 DLL VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Auto service powershell.exe wrote Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW Interception Windows ComputerName DNS Cryptographic key |
2
http://92.255.57.195/sec/sec.png - rule_id: 11344
http://92.255.57.195/sec/sec.html - rule_id: 11343
|
16
kastamonulezzetrehberi.com(185.98.60.242) - malware
185.98.60.242 - malware
54.38.242.185 - mailcious
185.148.168.220 - mailcious
51.210.242.234 - mailcious
66.42.57.149 - mailcious
191.252.103.16 - mailcious
62.171.178.147 - mailcious
69.16.218.101 - mailcious
92.255.57.195 - mailcious
104.131.62.48 - mailcious
168.197.250.14 - mailcious
217.182.143.207 - mailcious
37.44.244.177 - mailcious
142.4.219.173 - mailcious
45.138.98.34 - mailcious
|
|
2
http://92.255.57.195/sec/sec.png
http://92.255.57.195/sec/sec.html
|
17.4 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|