| 41791 |
2021-09-07 15:06
|
 blackmatter.exe 18c7c940bc6a4e778fbdf4a3e28151a8
BlackMatter Ransomware PE File PE32 VirusTotal Malware MachineGuid Check memory unpack itself AntiVM_Disk VM Disk Size Check Ransomware ComputerName |
|
2
nowautomation.com() - mailcious
mojobiden.com() - mailcious
|
|
|
7.6 |
|
53 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41792 |
2021-09-07 15:03
|
 charles.html da1721b1e3a188310ec7e7b2520213c3
Antivirus AntiDebug AntiVM PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
31
https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png
https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.js
https://www.google.com/css/maia.css
https://fonts.googleapis.com/css?family=Open+Sans:300
https://www.google.com/js/bg/X2aRQ1GJwV-aYJrCompTpOZQ5iK38WjpPJbnCrlYm6o.js
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff
https://www.google-analytics.com/analytics.js
https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D7944712838498198807%26blogspotRpcToken%3D9022165%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D8965474558532949541%26pageID%3D7944712838498198807%26blogspotRpcToken%3D9022165%26bpli%3D1&passive=true&go=true
https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://chalgyahainknaiajsubkuch.blogspot.com/p/charles.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://chalgyahainknaiajsubkuch.blogspot.com/p/charles.html%26type%3Dblog%26bpli%3D1&passive=true&go=true
https://www.blogger.com/static/v1/widgets/3822632116-css_bundle_v2.css
https://www.blogger.com/blogin.g?blogspotURL=https://chalgyahainknaiajsubkuch.blogspot.com/p/charles.html&type=blog
https://www.blogger.com/static/v1/v-css/281434096-static_pages.css
https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&page=1&bgint=X2aRQ1GJwV-aYJrCompTpOZQ5iK38WjpPJbnCrlYm6o
https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=7944712838498198807&blogspotRpcToken=9022165&bpli=1
https://resources.blogblog.com/img/blank.gif
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff
https://www.blogger.com/comment-iframe.g?blogID=8965474558532949541&pageID=7944712838498198807&blogspotRpcToken=9022165
https://www.blogger.com/static/v1/jsbin/1621653182-comment_from_post_iframe.js
https://www.blogger.com/static/v1/widgets/672507172-widgets.js
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png
https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fchalgyahainknaiajsubkuch.blogspot.com%2Fp%2Fcharles.html&type=blog&bpli=1
https://www.blogger.com/img/blogger-logotype-color-black-1x.png
https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js
https://www.blogger.com/static/v1/jsbin/2520659415-cmt__en_gb.js
https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css
https://resources.blogblog.com/img/icon18_edit_allbkg.gif
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=8965474558532949541&zx=107c350b-6f1f-40e8-91e5-f0d478aaccdb
https://resources.blogblog.com/img/anon36.png
|
16
resources.blogblog.com(172.217.31.169)
www.google.com(172.217.25.68)
www.gstatic.com(172.217.25.67)
fonts.googleapis.com(172.217.175.234)
accounts.google.com(216.58.197.205)
www.google-analytics.com(216.58.197.238)
fonts.gstatic.com(172.217.31.163)
www.blogger.com(172.217.31.169)
142.250.207.67
172.217.31.164
172.217.26.141
142.250.204.41
142.250.204.73
172.217.26.14 - malware
172.217.161.131
142.250.66.42
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41793 |
2021-09-07 14:59
|
faster4upusa.exe 9eff1fa203474d2c90d490415fd380c9
PE File PE64 VirusTotal Malware crashed |
|
|
|
|
1.4 |
M |
13 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41794 |
2021-09-07 14:38
|
Purchase Inquiry.ppt 72fbb1892420f4727710ea0f7a324834
Generic Malware VBA_macro MSOffice File VirusTotal Malware RWX flags setting unpack itself Tofsee |
1
https://www.bitly.com/wqyhdvasdgvyeuiaohbdjad
|
2
www.bitly.com(67.199.248.14) - mailcious
67.199.248.15 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41795 |
2021-09-07 12:21
|
 3cc0e0be954dc849581f9ff1817647... adfe31c40569ca5b0b403f0ba3f7b24c
Gen2 Gen1 Generic Malware Malicious Library PE File OS Processor Check PE32 DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself AppData folder sandbox evasion IP Check ComputerName |
3
http://ip-api.com/json/?fields=8198
http://crl.identrust.com/DSTROOTCAX3CRL.crl
https://a.upstloans.net/report7.4.php - rule_id: 4649
|
9
a.upstloans.net(172.67.179.248) - mailcious
ip-api.com(208.95.112.1)
b.upstloans.net(104.21.31.210) - mailcious
google.vrthcobj.com(34.97.69.225) - mailcious
crl.identrust.com(23.67.53.11)
172.67.179.248 - mailcious
34.97.69.225 - mailcious
121.254.136.27
208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
1
https://a.upstloans.net/report7.4.php
|
8.4 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41796 |
2021-09-07 12:02
|
 SmartPDF.exe 5578b9ee762d52576c11b01f004fc6ad
Gen2 RAT Emotet Gen1 Generic Malware UPX Malicious Library Malicious Packer Antivirus PE File PE32 OS Processor Check DLL .NET EXE PE64 MSOffice File VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW IP Check VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName Amazon DNS |
14
http://crl.identrust.com/DSTROOTCAX3CRL.crl
http://ipinfo.io/ip
http://ip-api.com/json/?fields=8198
http://ipinfo.io/country
https://d.dirdgame.live/userf/2203/3cc0e0be954dc849581f9ff1817647de.exe
https://iplogger.com/1ESxy7
https://ipqualityscore.com/api/json/ip/gp65l99h87k3l1g0owh8fr8v99dme/175.208.134.150
https://jom.diregame.live/userf/2203/gdgame.exe
https://iplis.ru/1S2Qs7
https://a.upstloans.net/report7.4.php - rule_id: 4649
https://collect.installeranalytics.com/
https://bitbucket.org/Sanctam/sanctam/raw/6886fdce0f0a2bb81eece107d8acbd20b349ca2f/includes/ethminer - rule_id: 4430
https://iplis.ru/favicon.ico
https://ipinfo.io/country
|
33
iplogger.com(88.99.66.31)
b.upstloans.net(172.67.179.248) - mailcious
2551889d-a2db-4908-a9a2-6b0fab0a7a78.s3.eu-west-2.amazonaws.com(52.95.149.146) - malware
crl.identrust.com(23.67.53.58)
a.upstloans.net(104.21.31.210) - mailcious
www.svanaturals.com(72.167.225.156)
iplis.ru(88.99.66.31) - mailcious
source7.boys4dayz.com(172.67.148.61)
jom.diregame.live(172.67.158.82) - malware
ipinfo.io(34.117.59.81)
collect.installeranalytics.com(3.232.36.43)
sanctam.net(185.65.135.234) - mailcious
bitbucket.org(104.192.141.1) - malware
ip-api.com(208.95.112.1)
d.dirdgame.live(172.67.186.79) - malware
ipqualityscore.com(104.26.3.60)
google.vrthcobj.com(34.97.69.225) - mailcious
23.67.53.58
72.167.225.156
172.67.186.79 - malware
185.65.135.234
104.21.65.45 - malware
104.192.141.1 - mailcious
88.99.66.31 - mailcious
52.95.148.158
3.232.36.43
172.67.148.61
104.26.3.60
34.97.69.225 - mailcious
34.117.59.81
208.95.112.1
172.67.179.248 - mailcious
104.21.31.210 - mailcious
|
8
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)
ET POLICY Executable served from Amazon S3
ET POLICY PE EXE or DLL Windows file download HTTP
ET POLICY Possible External IP Lookup ipinfo.io
ET INFO TLS Handshake Failure
ET POLICY External IP Lookup ip-api.com
|
2
https://a.upstloans.net/report7.4.php
https://bitbucket.org/Sanctam/sanctam/raw/6886fdce0f0a2bb81eece107d8acbd20b349ca2f/includes/ethminer
|
14.6 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41797 |
2021-09-07 12:01
|
 wef.exe 9008f0b5ea0867bbeda8161d183e7a3d
RAT PWS .NET framework Generic Malware Malicious Library PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself DNS |
|
5
34.97.69.225 - mailcious
208.95.112.1
3.232.36.43
185.65.135.234
121.254.136.57
|
|
|
4.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41798 |
2021-09-07 12:00
|
 proliv6.exe ef5b5d09bfd51074604ec0c622ad7052
Generic Malware Themida Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed |
1
|
3
api.ip.sb(104.26.12.31)
104.26.13.31
144.76.183.53
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41799 |
2021-09-07 11:57
|
 ojbabas.exe 04980596d66951166fa2ebfd96c84d22
PE File OS Processor Check PE32 VirusTotal Malware unpack itself Tofsee crashed |
1
https://img.neko.airforce/files/bnzrp
|
2
img.neko.airforce(167.172.239.151) - mailcious
167.172.239.151 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.4 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41800 |
2021-09-07 11:57
|
 clr.exe be8b9976bbf090bc23facc50a90273d6
NPKI Generic Malware UPX Malicious Library Malicious Packer PE File PE64 VirusTotal Malware unpack itself DNS |
|
4
172.67.186.79 - malware
3.232.36.43
104.21.65.45 - malware
104.192.141.1 - mailcious
|
|
|
2.6 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41801 |
2021-09-07 11:45
|
 frundll32.exe 0425240f08e4a9d06e77a32f3f3b4ab7
RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW Tofsee ComputerName |
|
2
a.uguu.se(144.76.201.136) - malware
144.76.201.136 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41802 |
2021-09-07 11:44
|
 kayzx.exe a23fe7df14ede5c0b9f51cbd58bcd27b
Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
4.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41803 |
2021-09-07 11:42
|
 1.html b158eeca25cafb1c4f708acc3a3e4124
AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41804 |
2021-09-07 11:42
|
 1.html 7546581523b86a9d2b4e60254573e57c
AntiDebug AntiVM Code Injection RWX flags setting unpack itself Windows utilities Windows |
|
|
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41805 |
2021-09-07 11:20
|
 reestr.exe e369a4ae59ce3b82b5ed8054f0597341
Malicious Packer PE File PE32 VirusTotal Malware |
|
|
|
|
2.2 |
M |
48 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|