4126 |
2024-05-11 19:31
|
av_downloader.exe 8af4f985862c71682e796dcc912f27dc Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File PE32 CAB VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS |
1
http://206.217.142.166:1234/windows/dr/dr.bat
|
1
|
|
|
9.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4127 |
2024-05-11 19:31
|
Photo.scr 24eef227b95647e2ef8edf1b194d97ca Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
2.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4128 |
2024-05-11 19:30
|
frideurpearoundhavesuchabeauti... c46f92a410d2ba774146b68c7f245d35 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/krGPZ
http://fridayyyyvert.3utilities.com/europefridayedatingloverforchildern.jpg
|
7
paste.ee(104.21.84.67) - mailcious
fridayyyyvert.3utilities.com(192.3.101.142) - malware
uploaddeimagens.com.br(172.67.215.45) - malware 61.111.58.34 - malware
172.67.187.200 - mailcious
104.21.45.138 - malware
192.3.101.142 - malware
|
4
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY DNS Query to DynDNS Domain *.3utilities .com ET INFO DYNAMIC_DNS HTTP Request to a *.3utilities .com Domain
|
|
4.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4129 |
2024-05-11 19:29
|
htm.exe 983f094cf97faca11916d717b22b64ca Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself Detects VMWare VMware Tofsee Interception crashed |
|
2
onedrive.live.com(13.107.139.11) - mailcious 13.107.139.11
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4130 |
2024-05-11 15:05
|
mexicangirlsareverybeautifulan... 0d7ac12ba297bd78e159a43ea09b247c MS_RTF_Obfuscation_Objects RTF File doc buffers extracted ICMP traffic RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed |
2
http://forxlamfile.duckdns.org/mexicodatingloverforchildern.jpg https://paste.ee/d/MgxAi
|
52
paste.ee(172.67.187.200) - mailcious forxlamfile.duckdns.org(192.3.101.142) 85.214.59.108 109.109.51.9 103.103.192.139 51.89.47.213 36.99.141.101 191.6.197.244 191.96.1.123 146.59.24.90 156.251.11.188 160.121.231.70 120.77.172.36 39.61.219.100 202.29.95.12 - malware 89.132.179.61 161.97.93.251 192.3.101.142 - malware 192.185.22.100 173.198.207.4 137.66.61.164 46.242.218.88 154.201.182.65 185.141.190.195 154.9.29.232 89.191.19.91 94.23.69.241 143.198.193.141 185.146.29.29 93.123.72.70 170.239.64.169 197.248.169.246 67.43.2.167 164.46.51.142 172.67.187.200 - mailcious 162.33.30.166 154.26.231.89 88.99.174.114 192.185.175.34 192.232.215.188 107.174.121.222 121.199.55.53 160.226.173.208 79.235.135.93 173.201.190.178 207.241.199.86 209.58.169.75 85.134.27.181 199.167.131.41 78.135.106.67 128.204.133.48 69.174.97.122
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
|
|
6.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4131 |
2024-05-11 15:03
|
system32.exe d1c30d86c227f9c6669b9e3d45489ae0 Emotet Gen1 Generic Malware Malicious Library Antivirus UPX PE64 PE File CAB DLL PE32 .NET DLL powershell AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key |
|
1
|
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4132 |
2024-05-11 15:00
|
crypted_87ddcda6.exe 344a8dde0a6cc31070a057bac27be18f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
1.8 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4133 |
2024-05-11 14:59
|
MSI.msi b4a482a7e96cfdef632a7af286120156 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee ComputerName |
|
10
altynbe.com(138.124.183.215) uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io(3.72.42.242) ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io(54.159.36.188) boriz400.com(91.194.11.183) anikvan.com(95.164.68.73) 35.157.36.116 54.159.36.188 91.194.11.183 138.124.183.215 95.164.68.73
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
2.8 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4134 |
2024-05-11 14:58
|
12345.exe 4f2c92a5edd8ce7a482694b9ad9ecbcf Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware DNS |
|
1
121.177.29.204 - mailcious
|
|
|
1.4 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4135 |
2024-05-11 14:57
|
nomal1.exe 5c97b08df1ac8a00b3a618ec5a26aeae BitRAT Generic Malware Malicious Library Downloader Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File ftp PE32 OS Processor Check VirusTotal Malware AutoRuns suspicious privilege Check memory AppData folder BitRAT Windows ComputerName DNS DDNS keylogger |
|
2
rornfl12.duckdns.org(121.177.29.204) 121.177.29.204 - mailcious
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)
|
|
6.6 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4136 |
2024-05-11 14:56
|
nom.exe 95939f7e0943f1428467c77c293e6036 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process Windows DNS DDNS |
|
2
rornfl12.duckdns.org(121.177.29.204) 121.177.29.204 - mailcious
|
2
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
8.4 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4137 |
2024-05-10 22:23
|
AMIFUWINx64.exe 9afdd5c7a004d9c3839754036b3ca6c2 Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check PE64 VirusTotal Malware Checks debugger unpack itself AppData folder crashed |
|
|
|
|
2.4 |
|
3 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4138 |
2024-05-10 16:54
|
Analytics-2024-05-08-091812.ip... 7290bbf769109f0a486d81d551a3d0b0 AntiDebug AntiVM OS Processor Check Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
3.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4139 |
2024-05-10 10:08
|
morningiswakupwithacupoffcoffe... f1764942482f773318b6a6b736c8327d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS DDNS crashed |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/lwbmR
http://mercurimanangere.ddnsking.com/morningfiledatingforlovers.jpg
|
7
mercurimanangere.ddnsking.com(192.3.101.142) - mailcious
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware 61.111.58.34 - malware
172.67.187.200 - mailcious
104.21.45.138 - malware
192.3.101.142 - malware
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY DNS Query to DynDNS Domain *.ddnsking .com ET POLICY Pastebin-style Service (paste .ee) in TLS SNI ET INFO DYNAMIC_DNS HTTP Request to a *.ddnsking .com Domain
|
|
3.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4140 |
2024-05-10 10:05
|
hjv.exe e25ecb676f67f979e48235335467ab31 NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|