| 4006 |
2024-05-17 07:39
|
 gotomeeting.exe 877187ad95d25a0e3582331588ac8892
Malicious Library PE64 PE File VirusTotal Malware Malicious Traffic RWX flags setting unpack itself ComputerName DNS |
1
http://3.208.96.244/functionalStatus?_=EInrswNj-Smw7wHUODEblLL439ayqOOtH_5tR6ROrd0QGwcO1yuDBudGKa4SC9TtxUwCInmkBxwGljbmw0ILNKuyhL8Nlfy8cQKnl4mbPhiqNUkRPS4Fq54Lqcliho2IiNBBA30VUjOrMgNSUV_JL-Rjy6UxR-vRc9NeDvPoRko
|
1
|
|
|
4.4 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4007 |
2024-05-17 07:34
|
 yak.exe 33bbd27a00b4160a844a7edf2efef84e
Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format URL Format Remcos VirusTotal Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Tofsee Windows Advertising Google DNS DDNS keylogger |
3
http://geoplugin.net/json.gp
https://drive.google.com/uc?export=download&id=17oU8oYytI1akPiuIHIUd9KLqlDrKFCY3
https://drive.usercontent.google.com/download?id=17oU8oYytI1akPiuIHIUd9KLqlDrKFCY3&export=download
|
8
drive.usercontent.google.com(142.250.206.193) - mailcious
geoplugin.net(178.237.33.50)
drive.google.com(142.250.76.142) - mailcious
myumysmeetr.ddns.net(89.117.145.5)
142.251.220.78
178.237.33.50
142.250.66.97
89.117.145.5
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
5.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4008 |
2024-05-17 07:32
|
 bas.exe 53d0c5288b720419cb95ed2cb57cbfd9
Malicious Library UPX AntiDebug AntiVM PE File DllRegisterServer dll PE32 MZP Format URL Format VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Tofsee Interception Windows Advertising Google ComputerName DNS Cryptographic key keylogger |
2
https://drive.usercontent.google.com/download?id=1_F5U1nd9cmh25WycEA26uaCrdwmT4bZN&export=download
https://drive.google.com/uc?export=download&id=1_F5U1nd9cmh25WycEA26uaCrdwmT4bZN
|
5
drive.usercontent.google.com(142.250.206.193) - mailcious
drive.google.com(142.250.76.142) - mailcious
63.250.43.146
142.251.220.14
142.250.66.65
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4009 |
2024-05-17 07:32
|
 ReurgingGleek.exe 1d3535cc01b2cc54b808a55e945707a0
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4010 |
2024-05-17 07:31
|
 smss.exe 413bf385b1f985dcd43e2cdd2ebce8c5
Formbook Generic Malware Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser crashed |
9
http://www.crimsoncascade.xyz/a42m/
http://www.gregoriusalvin.com/a42m/ - rule_id: 39605
http://www.gregoriusalvin.com/a42m/?AhB=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&eS0G=fcpMuMP5iihRHWDU - rule_id: 39605
http://www.xn--bb55rtp-9va2p.store/a42m/?AhB=SpRmwiWWWie0LiCQik30fMumghQ1V43TuTRukl4i+K/mOSJ9++mg5ZeFxUAkG3Pdc43Qwg0V3CKoqh5jVerICFqxOreCo6UFThdoK0ITtUR0x3kt6DvHO7oYbUe5+lYToPjvUAg=&eS0G=fcpMuMP5iihRHWDU
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
http://www.crimsoncascade.xyz/a42m/?AhB=OaCxij+az8CWZkVV/54ln7Tii7cuYBvJsZdPmSHU0RFVoK/pLfrBdHMvdCD9qCJrgyFEUHy2yFOAdhP54QELuvsZtM/ZdHBp7cl68dN6EF+6a9fy3QPRhNX/VA1OInBnCfWbr6U=&eS0G=fcpMuMP5iihRHWDU
http://www.xn--bb55rtp-9va2p.store/a42m/
http://www.tintasmaiscor.com/a42m/?AhB=BaBbynwG2FaMiw+hhIbbh28MgtbEHbpnPsDfKOVNrs70A5vduIAGjxN5gftBLQVIAtEactO1mhmKtuNjdeyvWaHsEukAqVbBiuakY2ayn/21WOCwyWJ4ZPsM5Fw7u2uLCIVlGog=&eS0G=fcpMuMP5iihRHWDU - rule_id: 39606
http://www.tintasmaiscor.com/a42m/ - rule_id: 39606
|
14
www.crimsoncascade.xyz(162.0.237.22)
www.italiangreyhounds.online() - mailcious
www.xn--bb55rtp-9va2p.store(84.32.84.32)
www.gregoriusalvin.com(103.247.10.164) - mailcious
www.tintasmaiscor.com(162.240.81.18) - mailcious
www.designsbysruly.com() - mailcious
www.gcashservice247.com() - mailcious
www.weeveno.com() - mailcious
www.infomail.website() - mailcious
162.0.237.22
84.32.84.32 - mailcious
45.33.6.223
162.240.81.18 - mailcious
103.247.10.164 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET) M5
|
4
http://www.gregoriusalvin.com/a42m/
http://www.gregoriusalvin.com/a42m/
http://www.tintasmaiscor.com/a42m/
http://www.tintasmaiscor.com/a42m/
|
10.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4011 |
2024-05-17 07:29
|
 324hj23k4jh423kjh4g423.exe 348bce7a46271aa5ff25de5e15e291d4
Malicious Library Downloader UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
1.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4012 |
2024-05-16 18:22
|
 FlexPremises.exe bdaf0c44377ebc825e98d8e649ca8f4b
NSIS Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName |
|
|
|
|
6.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4013 |
2024-05-16 18:20
|
 redline1.exe 9faf597de46ed64912a01491fe550d33
RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
185.215.113.67 - mailcious
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 32
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
8.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4014 |
2024-05-16 18:20
|
 gold.exe 7f981db325bfed412599b12604bd00ab
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4015 |
2024-05-16 09:26
|
 lync.exe c37355fcfdc33a45159dce1b21e20d88
Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4016 |
2024-05-16 09:24
|
 spoolsv.exe 6b080165abd64d082a4e0b0d7990840c
Generic Malware Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser |
4
http://www.gregoriusalvin.com/a42m/?4vGbLF=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&su=fQtUjSda-Qz5xqs
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
http://www.gregoriusalvin.com/a42m/
http://www.tintasmaiscor.com/a42m/
|
10
www.italiangreyhounds.online()
www.gregoriusalvin.com(103.247.10.164)
www.tintasmaiscor.com(162.240.81.18)
www.designsbysruly.com()
www.gcashservice247.com()
www.weeveno.com()
www.infomail.website()
162.240.81.18 - mailcious
103.247.10.164
45.33.6.223
|
1
ET MALWARE FormBook CnC Checkin (GET) M5
|
|
12.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4017 |
2024-05-16 09:21
|
beautifulimagesgetmebacktotheu... a1868b7be5d36a3ee8255f438ab3fd30
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
1
http://45.33.50.155/2202/sampleimagepixelupdated.jpg
|
1
|
|
|
4.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4018 |
2024-05-16 09:20
|
AppGate2103v01.exe 362697c95a1c9964af1ab23ddfc29b04
Themida Packer MPRESS PE64 PE File VirusTotal Malware heapspray unpack itself Windows crashed |
|
|
|
|
4.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4019 |
2024-05-16 09:19
|
 BigProject.exe bcc6522e6cd09522a15bd196f39ae6fa
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Tofsee ComputerName crashed |
|
2
bitbucket.org(104.192.141.1) - malware
104.192.141.1 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4020 |
2024-05-16 09:17
|
 costs.vbs d789af96fc286fcccec141524b71d243
Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
1
http://91.92.251.57:80/holo.png
|
|
|
|
5.4 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|