4006 |
2024-05-17 07:39
|
gotomeeting.exe 877187ad95d25a0e3582331588ac8892 Malicious Library PE64 PE File VirusTotal Malware Malicious Traffic RWX flags setting unpack itself ComputerName DNS |
1
http://3.208.96.244/functionalStatus?_=EInrswNj-Smw7wHUODEblLL439ayqOOtH_5tR6ROrd0QGwcO1yuDBudGKa4SC9TtxUwCInmkBxwGljbmw0ILNKuyhL8Nlfy8cQKnl4mbPhiqNUkRPS4Fq54Lqcliho2IiNBBA30VUjOrMgNSUV_JL-Rjy6UxR-vRc9NeDvPoRko
|
1
|
|
|
4.4 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4007 |
2024-05-17 07:34
|
yak.exe 33bbd27a00b4160a844a7edf2efef84e Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format URL Format Remcos VirusTotal Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Tofsee Windows Advertising Google DNS DDNS keylogger |
3
http://geoplugin.net/json.gp https://drive.google.com/uc?export=download&id=17oU8oYytI1akPiuIHIUd9KLqlDrKFCY3 https://drive.usercontent.google.com/download?id=17oU8oYytI1akPiuIHIUd9KLqlDrKFCY3&export=download
|
8
drive.usercontent.google.com(142.250.206.193) - mailcious geoplugin.net(178.237.33.50) drive.google.com(142.250.76.142) - mailcious myumysmeetr.ddns.net(89.117.145.5) 142.251.220.78 178.237.33.50 142.250.66.97 89.117.145.5
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY DNS Query to DynDNS Domain *.ddns .net ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
5.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4008 |
2024-05-17 07:32
|
bas.exe 53d0c5288b720419cb95ed2cb57cbfd9 Malicious Library UPX AntiDebug AntiVM PE File DllRegisterServer dll PE32 MZP Format URL Format VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Tofsee Interception Windows Advertising Google ComputerName DNS Cryptographic key keylogger |
2
https://drive.usercontent.google.com/download?id=1_F5U1nd9cmh25WycEA26uaCrdwmT4bZN&export=download https://drive.google.com/uc?export=download&id=1_F5U1nd9cmh25WycEA26uaCrdwmT4bZN
|
5
drive.usercontent.google.com(142.250.206.193) - mailcious drive.google.com(142.250.76.142) - mailcious 63.250.43.146 142.251.220.14 142.250.66.65
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4009 |
2024-05-17 07:32
|
ReurgingGleek.exe 1d3535cc01b2cc54b808a55e945707a0 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4010 |
2024-05-17 07:31
|
smss.exe 413bf385b1f985dcd43e2cdd2ebce8c5 Formbook Generic Malware Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser crashed |
9
http://www.crimsoncascade.xyz/a42m/ http://www.gregoriusalvin.com/a42m/ - rule_id: 39605 http://www.gregoriusalvin.com/a42m/?AhB=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&eS0G=fcpMuMP5iihRHWDU - rule_id: 39605 http://www.xn--bb55rtp-9va2p.store/a42m/?AhB=SpRmwiWWWie0LiCQik30fMumghQ1V43TuTRukl4i+K/mOSJ9++mg5ZeFxUAkG3Pdc43Qwg0V3CKoqh5jVerICFqxOreCo6UFThdoK0ITtUR0x3kt6DvHO7oYbUe5+lYToPjvUAg=&eS0G=fcpMuMP5iihRHWDU http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip http://www.crimsoncascade.xyz/a42m/?AhB=OaCxij+az8CWZkVV/54ln7Tii7cuYBvJsZdPmSHU0RFVoK/pLfrBdHMvdCD9qCJrgyFEUHy2yFOAdhP54QELuvsZtM/ZdHBp7cl68dN6EF+6a9fy3QPRhNX/VA1OInBnCfWbr6U=&eS0G=fcpMuMP5iihRHWDU http://www.xn--bb55rtp-9va2p.store/a42m/ http://www.tintasmaiscor.com/a42m/?AhB=BaBbynwG2FaMiw+hhIbbh28MgtbEHbpnPsDfKOVNrs70A5vduIAGjxN5gftBLQVIAtEactO1mhmKtuNjdeyvWaHsEukAqVbBiuakY2ayn/21WOCwyWJ4ZPsM5Fw7u2uLCIVlGog=&eS0G=fcpMuMP5iihRHWDU - rule_id: 39606 http://www.tintasmaiscor.com/a42m/ - rule_id: 39606
|
14
www.crimsoncascade.xyz(162.0.237.22) www.italiangreyhounds.online() - mailcious www.xn--bb55rtp-9va2p.store(84.32.84.32) www.gregoriusalvin.com(103.247.10.164) - mailcious www.tintasmaiscor.com(162.240.81.18) - mailcious www.designsbysruly.com() - mailcious www.gcashservice247.com() - mailcious www.weeveno.com() - mailcious www.infomail.website() - mailcious 162.0.237.22 84.32.84.32 - mailcious 45.33.6.223 162.240.81.18 - mailcious 103.247.10.164 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET) M5
|
4
http://www.gregoriusalvin.com/a42m/ http://www.gregoriusalvin.com/a42m/ http://www.tintasmaiscor.com/a42m/ http://www.tintasmaiscor.com/a42m/
|
10.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4011 |
2024-05-17 07:29
|
324hj23k4jh423kjh4g423.exe 348bce7a46271aa5ff25de5e15e291d4 Malicious Library Downloader UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
1.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4012 |
2024-05-16 18:22
|
FlexPremises.exe bdaf0c44377ebc825e98d8e649ca8f4b NSIS Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName |
|
|
|
|
6.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4013 |
2024-05-16 18:20
|
redline1.exe 9faf597de46ed64912a01491fe550d33 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
185.215.113.67 - mailcious
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
8.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4014 |
2024-05-16 18:20
|
gold.exe 7f981db325bfed412599b12604bd00ab Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4015 |
2024-05-16 09:26
|
lync.exe c37355fcfdc33a45159dce1b21e20d88 Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4016 |
2024-05-16 09:24
|
spoolsv.exe 6b080165abd64d082a4e0b0d7990840c Generic Malware Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser |
4
http://www.gregoriusalvin.com/a42m/?4vGbLF=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&su=fQtUjSda-Qz5xqs http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip http://www.gregoriusalvin.com/a42m/ http://www.tintasmaiscor.com/a42m/
|
10
www.italiangreyhounds.online() www.gregoriusalvin.com(103.247.10.164) www.tintasmaiscor.com(162.240.81.18) www.designsbysruly.com() www.gcashservice247.com() www.weeveno.com() www.infomail.website() 162.240.81.18 - mailcious 103.247.10.164 45.33.6.223
|
1
ET MALWARE FormBook CnC Checkin (GET) M5
|
|
12.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4017 |
2024-05-16 09:21
|
beautifulimagesgetmebacktotheu... a1868b7be5d36a3ee8255f438ab3fd30 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
1
http://45.33.50.155/2202/sampleimagepixelupdated.jpg
|
1
|
|
|
4.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4018 |
2024-05-16 09:20
|
AppGate2103v01.exe 362697c95a1c9964af1ab23ddfc29b04 Themida Packer MPRESS PE64 PE File VirusTotal Malware heapspray unpack itself Windows crashed |
|
|
|
|
4.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4019 |
2024-05-16 09:19
|
BigProject.exe bcc6522e6cd09522a15bd196f39ae6fa Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Tofsee ComputerName crashed |
|
2
bitbucket.org(104.192.141.1) - malware 104.192.141.1 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4020 |
2024-05-16 09:17
|
costs.vbs d789af96fc286fcccec141524b71d243 Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
1
http://91.92.251.57:80/holo.png
|
|
|
|
5.4 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|