| 35506 |
2022-01-19 13:32
|
 okcff.exe e9416a322e9a796d45588bc4fb04cd45
RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
1
http://mitmar-pl.com/Crkrqdrd.jpeg
|
2
mitmar-pl.com(37.0.9.166) - malware
37.0.9.166 - malware
|
|
|
11.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35507 |
2022-01-19 13:30
|
 baam.exe de5a2e0a10ba01489d204e98f757fb9c
PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed |
|
|
|
|
9.2 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35508 |
2022-01-19 13:28
|
 includes f1ee4d45ec92b5cdbd820781f9a65894
UPX PE64 PE File OS Processor Check DLL VirusTotal Malware Check memory crashed |
|
|
|
|
1.0 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35509 |
2022-01-19 13:27
|
 BZCBNZCNBZCMNZCMBCGDS.exe 2e83d1cc862e6efa4deeccc2f680e028
Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.4 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35510 |
2022-01-19 11:59
|
 vbc.exe f34a9eb165527229a5d67e1029c58f7c
Malicious Library UPX PE File PE32 Emotet VirusTotal Malware AutoRuns Code Injection buffers extracted RWX flags setting unpack itself Windows RCE crashed |
3
https://onedrive.live.com/download?cid=C3C0A692803ED1E8&resid=C3C0A692803ED1E8%21113&authkey=ACNyZjz_6nCvWIc
https://lqwasg.db.files.1drv.com/y4mbFZKqKUXZac_y5MMGCmXxvoEUNyA80hTgetIIL36n0o8qPYootoA0I4GL0jO8wdZbqZMd9FueGqsLnvT9XPGwWR1xYAFog6aQDLqA0i5CmZUTk2BHWntmxs9xgEfUOyy7o8nUm9sUIT53v2Y6l1eRnZbB76qzYg-XlsCfzbK9PNSqiMKw4MTw2Z8rEA3qDnp6qWkMqJzGU68_OlaEHsqYg/Dmblflpwarudeidonnxzorruffgmdha?download&psid=1
https://lqwasg.db.files.1drv.com/y4mmRtGrFTPbJBZtNKzFm2HmHZ1DOScun8a5LwxWbVFD9RgceHy0jssZqw2TjVufxm1JwQzAGdsHR1NURWe9V_XzFFVa4LrBWnDVw_ID_pvY-pTVbeQJ3hJscLS1W5wE1E8JfENO6rVGYMEmOf5BQgkNkwKEQryB-OypwkFjVWBQBDFvVZpcrzHh5eO4hMs6cZc4rTVcFizdqBPPAYEACC0Ug/Dmblflpwarudeidonnxzorruffgmdha?download&psid=1
|
4
onedrive.live.com(13.107.42.13) - mailcious
lqwasg.db.files.1drv.com(13.107.42.12)
13.107.42.13 - mailcious
13.107.42.12 - malware
|
|
|
6.8 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35511 |
2022-01-19 11:56
|
 7823754719107729.exe 26c5dc4002976b3b9ae49f2440929df4
RAT Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
2
http://www.111439d.com/oh75/?t8o=B/bERt/wHlpGPiClXgpfUqPFQza98qmzfCoqaQ0lPZ79RyiuCHtVYbWjzhGosQ6oTRTw5T6w&UlX=XvLHM
http://ozzyingilizce.com/wp-content/sgu/Qwjzfxxa.jpeg
|
4
www.111439d.com(34.102.136.180)
ozzyingilizce.com(159.253.41.162) - malware
159.253.41.162 - malware
34.102.136.180 - mailcious
|
|
|
12.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35512 |
2022-01-19 11:54
|
 026130784100001.exe 1101631dfb8d6ac799613b5dad62a7e8
RAT Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
5.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35513 |
2022-01-19 11:52
|
 vbc.exe 9cf8b984f75d8b33d788f7e1a3157a49
Formbook PE File PE32 VirusTotal Malware suspicious privilege Malicious Traffic unpack itself suspicious TLD |
1
http://www.shoprealestateceo.com/a1m3/?RP=pNu/rf3Zwvf09KkcV6gVIorvdI6NTC7FsdvxL5EEOzcNNbV7ZWeza5fHsfNBmnhWd96mmPm1&rVOp32=S0D0v6m
|
5
www.shoprealestateceo.com(34.102.136.180)
www.mme.top()
www.horns365.com()
www.azino777-bonus1000-rub3.site()
34.102.136.180 - mailcious
|
|
|
3.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35514 |
2022-01-19 11:49
|
 vbc.exe 8c88a72783f38705fe08730dfe01b40c
NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software |
1
http://mainlandtoisland.ga/BN1/fre.php
|
1
mainlandtoisland.ga() - mailcious
|
|
|
8.8 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35515 |
2022-01-19 11:49
|
 rae.exe 088eb3f50215d88895e7f2215607e5d0
Gen1 Generic Malware Malicious Library UPX TEST Anti_VM PE64 PE File OS Processor Check DLL VirusTotal Malware Check memory Creates executable files crashed |
|
|
|
|
1.8 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35516 |
2022-01-19 11:49
|
 1.exe 7fa457acce5d5487edb709a286052b79
Gen1 Gen2 UPX Malicious Library Malicious Packer TEST ASPack PE File PE32 DLL OS Processor Check VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Malicious Traffic Check memory buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS crashed |
4
http://185.163.204.212//l/f/iG04cH4BZ2GIX1a3Foik/3f73650a26f7f66bc40c1ae9d176ca9cbf7fee6b - rule_id: 11209
http://185.163.204.22/sandysysmanch1
http://185.163.204.212/ - rule_id: 11209
http://185.163.204.212//l/f/iG04cH4BZ2GIX1a3Foik/73eee44e44919848c055e1526d06276c45f92e2e - rule_id: 11209
|
4
193.122.6.168
185.163.204.212 - mailcious
185.163.204.22 - mailcious
162.159.137.85
|
|
3
http://185.163.204.212/
http://185.163.204.212/
http://185.163.204.212/
|
10.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35517 |
2022-01-19 11:48
|
 vbc.exe 701d8283da50a554d491d88adaa4987c
PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process suspicious TLD WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://www.6vvvvvwmetam.top/g2fg/?yh3ph8FP=7MwZ+vOrfEgzUtsfuOlT2LSD+fzzGZWqIzMgCoXtWmmRTV45oYq7mAL+n/mela4rzWfPWPsl&Sj=CpCLzL0
http://www.sandspringsramblers.com/g2fg/?yh3ph8FP=ge+LGbGU0sPhp615V0+Q+kydhBjB2swQkkhiZuS7Y+AByk961UG+1nlCefd7NlhDtpt/h7RC&Sj=CpCLzL0 - rule_id: 8687
|
6
www.6vvvvvwmetam.top(104.21.65.11)
www.sandspringsramblers.com(3.64.163.50)
193.122.6.168
3.64.163.50 - mailcious
172.67.157.22
162.159.138.85
|
|
1
http://www.sandspringsramblers.com/g2fg/
|
12.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35518 |
2022-01-19 11:46
|
 6247996184071914.exe 284412fc352ae353414347de9079227b
RAT PWS .NET framework Generic Malware Antivirus UPX Malicious Packer Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://checkip.dyndns.org/
http://ozzyingilizce.com/wp-content/sgu/6247996184071914.png
https://freegeoip.app/xml/175.208.134.150
|
6
freegeoip.app(162.159.137.85)
ozzyingilizce.com(159.253.41.162) - malware
checkip.dyndns.org(158.101.44.242)
193.122.6.168
159.253.41.162 - malware
162.159.138.85
|
|
|
16.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35519 |
2022-01-19 11:44
|
 7611168006129179.exe 160b96acafac45a88412986f20804ed2
RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
3
http://ozzyingilizce.com/wp-content/sgu/7611168006129179.png
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
8
freegeoip.app(162.159.137.85)
ozzyingilizce.com(159.253.41.162) - malware
checkip.dyndns.org(132.226.8.169)
132.226.8.169
193.122.6.168
162.159.137.85
159.253.41.162 - malware
162.159.138.85
|
|
|
15.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35520 |
2022-01-19 11:43
|
 .win32.exe 8871c3cc72ab3378479b80c4422f5c70
Loki NSIS Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder installed browsers check Browser Email ComputerName Software |
1
http://augmentinprod.ir/jin/five/fre.php - rule_id: 10995
|
2
augmentinprod.ir(104.21.3.248) - mailcious
172.67.131.97
|
|
1
http://augmentinprod.ir/jin/five/fre.php
|
10.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|