| 41176 |
2021-09-25 10:57
|
9yub0of.ico b154189e0bcbf2556452a4d510d7043f
VirusTotal Malware |
|
|
|
|
0.4 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41177 |
2021-09-25 10:47
|
 file.exe cb2519c7618babe98a785cd7bd1485b4
Malicious Packer UPX Admin Tool (Sysinternals etc ...) Malicious Library PE File OS Processor Check PE32 VirusTotal Malware Malicious Traffic unpack itself suspicious process suspicious TLD ComputerName DNS crashed |
1
http://dnsresolver-005.top/
|
2
dnsresolver-005.top(104.21.47.211)
172.67.172.172
|
2
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
|
|
4.0 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41178 |
2021-09-25 10:36
|
Для руководства в работе.doc... 875f35ac7017ca6c572fdc3e40c0eec5
MSOffice File MachineGuid Check memory RWX flags setting unpack itself Tofsee GameoverP2P Zeus ComputerName Trojan Banking |
2
https://officeproductupdate.com/xenyl.xlt
https://officeproductupdate.com/
|
2
officeproductupdate.com(23.227.202.195)
23.227.202.195
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41179 |
2021-09-25 10:31
|
 BERN210819.exe 5bc6fa2221eed7444ea7d51dea3d1b4e
NSIS Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.4 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41180 |
2021-09-24 17:15
|
 etooltipred.png 1d7f42754d885cf2b61b683193b02708
Malicious Library PE File PE32 Dridex TrickBot Malware suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process Kovter ComputerName DNS crashed |
1
https://179.189.229.254/top124/TEST22-PC_W617601.8FDD4B03B497559A4B77C745B240BB2A/5/file/
|
5
179.189.229.254 - mailcious
216.166.148.187 - mailcious
60.51.47.65 - mailcious
62.99.79.77 - mailcious
65.152.201.203 - mailcious
|
2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41181 |
2021-09-24 17:14
|
 6789568764240821.exe b105bec27851dabe21e1cf1c56bfda0e
PWS .NET framework email stealer BitCoin Generic Malware Admin Tool (Sysinternals etc ...) ScreenShot Steal credential DNS SMTP KeyLogger Code injection AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk IP Check VM Disk Size Check Windows Browser Email ComputerName Cryptographic key |
1
http://whatismyipaddress.com/
|
4
whatismyipaddress.com(104.16.154.36)
ftp.vn-gpack.org(66.70.204.222)
104.16.154.36
66.70.204.222 - malware
|
1
SURICATA Applayer Detect protocol only one direction
|
|
14.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41182 |
2021-09-24 17:14
|
 lv.exe e154389e7b2797d043b65d94a6ff9889
NPKI Gen1 Emotet Gen2 Themida Packer Generic Malware Malicious Library Anti_VM UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal cred VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed |
|
1
|
|
|
7.0 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41183 |
2021-09-24 17:11
|
 i8u7hjdc.exe 61d5e32562d1c70daf0a3112f7888258
NPKI Generic Malware Malicious Packer UPX Anti_VM Malicious Library Antivirus PE64 PE File VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key |
|
|
|
|
8.4 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41184 |
2021-09-24 17:10
|
 eflyairplane.png b164522e8070207393f280857dcc06f4
Malicious Library PE File PE32 suspicious privilege buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process ComputerName DNS crashed |
|
4
186.4.193.75
45.181.207.156
179.42.137.108
179.42.137.106
|
|
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41185 |
2021-09-24 17:08
|
 nscvhost.exe 341e63d0f0934ba186bd27a5e43ede35
Generic Malware Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
2.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41186 |
2021-09-24 17:08
|
 esmallruby.png 33e5dbee2d872b34c54665cf0404520e
Malicious Library PE File PE32 Dridex TrickBot Malware Report suspicious privilege MachineGuid Malicious Traffic buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process Kovter ComputerName DNS crashed |
1
https://186.4.193.75/tot152/TEST22-PC_W617601.3BBA0CFF68E3F779B5F041BB34213194/5/kps/
|
3
186.4.193.75
184.74.99.214 - mailcious
179.42.137.107
|
3
ET CNC Feodo Tracker Reported CnC Server group 10
ET POLICY Signed TLS Certificate with md5WithRSAEncryption
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
|
|
6.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41187 |
2021-09-24 17:07
|
 escrow.exe 4568267da235d998580cfd9d8b828715
UPX Admin Tool (Sysinternals etc ...) Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName crashed |
3
https://l5celg.sn.files.1drv.com/y4miF6XlED8SY5--LgS44ahEhDcYCFwMTUFKt2cmNHEgwJC3dqKFsQUhuZ46dpQaoIwHZ9KrpMep0rTZkQKeIKr3PZ5VY_INk0UmRCYL9Fuve_Yapbe60tK7jScYNy1Diy91sotH3hSU3uEuESB1dR0pXlM2-y46BCMiXPgUnjHMhiUL6snOzGjoSuvMFM7tYUHYBSIwPEsZwIMl7BeBoMmvw/Ykpsyzzdkhppcdowwcfwlzpgevpatcf?download&psid=1
https://onedrive.live.com/download?cid=D6676A9A61E841F3&resid=D6676A9A61E841F3%21164&authkey=ANROjRWx1nqVZnY
https://l5celg.sn.files.1drv.com/y4mLv-GqBjhaOB-mLJQgnVgkJCnpmMVYtpQjObQnaZ2ICEvU_3slIlmM8hKoW6fzonHpOKQj9HLBz9pb93NCO-pwHLbMUwkj2_g8d-Aei7CkflN5HcEdHSyc0HTOihKZZ_mpA1Nxy9Rc64DBQqnSkxz0WCtr49llNeElSJ-6Gtwio1lzIg6B36LMbCy2OD_H-_Z-c6mpVGqdMQEpgm4NsDO7w/Ykpsyzzdkhppcdowwcfwlzpgevpatcf?download&psid=1
|
6
onedrive.live.com(13.107.42.13) - mailcious
l5celg.sn.files.1drv.com(13.107.42.12)
trapboijiggy.dvrlists.com(31.3.152.100)
13.107.42.13 - mailcious
13.107.42.12 - malware
31.3.152.100
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.6 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41188 |
2021-09-24 17:06
|
 eresizebar.png 544c2478d26f9c59a9d371efe305ebf9
Malicious Library PE File PE32 Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process Kovter ComputerName DNS crashed |
1
https://184.74.99.214/lip124/TEST22-PC_W617601.F4BBDFF83BB3215DF35372D119FD13B3/5/file/
|
5
128.201.76.252 - mailcious
46.99.175.217 - mailcious
216.166.148.187 - mailcious
184.74.99.214 - mailcious
65.152.201.203 - mailcious
|
3
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 10
|
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41189 |
2021-09-24 16:45
|
 specification-1696062090.xls b18faf6bc59505ac36fb11d6ce6131d2
MSOffice File VirusTotal Malware RWX flags setting unpack itself suspicious process Tofsee |
3
https://elitekhatsacco.co.ke/s6OkhAya/day.html
https://sukmabali.com/rwZiioLFaG/day.html
https://lfzombiegames.com/P8BJd4OW/day.html
|
6
lfzombiegames.com(172.96.186.147) - mailcious
sukmabali.com(103.253.212.72) - mailcious
elitekhatsacco.co.ke(162.241.169.16) - mailcious
162.241.169.16 - mailcious
172.96.186.147 - mailcious
103.253.212.72 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
|
|
4.2 |
|
12 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41190 |
2021-09-24 12:12
|
 specification-1216995372.xls 1792fb151473098d01ac9989ac7c0040
MSOffice File VirusTotal Malware ICMP traffic RWX flags setting unpack itself suspicious process Tofsee |
3
https://elitekhatsacco.co.ke/s6OkhAya/day.html
https://sukmabali.com/rwZiioLFaG/day.html
https://lfzombiegames.com/P8BJd4OW/day.html
|
6
lfzombiegames.com(172.96.186.147) - mailcious
sukmabali.com(103.253.212.72) - mailcious
elitekhatsacco.co.ke(162.241.169.16) - mailcious
162.241.169.16 - mailcious
172.96.186.147
103.253.212.72 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
|
|
4.8 |
|
9 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|