4021 |
2024-05-16 09:17
|
beautifulthingstohappenedevery... faf0cacc6b11e438c4bfec5aff2e4927 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed |
2
https://api.ipify.org/
http://192.227.173.67/Ifeanyi.exe
|
3
api.ipify.org(172.67.74.152) 192.227.173.67 - malware
172.67.74.152
|
8
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4022 |
2024-05-16 09:16
|
vncx.exe d21ff27f8fcaee1acf0047dde48f4759 NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4023 |
2024-05-16 09:14
|
regasms.exe 9cded6e0c0b625370bb17884b7611955 AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Malware download AsyncRAT NetWireRC VirusTotal Malware DDNS DoTNet |
|
2
leetboy.dynuddns.net(185.196.11.252) 185.196.11.252
|
4
ET INFO DYNAMIC_DNS Query to a *.dynuddns .net Domain ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) ET MALWARE Generic AsyncRAT Style SSL Cert
|
|
1.2 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4024 |
2024-05-16 09:13
|
beautifuldaystartedwithbeautiu... 6fd521ca6607ad89cfaabeccfa7ae150 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed |
1
http://198.12.81.162/60590/spoolsv.exe
|
1
198.12.81.162 - mailcious
|
5
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4025 |
2024-05-16 09:12
|
mimikats.ps1 929da23097367077c3678dea19303133 Hide_EXE Generic Malware Antivirus VirusTotal Malware powershell Check memory heapspray unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
2.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4026 |
2024-05-16 09:11
|
vnc.exe a9d3bb0da3b9e0e7e58d67bd854600e1 Formbook Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
2
http://www.zshoessale.com/ht3d/?X2JtLLIP=KNW++co0WOUUOeVy1yumhiPpCJt5B+GOr4dwSTSfofY/YX8F6Ro1LNTkPqjSHYlOaPmihmJ6&bl=UVW8MhVXhZQ8-4w http://www.coachwunder.com/ht3d/?X2JtLLIP=/YUL6YCHhTiRbngjw+JX2TJKTr93KVrGBAteOVqB4a1cvSMCaV6LIhkawvKbzE1nb4sI3EFe&bl=UVW8MhVXhZQ8-4w
|
6
www.coachwunder.com(91.195.240.19) www.used-cars-77695.bond() www.earthoftender.com() www.zshoessale.com(104.21.35.22) 91.195.240.19 - mailcious 172.67.211.158
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4027 |
2024-05-16 09:11
|
647c143e-7885-49f0-aca4-712bdd... 84db43a164ce3f375e38430aa3c817c5 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key |
|
|
|
|
4.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4028 |
2024-05-16 09:08
|
meter2.exe b2956ff8340e2b2eb4aa41fe953486f2 Malicious Library Malicious Packer PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
|
|
|
3.6 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4029 |
2024-05-16 09:08
|
cmd.ps1 7801b02953637126c9012fd6e630f790 Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware DNS crashed |
|
1
|
|
|
2.2 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4030 |
2024-05-16 09:07
|
akurg.exe 6bef283833fa82a12f2a6a73fb43a4bb Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
1
|
2
api.ipify.org(104.26.13.205) 172.67.74.152
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4031 |
2024-05-16 09:06
|
rem.exe 06f5b8dffc6c138828adbc7f29cfc7f0 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware AutoRuns Check memory Windows DDNS DoTNet keylogger |
|
2
leetboy.dynuddns.net(185.196.11.252) 185.196.11.252
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET JA3 Hash - Remcos 3.x/4.x TLS Connection ET INFO DYNAMIC_DNS Query to a *.dynuddns .net Domain
|
|
3.2 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4032 |
2024-05-16 09:04
|
br.msi cbd6f6f7682366b65948238e0d1f03e5 Generic Malware MSOffice File CAB VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName |
1
http://ec2-3-21-233-33.us-east-2.compute.amazonaws.com/5806460-36.2024.7.10.7643/bobluz
|
2
ec2-3-21-233-33.us-east-2.compute.amazonaws.com(3.21.233.33) 3.21.233.33
|
|
|
3.0 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4033 |
2024-05-16 09:04
|
Ifeanyi.exe 96cb932974b4d07cf7d11caef8c1d590 AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
1
|
2
api.ipify.org(172.67.74.152) 104.26.13.205
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.8 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4034 |
2024-05-16 09:02
|
everythinggoingfineandgreatwit... 92f0065ee050a8dcd89fc59eddb048c7 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed Downloader |
3
http://www.butterflygroup.net/ht3d/?ARr=TaJuVXa8zD69E3rzgnBHcrtXTrwOaZM8cT0N/R70fGbWZvadCJ+iOLXrNCS6WQsHODSZZ5YX&ndlpiZ=u4ftAr7xpX7P
http://www.aaditt.com/ht3d/?ARr=Jxa8xlTunEPBVne4oi/bIU6b5tyucP/prE9/dQtU4ejg32tqlJ0LdPdUuJRqPlVl4EhKaSuV&ndlpiZ=u4ftAr7xpX7P
http://23.94.36.162/4506/vnc.exe
|
8
www.testingsol.com()
www.52iwin.com(199.59.243.225)
www.butterflygroup.net(13.248.169.48)
www.aaditt.com(15.197.148.33) 199.59.243.225 - mailcious
23.94.36.162 - mailcious
3.33.130.190 - phishing
13.248.169.48 - mailcious
|
7
ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET)
|
|
5.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4035 |
2024-05-16 09:01
|
beautifulflowerwhenraiseinthev... 6d3be789542f3bb48e47dad639120a19 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed |
2
https://api.ipify.org/
http://192.3.239.30/25095/spoolsv.exe
|
4
api.ipify.org(172.67.74.152) 192.3.239.30 - malware
104.26.13.205
103.143.81.180
|
8
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|