| 41701 |
2021-09-09 16:32
|
 lv.exe b9424401181e75b5c4b5d418860d864e
Emotet NPKI Gen1 Gen2 Generic Malware Themida Packer Malicious Library Anti_VM UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal cred VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs Windows crashed |
|
1
JhGOXkuJVqJfLGQiRCYLKKR.JhGOXkuJVqJfLGQiRCYLKKR()
|
|
|
9.8 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41702 |
2021-09-09 16:31
|
 file.exe fd89d95093e3dbd5fd1a9ce4e9eec47a
Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
2.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41703 |
2021-09-09 12:49
|
0908_1433632206833.doc 7be586e116427f79c0b9dc51d3f5419a
hancitor Generic Malware VBA_macro MSOffice File GIF Format Malware Malicious Traffic buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName |
2
http://takitrisexp.ru/8/forum.php - rule_id: 5047
http://api.ipify.org/
|
4
api.ipify.org(54.225.219.20)
takitrisexp.ru(93.125.114.53) - mailcious
93.125.114.53 - mailcious
54.235.247.117
|
1
ET POLICY External IP Lookup api.ipify.org
|
1
http://takitrisexp.ru/8/forum.php
|
7.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41704 |
2021-09-09 12:19
|
0908_4652590689245.doc 512bf2e7c344b5b9dce4e0ad126b3445
Generic Malware VBA_macro MSOffice File GIF Format Malware Malicious Traffic buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName |
2
http://api.ipify.org/
http://takitrisexp.ru/8/forum.php
|
4
api.ipify.org(23.21.76.7)
takitrisexp.ru(93.125.114.53) - mailcious
93.125.114.53 - mailcious
54.235.247.117
|
1
ET POLICY External IP Lookup api.ipify.org
|
|
7.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41705 |
2021-09-09 12:16
|
0908_3382318512000.doc 985430bde7046f60da665fb65a15d5b5
Generic Malware VBA_macro MSOffice File GIF Format Malware Malicious Traffic buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces suspicious TLD IP Check ComputerName |
2
http://api.ipify.org/
http://takitrisexp.ru/8/forum.php
|
4
api.ipify.org(50.16.248.208)
takitrisexp.ru(93.125.114.53) - mailcious
93.125.114.53 - mailcious
50.16.239.65
|
1
ET POLICY External IP Lookup api.ipify.org
|
|
7.6 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41706 |
2021-09-09 12:16
|
0908_1433632206833.doc 7be586e116427f79c0b9dc51d3f5419a
Generic Malware VBA_macro MSOffice File unpack itself |
|
|
|
|
1.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41707 |
2021-09-09 12:13
|
 360.exe 4b6041ec1313e10979cbe1d154d87352
CoinMiner Generic Malware UPX PE File PE32 VirusTotal Malware AutoRuns Malicious Traffic Creates executable files unpack itself Windows RCE DNS |
1
http://180.215.215.189/NetSyst81.dll
|
1
180.215.215.189 - malware
|
2
ET INFO Dotted Quad Host DLL Request
ET ADWARE_PUP User-Agent (Mozilla/4.0 (compatible))
|
|
6.0 |
M |
53 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41708 |
2021-09-09 09:56
|
 linesloters.png 4f2e675ac43f180075d9b1f3316486f8
Malicious Library AntiDebug AntiVM PE File OS Processor Check PE32 Dridex TrickBot Malware PDB suspicious privilege Code Injection Malicious Traffic buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process IP Check Kovter ComputerName DNS crashed |
7
https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/NAT%20status/client%20is%20behind%20NAT/0/
https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/5/file/
https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/0/Windows%207%20x64%20SP1/1107/175.208.134.150/727F639DF1E9560A2743CB69221BB85D3D1D1CBDEE638318DB0A9F2C35331CAD/MCxF3JrLYrtTCbjOSF8HBH79R/
https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/user/test22/0/
https://105.27.205.34/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/5/pwgrabb64/
https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/exc/E:%200xc0000005%20A:%200x0000000077919A5A/0/
https://179.189.229.254/rob129/TEST22-PC_W617601.D4F77BDCB54FCB3B1B575C0A3B4827D7/14/path/C:%5CUsers%5Ctest22%5CAppData%5CRoaming%5CAnyLiteGamesSAOY%5Clinesloters.exe/0/
|
4
ipecho.net(34.117.59.81) - mailcious
105.27.205.34 - mailcious
179.189.229.254 - mailcious
34.117.59.81
|
4
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET POLICY curl User-Agent Outbound
ET POLICY External IP Lookup - ipecho.net
|
|
8.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41709 |
2021-09-09 09:55
|
 clip.exe cbdd7e3ccea8e6cfae0dddf8fe6f6599
Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
1.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41710 |
2021-09-09 09:53
|
 sufile.exe f8a663ba086d55062bd727777b7cb02c
Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
2.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41711 |
2021-09-09 09:52
|
 ipfile.exe 3b1da65539de559464dce8e2e8074227
Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
1.8 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41712 |
2021-09-09 09:50
|
 sefile2.exe 3c933afc5af70a1c6330452b6f3f1f46
Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
2.0 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41713 |
2021-09-09 09:50
|
 360.exe 4b6041ec1313e10979cbe1d154d87352
PE File PE32 VirusTotal Malware AutoRuns Malicious Traffic Creates executable files unpack itself Windows RCE DNS |
1
http://180.215.215.189/NetSyst81.dll
|
1
180.215.215.189 - malware
|
2
ET INFO Dotted Quad Host DLL Request
ET ADWARE_PUP User-Agent (Mozilla/4.0 (compatible))
|
|
6.0 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41714 |
2021-09-09 09:21
|
 okc.exe add9f6ce0fabf00a7b16911122e81f96
RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName Cryptographic key crashed |
2
http://google.com/
http://www.google.com/
|
4
google.com(172.217.175.78)
www.google.com(142.250.199.100)
172.217.161.164
172.217.25.110 - mailcious
|
|
|
10.6 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41715 |
2021-09-09 09:18
|
 whesilozx.exe 0f48e15f12d8c4d49f456aae86f59c29
RAT PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed |
|
|
|
|
8.6 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|