| 41881 |
2021-09-04 14:12
|
 beacon.exe 8d8d168e25d41e2d4304c08cb3105d9b
Malicious Library PE File PE32 Dridex TrickBot VirusTotal Malware RWX flags setting unpack itself Kovter ComputerName RCE DNS |
|
1
|
3
ET DROP Dshield Block Listed Source group 1
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
SURICATA Applayer Wrong direction first Data
|
|
3.2 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41882 |
2021-09-04 14:11
|
 vbc.exe e2e2b1bd1df8d460c9b1d11097429d16
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41883 |
2021-09-04 14:09
|
 PBrowFile17.exe 8e2c6bd0f789c514be09799fa453f9bb
Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee |
2
https://2no.co/1XaQy7 - rule_id: 4556
https://2no.co/1m32g7 - rule_id: 4557
|
5
theonlinesportsgroup.net() - mailcious
remotepc3.xyz()
remotenetwork.xyz()
2no.co(88.99.66.31) - mailcious
88.99.66.31 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
2
https://2no.co/1XaQy7
https://2no.co/1m32g7
|
4.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41884 |
2021-09-04 14:09
|
 PBrowFile16.exe 915fff94ba8a7588af46c1090b7cd6d9
NPKI Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee |
2
https://2no.co/1w7Ab7
https://2no.co/1w8Ab7
|
5
theonlinesportsgroup.net() - mailcious
remotepc3.xyz()
remotenetwork.xyz()
2no.co(88.99.66.31) - mailcious
88.99.66.31 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.4 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41885 |
2021-09-04 14:08
|
 vbc.exe c13976b4653ada57f5b39e16a793e99f
PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed |
9
http://www.allianzbersamamu.com/nthe/?JfExyPL0=2YZdSTXa1loLbzYX+KcnQQkiviJlq8WIBr6m/lVEooYtizd+E4nT8gCCGWlpcQ6d7AGpSO/Q&ojo0s=RzuPnV
http://www.fihglobal.com/nthe/?JfExyPL0=mKrLZ0KBDIQPI4DdC9V+hI0e30bTUityPVbhna4JYUAi4UF4dmM1cf0ZfJCGCONr8A0LwDUp&ojo0s=RzuPnV
http://www.colorfulcreativeco.com/nthe/?JfExyPL0=i1Uafv7/XY5pwQg/IO5636VQDSyiXmHNkufSpgLunOfe4moK9BB1YXz9zS6ff7gD8g/iDxDQ&ojo0s=RzuPnV
http://www.eurolajd.com/nthe/?JfExyPL0=6oXK1x+wYzAmru5Z6N72zxO5QluB6KDp6VcVoDgZC/q3ydUBCDLLVfoEyXCF5izCe5Tk5Ggz&ojo0s=RzuPnV
http://www.hanlansmojitovillage.net/nthe/?JfExyPL0=54OfAHeNbwRIeCfiK96ZbDhctG36f6+/FiUzkHshmPfrtcl9VWH+3r9WBXmbjhC4FqUNXJfm&ojo0s=RzuPnV
http://www.thehendrixcollection.com/nthe/?JfExyPL0=qp5tTycjraYi6SJsXJzwoJew8M45iHa3mcoNtA6+f44Y1u07iGIt/R0L13x3Q7wmKkJP7e6a&ojo0s=RzuPnV
http://www.menucoders.com/nthe/?JfExyPL0=2/6tfhI6PmzLXkibMbYMuhqxPUXSwPisEi/Yg6xjUm32Bq9HT7zDahDLd/hxqMxFYlEHT94T&ojo0s=RzuPnV
http://www.cpb.site/nthe/?JfExyPL0=21tMkqEPJZcvLTuam7CVVp3eTiqf/+4cN27Pgp5ejfxv1jbsXk06Rc83vMhu3FiqrxPpPkW+&ojo0s=RzuPnV
http://www.com-security.center/nthe/?JfExyPL0=O9ru5Cw3dlJheDNPmkvXbDQOyxIElFziblOF/ZOA9naSo9UY2bdQogtefZKIBoCLD75xyqbM&ojo0s=RzuPnV
|
18
www.thehendrixcollection.com(34.102.136.180)
www.menucoders.com(172.217.174.115)
www.colorfulcreativeco.com(185.169.253.175)
www.hanlansmojitovillage.net(34.102.136.180)
www.com-security.center(99.81.40.78)
www.eurolajd.com(95.217.195.80)
www.cpb.site(208.91.197.27)
www.minhscribe.com()
www.allianzbersamamu.com(151.106.124.13)
www.fihglobal.com(13.248.216.40)
172.217.26.51 - phishing
13.248.216.40 - mailcious
99.81.40.78 - mailcious
208.91.197.27 - mailcious
34.102.136.180 - mailcious
151.106.124.13
95.217.195.80 - malware
185.169.253.175
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.2 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41886 |
2021-09-04 14:07
|
 pcpedemo.exe 250e548c641a259913efe572efa37914
Emotet Generic Malware NSIS Malicious Library PE File OS Processor Check PE32 VirusTotal Malware Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder |
|
|
|
|
4.0 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41887 |
2021-09-04 14:05
|
 skype.exe 7cdbaac6ce5de3023ac8b8ebf17cbb1f
PWS .NET framework email stealer Generic Malware DNS Socket Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key crashed |
|
1
|
|
|
11.8 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41888 |
2021-09-04 14:05
|
 obinnazx.exe 5b5276e6117204297cf817fee27e16d4
PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows Cryptographic key |
1
http://www.best123-movies.com/gz92/?pPB=jWTejL3+D+Hcg5zVfim8Kkj3YaZNWfReiwt81ol2RyZe448HMGoII8eUgBNn9uB5CJiZPpky&-ZS=W6O83nLhO
|
4
www.peggeorge.com(156.241.53.33)
www.best123-movies.com(34.98.99.30)
34.98.99.30 - phishing
156.241.53.33
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
11.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41889 |
2021-09-04 14:03
|
 Soft-win.exe 4e120e201ef1e0c75a923215aa66e07b
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
2.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41890 |
2021-09-04 14:02
|
 Real01_1.exe 5cde4a5c2fad12bc819ccc89b6baae53
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.6 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41891 |
2021-09-04 14:02
|
 rp1.exe 7dd46656a988d8b05cf41486ff90e6aa
Emotet Generic Malware Themida Packer Malicious Library PE File .NET EXE PE32 GIF Format Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed |
4
http://iplogger.org/1mxPf7
https://iplogger.org/1mxPf7
https://cdn.discordapp.com/attachments/446310284857180160/883361400209174538/Zenare.exe
https://api.ip.sb/geoip
|
9
api.ip.sb(172.67.75.172)
cdn.discordapp.com(162.159.133.233) - malware
bitbucket.org(104.192.141.1) - malware
iplogger.org(88.99.66.31) - mailcious
172.67.75.172 - mailcious
162.159.129.233 - malware
88.99.66.31 - mailcious
104.192.141.1 - mailcious
84.246.85.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
14.4 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41892 |
2021-09-04 14:00
|
syn 9eb8c2ce21be0b6f778806b9875f1368
Malicious Library AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email |
|
|
|
|
4.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41893 |
2021-09-04 13:58
|
 PBrowFile15.exe 0dd588d0d11074ff583db120b6c551a4
Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee |
2
https://2no.co/1C8Ua7
https://2no.co/1C6Ua7
|
5
theonlinesportsgroup.net() - mailcious
remotepc3.xyz()
remotenetwork.xyz()
2no.co(88.99.66.31) - mailcious
88.99.66.31 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41894 |
2021-09-04 13:58
|
 build_2021-09-03_19-07.exe 34d8bda29d961c5757f3a8a0ef971205
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
2.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41895 |
2021-09-04 13:58
|
 fit.exe 3386ae032f6d373ca53c4cdd9f2d8071
Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName |
3
https://onedrive.live.com/download?cid=D6676A9A61E841F3&resid=D6676A9A61E841F3%21145&authkey=AFt5mXo5_hIU9Wo
https://ya5qxq.sn.files.1drv.com/y4mhkdES2FrzkTr6_ft2vmvKfb9bGMafvF6erpDGpYTyyTou4wOYM--o-pDpWFRoe7XtvHGmX-j_fZ9jW-sMy0xF9LNy6xYLxCqh457rSVvRZ9mXnrhAbWBC7JoY6cVQXsaxJXaqxeEx9ypdygh-0x4PHsyE4Rqwgt5FVSoogr_d7kT53WzOlK4QTYdvaXtyMutkLvh5570BfFK65a9VkcfOA/Zmtabitkattqctosiqoboivzoukwwhu?download&psid=1
https://ya5qxq.sn.files.1drv.com/y4mWV0lrv_tiHoBpZFLgeGeAoOLHwgJmNqdH0OgjUFuy2BNr8G1IO_HRyR6jrXDrImiFe2QUvT74VBUi5sedcd9fLF9dxoWww6_21cF9mI_hsgFoBYR5C-53tzBarzEgUjh_sHrNCdGK_piD2dAN0Pt76qJhizWP4egLLhy7FriuiAueVsovba7AN1mG-Ds_Hqv63TZr0t6kELXRIsqvIrriA/Zmtabitkattqctosiqoboivzoukwwhu?download&psid=1
|
6
onedrive.live.com(13.107.42.13) - mailcious
twistednerd.dvrlists.com(62.102.148.152) - mailcious
ya5qxq.sn.files.1drv.com(13.107.42.12)
13.107.42.13 - mailcious
13.107.42.12 - malware
62.102.148.152
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|