| 39901 |
2021-11-01 10:31
|
 trendmicro2.dll af41813cc051b8d0c9c418e99ba345c6
Generic Malware Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check DLL VirusTotal Malware Checks debugger RWX flags setting unpack itself crashed |
|
1
|
|
|
2.4 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39902 |
2021-11-01 10:30
|
 171.exe f1542d07c0aa2b2727b4ebdeeabc21f4
Gen1 Gen2 Malicious Library UPX Malicious Packer ASPack PE File PE32 DLL OS Processor Check JPEG Format Malware download Raccoon VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency RecordBreaker MachineGuid Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Collect installed applications AppData folder suspicious TLD installed browsers check Stealer Windows Browser Email ComputerName DNS |
4
http://toptelete.top/vvhotsummer
http://91.219.236.97/
http://91.219.236.97//l/f/iJ4a2XwB3dP17SpzW9k5/f9936c6dcab7f0e94aedce65556b8dc854846e65
http://91.219.236.97//l/f/iJ4a2XwB3dP17SpzW9k5/224d59f47d4eab7e71549ac5144226bf66bfb7a6
|
4
toptelete.top(104.21.9.146)
telegalive.top()
104.21.9.146
91.219.236.97
|
7
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
|
|
8.0 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39903 |
2021-11-01 10:30
|
 DimenSaint.exe d1467f50022d8c25d69d80fceb9d2f32
VMProtect Malicious Library PE File PE32 VirusTotal Malware Check memory unpack itself |
|
|
|
|
3.2 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39904 |
2021-11-01 10:27
|
 oldmystat2.dll ba810a8879b6ba2cccd49e28789fb059
PE64 PE File DLL Checks debugger RWX flags setting unpack itself crashed |
|
1
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39905 |
2021-11-01 09:57
|
 vbc.exe 1463a8e3cbd8b63c709495a91ff95506
PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
8.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39906 |
2021-11-01 09:52
|
 vbc.exe 1463a8e3cbd8b63c709495a91ff95506
PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39907 |
2021-11-01 09:48
|
 vbc.exe 1463a8e3cbd8b63c709495a91ff95506
PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39908 |
2021-11-01 09:43
|
 vbc.exe 1463a8e3cbd8b63c709495a91ff95506
PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39909 |
2021-11-01 09:24
|
 vbc.exe 1463a8e3cbd8b63c709495a91ff95506
PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
8.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39910 |
2021-11-01 09:18
|
 vbc.exe 1463a8e3cbd8b63c709495a91ff95506
PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39911 |
2021-11-01 09:14
|
 vbc.exe 1463a8e3cbd8b63c709495a91ff95506
PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39912 |
2021-10-30 14:56
|
 vbc.exe 1463a8e3cbd8b63c709495a91ff95506
PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39913 |
2021-10-30 12:05
|
 vbc.exe 1463a8e3cbd8b63c709495a91ff95506
PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
22
http://www.longshifa.online/euzn/?Urth=uAv+hDNIaWKTJHmotFieJseyqVavRyN/hzmyr84dVQggb+iPx2yKvWnxBifTpegawz+9IKiJ&R2Jl9Z=JR-Pylih38z8
http://www.longshifa.online/euzn/
http://www.hrtaro.com/euzn/?Urth=+YfQRi9G+OJ9foaealRkr8LisM1crxi2VOPn4pm0QzAMut2NXQSv7KOAA77xRrkGBn/uu5YB&R2Jl9Z=JR-Pylih38z8
http://www.yourotcs.com/euzn/
http://www.heser.net/euzn/?Urth=3YIIvuVMPod2ghyVzlrVbDIKpMNjGC1jVshcE/xay47UBDuWohiRTIe7T0ywrtH6KgyQLQcn&R2Jl9Z=JR-Pylih38z8 - rule_id: 7002
http://www.heser.net/euzn/?Urth=3YIIvuVMPod2ghyVzlrVbDIKpMNjGC1jVshcE/xay47UBDuWohiRTIe7T0ywrtH6KgyQLQcn&R2Jl9Z=JR-Pylih38z8
http://www.mecasso.store/euzn/?Urth=5V4tZ993so02mJc3sFQ1G2n5zFyOyfQP63UMvRPf7Sx02fgR5BEy180KOo1jDAfLNmzZkM90&R2Jl9Z=JR-Pylih38z8 - rule_id: 6998
http://www.mecasso.store/euzn/?Urth=5V4tZ993so02mJc3sFQ1G2n5zFyOyfQP63UMvRPf7Sx02fgR5BEy180KOo1jDAfLNmzZkM90&R2Jl9Z=JR-Pylih38z8
http://www.mirai-energy.com/euzn/
http://www.mirai-energy.com/euzn/?Urth=+5dot/Um/aCw9VRcqHMkvSpgRj3TUDBdyqjJB+g9c7BNuG3ZT163ETXRjJvbKjSKvOHW+POd&R2Jl9Z=JR-Pylih38z8
http://www.hrtaro.com/euzn/
http://www.mecasso.store/euzn/ - rule_id: 6998
http://www.mecasso.store/euzn/
http://www.webtiyan.com/euzn/
http://www.webtiyan.com/euzn/?Urth=M/fuIQwK/ZOUk1ha5jOAEPH6Fi1UC0+LMnfjVDCh9LdHL89/7JzIvaFyxwOx9tG+xgqAWMBk&R2Jl9Z=JR-Pylih38z8
http://www.heser.net/euzn/ - rule_id: 7002
http://www.heser.net/euzn/
http://www.pepeavatar.com/euzn/ - rule_id: 7001
http://www.pepeavatar.com/euzn/
http://www.pepeavatar.com/euzn/?Urth=c52/idsZybo5+++XEfR74GyO3sFn94uB9Bi9sGgwmuYdSzcMkVUF1vuwnR+zyHyG1b/8nRaD&R2Jl9Z=JR-Pylih38z8 - rule_id: 7001
http://www.pepeavatar.com/euzn/?Urth=c52/idsZybo5+++XEfR74GyO3sFn94uB9Bi9sGgwmuYdSzcMkVUF1vuwnR+zyHyG1b/8nRaD&R2Jl9Z=JR-Pylih38z8
http://www.yourotcs.com/euzn/?Urth=Jq5AABYltJgia4nxN4nPQwsgHB5GKQbjMY80BC1dCGLaE2JFWzpybbqNbVech2C1JzELhHSE&R2Jl9Z=JR-Pylih38z8
|
17
www.heser.net(142.250.196.115)
www.pepeavatar.com(3.64.163.50)
www.mirai-energy.com(185.146.22.238)
www.hgaffiliates.net()
www.webtiyan.com(89.42.211.109)
www.longshifa.online(108.179.232.90)
www.mecasso.store(3.33.152.147)
www.yourotcs.com(208.91.197.27)
www.hrtaro.com(150.95.255.38)
185.146.22.238
108.179.232.90 - mailcious
89.42.211.109 - mailcious
15.197.142.173
208.91.197.27 - mailcious
150.95.255.38 - mailcious
3.64.163.50 - mailcious
142.250.66.83
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
6
http://www.heser.net/euzn/
http://www.mecasso.store/euzn/
http://www.mecasso.store/euzn/
http://www.heser.net/euzn/
http://www.pepeavatar.com/euzn/
http://www.pepeavatar.com/euzn/
|
8.4 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39914 |
2021-10-30 12:03
|
0011.wbk 6c4a4577b05acbeb2d7daecf27658d03
RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed Downloader |
25
http://www.mecasso.store/euzn/?GPJ=5V4tZ993so02mJc3sFQ1G2n5zFyOyfQP63UMvRPf7Sx02fgR5BEy180KOo1jDAfLNmzZkM90&oX=Txo8nZfpM8h4 - rule_id: 6998
http://www.mecasso.store/euzn/?GPJ=5V4tZ993so02mJc3sFQ1G2n5zFyOyfQP63UMvRPf7Sx02fgR5BEy180KOo1jDAfLNmzZkM90&oX=Txo8nZfpM8h4
http://www.jakital.com/euzn/
http://103.171.0.220/0011/vbc.exe
http://www.newbeautydk.com/euzn/
http://www.chaoxy.com/euzn/?GPJ=p54zT/BC/x4SoLDl4CDH46eZzoug/1aAOGG+RO71GifqYqkWwddMiniK8tFlkYqJGNGj/CA6&oX=Txo8nZfpM8h4
http://www.longshifa.online/euzn/?GPJ=uAv+hDNIaWKTJHmotFieJseyqVavRyN/hzmyr84dVQggb+iPx2yKvWnxBifTpegawz+9IKiJ&oX=Txo8nZfpM8h4
http://www.longshifa.online/euzn/
http://www.235296tyc.com/euzn/ - rule_id: 7003
http://www.235296tyc.com/euzn/
http://www.chezvitoria.com/euzn/
http://www.newbeautydk.com/euzn/?GPJ=6sAauxhCLdP7c3t2Bq+0dcztdOu3qC96/c3RA+P4V1r5NX6fjKtAwrvy/oq5eYG/IMq0e3QV&oX=Txo8nZfpM8h4
http://www.arceprojects.com/euzn/ - rule_id: 5431
http://www.esd66.com/euzn/
http://www.jakital.com/euzn/?GPJ=GUGPZqYkRSeqmYe7e5IS+Ei9iGFRID/i/07dgdYcr1Gx3jMum/GSR7RR4tExlRct2vCBg0O1&oX=Txo8nZfpM8h4
http://www.arceprojects.com/euzn/?GPJ=YRXSBiSDQSCZhMMUR8bbHnyPN+rRNpjXZ/H6tz5eiGlkZ6MPFWs4UspiD2SvKhVY+KpYofGz&oX=Txo8nZfpM8h4 - rule_id: 5431
http://www.mecasso.store/euzn/ - rule_id: 6998
http://www.mecasso.store/euzn/
http://www.aidenb.tech/euzn/
http://www.chaoxy.com/euzn/
http://www.aidenb.tech/euzn/?GPJ=1IX3VtbgCTbtlwCwA2UuwAMw7IFESF9lL1UJSvXyFA7beRMLnuzxa3L8x0fgk6lRopDxesZY&oX=Txo8nZfpM8h4
http://www.esd66.com/euzn/?GPJ=IQD8yqUxjaKbmWvxY5YgKaEhD1SzG9nYqUof4YAZsyxYzAzp9zRFmOd/JMKDibdr94YK0rFj&oX=Txo8nZfpM8h4
http://www.235296tyc.com/euzn/?GPJ=qPG280hY3bVwFWYgPYUPmF0yLOv8ZOX3N77VjzujjWFTLW7L05+D5h5Mp3mfBnzq5vwwDWs5&oX=Txo8nZfpM8h4 - rule_id: 7003
http://www.235296tyc.com/euzn/?GPJ=qPG280hY3bVwFWYgPYUPmF0yLOv8ZOX3N77VjzujjWFTLW7L05+D5h5Mp3mfBnzq5vwwDWs5&oX=Txo8nZfpM8h4
http://www.chezvitoria.com/euzn/?GPJ=GKdzzMH8ErMYBxlRei+3JyrXRgQOuFc7CB7CFsqySz81sLyYG5Fwl1ZfLnJdq0KjlXe5fq5T&oX=Txo8nZfpM8h4
|
22
www.chaoxy.com(211.149.163.114)
www.esd66.com(139.162.127.18)
www.aidenb.tech(156.67.72.160)
www.jakital.com(3.223.115.185)
www.arceprojects.com(217.160.0.187)
www.hgaffiliates.net()
www.longshifa.online(108.179.232.90)
www.newbeautydk.com(23.227.38.74)
www.chezvitoria.com(34.102.136.180)
www.mecasso.store(3.33.152.147)
www.235296tyc.com(172.67.187.226)
103.171.0.220
108.179.232.90 - mailcious
156.67.72.160
15.197.142.173
34.102.136.180 - mailcious
211.149.163.114
139.162.127.18
3.223.115.185 - mailcious
217.160.0.187 - mailcious
23.227.38.74 - mailcious
172.67.187.226
|
7
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
6
http://www.mecasso.store/euzn/
http://www.235296tyc.com/euzn/
http://www.arceprojects.com/euzn/
http://www.arceprojects.com/euzn/
http://www.mecasso.store/euzn/
http://www.235296tyc.com/euzn/
|
5.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39915 |
2021-10-30 11:46
|
 ClientDC.exe 71d66e7e53e0341af65a1510d4c2eb63
RAT PWS .NET framework Generic Malware Malicious Packer Antivirus Malicious Library UPX PE File OS Processor Check PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself DNS |
|
1
|
|
|
2.6 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|