| 40561 |
2021-10-16 09:44
|
 TimeLimit.exe 465784e139b2fb62fa2ee0cce3ee5551
Crossrider Adware PE File PE32 VirusTotal Malware AutoRuns Check memory unpack itself suspicious process WriteConsoleW Windows |
|
|
|
|
4.6 |
M |
20 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40562 |
2021-10-15 18:11
|
 audio.exe 98fc6998c7943f10c6eab32dd5f87e92
RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces malicious URLs Tofsee Windows Cryptographic key crashed |
26
http://www.thepropertygoat.com/mexq/
http://www.fightfigures.com/mexq/?lxldV=nF8Mi7Lo4h+4yZVT5Ia3Bbev17k0Adz6GOgv+uMYTn1aoIKK7kPNVt7dZ/cJJMW4PgTrtPs8&Tj8=YBZL
http://www.dogiadunggiare.online/mexq/
http://www.ikkbs-a02.com/mexq/?lxldV=VV5AgV3GCIayE1q/uEC3YKUlRjxT/D9Wjoi84UeRM+gohUBTid2T1AFz2q8EbYiQSNLVot46&Tj8=YBZL
http://www.girlspiter.club/mexq/ - rule_id: 6377
http://www.divinevoid.com/mexq/?lxldV=KqxNkYKwhK8QCGnTjvaSVFverL9tDCQk0D0fcPjoodLCHWHMSCJf+11BJWe1YSP1vIOC7L4x&Tj8=YBZL
http://www.dogiadunggiare.online/mexq/?lxldV=aMphtwNDzsdiE6X2ifxu9cLfxHarG5ZcKcAFFOnAQEmMg5UnruKiUh8bnA8dfmdKNc1n63nj&Tj8=YBZL
http://www.cyebang.com/mexq/?lxldV=g6L0/Z2cdy+PQR0/l6rXBhzWGtzMcF3Ol137FLHMI1/7C2CX6Ije7QQ81WlooZwAwjE41ZtU&Tj8=YBZL - rule_id: 6367
http://www.fightfigures.com/mexq/
http://www.rd26x.com/mexq/ - rule_id: 6370
http://www.paomovar.com/mexq/?lxldV=keGnqMLdj851sJRi2j39jp79R3melR4wNuD9uq7cFAzjBnJQcKEU6p8BE35gFM0DNsm1xZQ1&Tj8=YBZL
http://www.abbastanza.info/mexq/ - rule_id: 6317
http://www.abbastanza.info/mexq/?lxldV=HxheXHNeZnuh7hWJGhsr6d5umAb+gTBnlbDLBsLWbPaXIzw9yocRim9m9M79jCReeU6Lm+iq&Tj8=YBZL - rule_id: 6317
http://www.mabnapakhsh.com/mexq/?lxldV=OU1GtVXDbsnAoZAJ+r3UhPtpR181l/ARJ5oFEWbh76Mk/J1Ds5ZKsjMHrQjA03ZUl7BK7iZc&Tj8=YBZL - rule_id: 6371
http://www.girlspiter.club/mexq/?lxldV=fzhR5iDoK/FMbNanNPgySKtGhsLhyiuSpsOSscLZe2SSRgDl3GCmdM/c8tfRmghpgq4HDdiJ&Tj8=YBZL - rule_id: 6377
http://www.asistente-ti.com/mexq/
http://www.mabnapakhsh.com/mexq/ - rule_id: 6371
http://www.rd26x.com/mexq/?lxldV=NkB1NXPBFDbDKRQZsa3bgqux4BDsfoNouiBmY062wfTHfxIwCLTnegL+vUKelNVaBIOAn2Cu&Tj8=YBZL - rule_id: 6370
http://www.thepropertygoat.com/mexq/?lxldV=a7LEMNgPF40tNRiX8Nab284n24B1ISiHmaUOi826CaNlLuQPC7P9Z06/J0q5w54UkOOw30O0&Tj8=YBZL
http://www.cyebang.com/mexq/ - rule_id: 6367
http://www.divinevoid.com/mexq/
http://www.ikkbs-a02.com/mexq/
http://www.asistente-ti.com/mexq/?lxldV=FXytxKb7hlS0NB95F4E2l5t7HPJ3Y/hCXozEuR5SBn2hmfCvUpXKCkvUGJqgiwTgq5SCS4oc&Tj8=YBZL
http://www.paomovar.com/mexq/
https://cdn.discordapp.com/attachments/893177342426509335/898388093822984232/13289851.jpg
https://cdn.discordapp.com/attachments/893177342426509335/898388092430483526/7A426138.jpg
|
27
www.cyebang.com(154.216.110.149)
www.paomovar.com(34.102.136.180)
www.ikkbs-a02.com(172.67.162.204)
www.abbastanza.info(216.58.220.115)
www.dogiadunggiare.online(13.250.255.10)
www.rd26x.com(172.104.94.112)
www.fightfigures.com(74.208.236.170)
www.girlspiter.club(23.105.244.169)
www.divinevoid.com(18.176.133.53)
www.xn--l6qw76agwi5rjeuzk9q.com() - mailcious
www.aliexpress-br.com() - mailcious
www.thepropertygoat.com(34.102.136.180)
cdn.discordapp.com(162.159.135.233) - malware
www.asistente-ti.com(34.102.136.180)
www.sjmdesignstudio.com()
www.mabnapakhsh.com(198.54.117.217)
216.58.220.115
74.208.236.170
162.159.130.233 - malware
34.102.136.180 - mailcious
198.54.117.217 - phishing
154.216.110.149 - mailcious
18.181.31.166
23.105.244.169 - mailcious
172.67.162.204
172.104.94.112 - mailcious
13.250.255.10
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)
|
10
http://www.girlspiter.club/mexq/
http://www.cyebang.com/mexq/
http://www.rd26x.com/mexq/
http://www.abbastanza.info/mexq/
http://www.abbastanza.info/mexq/
http://www.mabnapakhsh.com/mexq/
http://www.girlspiter.club/mexq/
http://www.mabnapakhsh.com/mexq/
http://www.rd26x.com/mexq/
http://www.cyebang.com/mexq/
|
9.8 |
M |
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40563 |
2021-10-15 18:10
|
 TimeLimitInst.exe 9b93526bb5cb8f5b487a2236f45bf4a9
UPX Malicious Library PE File PE32 DLL VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed |
|
|
|
|
4.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40564 |
2021-10-15 18:07
|
 audio.exe f977d96c98335083d54f9b9b54fb0cd9
RAT PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
8
http://www.cyebang.com/mexq/?pPX=g6L0/Z2cdy+PQR0/l6rXBhzWGtzMcF3Ol137FLHMI1/7C2CX6Ije7QQ81WlooZwAwjE41ZtU&1b=jnKtRfUpV - rule_id: 6367
http://www.uniqued.net/mexq/?pPX=/3l62yGpIujmRd23NYyOlMT7eauth93xr/VrnqvY3AX4beNsr7BJ6oW+mJu6AhSMiBiHOIq9&1b=jnKtRfUpV - rule_id: 6315
http://www.mabnapakhsh.com/mexq/?pPX=OU1GtVXDbsnAoZAJ+r3UhPtpR181l/ARJ5oFEWbh76Mk/J1Ds5ZKsjMHrQjA03ZUl7BK7iZc&1b=jnKtRfUpV - rule_id: 6371
http://www.zamarasystem.com/mexq/?pPX=IpqNqv0O7XNQoDVXX4yFHUH7VRliJnhxicL0cWaIY68A61Zjj4pLnCTIwF7r9iYi6pGSwZZa&1b=jnKtRfUpV - rule_id: 6374
http://www.wmh3gk2fzw2m.biz/mexq/?pPX=UyUE9kQD2x0NeQsdW0XUMy2W5i5z8llb4rGWC4I5jJBYHOEz6j34RyUiYVdu4xyLAbElxCEC&1b=jnKtRfUpV - rule_id: 6368
http://www.nobleminers.com/mexq/?pPX=9oCgplpD3xGa2B0UFztcflHu20ZJUbeX+izpMRcCrbgVD6lp5zPwjx/SvD7T51v7jx3DIm2R&1b=jnKtRfUpV
http://www.azapsolutions.com/mexq/?pPX=7rR6BaTC2ZAVgrwWEwsiYxD1jvft00Lf8vhj4S3/jlbfZqCXGSgwsCSL1bpPofYLOYB36uTd&1b=jnKtRfUpV
http://www.rd26x.com/mexq/?pPX=NkB1NXPBFDbDKRQZsa3bgqux4BDsfoNouiBmY062wfTHfxIwCLTnegL+vUKelNVaBIOAn2Cu&1b=jnKtRfUpV - rule_id: 6370
|
18
www.uniqued.net(23.227.38.74)
www.cyebang.com(154.216.110.149)
www.iphone13promax.design() - mailcious
www.nobleminers.com(198.54.125.203)
www.rd26x.com(172.104.94.112)
www.zamarasystem.com(102.38.50.130)
www.aliexpress-br.com() - mailcious
www.wmh3gk2fzw2m.biz(103.26.164.155)
www.azapsolutions.com(34.102.136.180)
www.mabnapakhsh.com(198.54.117.217)
198.54.125.203
102.38.50.130 - mailcious
198.54.117.211 - phishing
34.102.136.180 - mailcious
103.26.164.155
154.216.110.149 - mailcious
23.227.38.74 - mailcious
172.104.94.112 - mailcious
|
2
ET INFO Observed DNS Query to .biz TLD
ET MALWARE FormBook CnC Checkin (GET)
|
6
http://www.cyebang.com/mexq/
http://www.uniqued.net/mexq/
http://www.mabnapakhsh.com/mexq/
http://www.zamarasystem.com/mexq/
http://www.wmh3gk2fzw2m.biz/mexq/
http://www.rd26x.com/mexq/
|
8.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40565 |
2021-10-15 18:06
|
 1soft.exe 6084bf88a6d2c70c894614fc762244de
Generic Malware Malicious Packer UPX Malicious Library PE64 PE File VirusTotal Malware Code Injection Malicious Traffic buffers extracted Tofsee RCE |
1
https://github.com/UnamSanctam/SilentETHMiner/raw/master/SilentETHMiner/Resources/ethminer.zip - rule_id: 2610
|
5
github.com(52.78.231.108) - mailcious
raw.githubusercontent.com(185.199.108.133) - malware
sanctam.net() - mailcious
185.199.110.133 - malware
15.164.81.167 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://github.com/UnamSanctam/SilentETHMiner/raw/master/SilentETHMiner/Resources/ethminer.zip
|
4.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40566 |
2021-10-15 18:06
|
 6666.exe f95a35e8c3f3f57b3f347bd6c8180bee
NPKI UPX Malicious Library PE64 PE File VirusTotal Malware RCE crashed |
|
|
|
|
1.8 |
M |
21 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40567 |
2021-10-15 18:04
|
 TimeLimit.exe 465784e139b2fb62fa2ee0cce3ee5551
PE File PE32 VirusTotal Malware AutoRuns Check memory unpack itself suspicious process WriteConsoleW Windows |
|
|
|
|
4.6 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40568 |
2021-10-15 18:04
|
 babay.exe 1f67cc3aee307cde9e5102d372f9b87e
UPX Malicious Library PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege ICMP traffic unpack itself human activity check Windows DNS keylogger |
|
3
deli.mywire.org(176.216.222.110) - mailcious
176.216.222.110 - mailcious
125.253.92.50
|
|
|
5.8 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40569 |
2021-10-15 18:01
|
 6666.exe f95a35e8c3f3f57b3f347bd6c8180bee
NPKI UPX Malicious Library PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency RCE |
|
2
pool.hashvault.pro(131.153.76.130) - mailcious
125.253.92.50
|
1
ET POLICY Cryptocurrency Miner Checkin
|
|
1.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40570 |
2021-10-15 18:01
|
 smhosts.exe e1164db137877a49ac6d5c6d90ff11ab
UPX Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself |
|
|
|
|
1.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40571 |
2021-10-15 14:04
|
 Wetranfer.html 34e6eec71f5eda2bcc5590067f3d8791
AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
https://fonts.googleapis.com/css?family=PT+Sans:400,700
|
6
images.sampletemplates.com(151.101.194.133)
fonts.googleapis.com(142.250.196.106)
www.pngitem.com(173.208.219.13)
146.75.50.133
173.208.219.13
142.250.66.106
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40572 |
2021-10-15 13:53
|
 Auszahlungen.xls 413bd16983ee371d2955416354a17b2c
VBA_macro Generic Malware MSOffice File VirusTotal Malware ICMP traffic RWX flags setting unpack itself DNS |
|
1
|
|
|
3.8 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40573 |
2021-10-15 13:51
|
 DOCS-93897-2021-2975GJ53.scr 8575cb6fc0f2e03e427b847b8bf734a9
Generic Malware UPX DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS |
|
1
|
|
|
15.2 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40574 |
2021-10-15 13:50
|
 ARRIVAL NOTICE A AND B GLOBAL ... 8575cb6fc0f2e03e427b847b8bf734a9
Generic Malware UPX DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS |
|
1
|
|
|
15.2 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40575 |
2021-10-15 10:31
|
 goshcj.exe d1baa9515f4c67a7b561938bbd81bc75
RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName crashed |
|
|
|
|
8.8 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|