| 42241 |
2021-08-24 09:39
|
 sefile.exe b1c5a3368b6c0c2aa2042560821dbe69
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself RCE |
|
|
|
|
2.0 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42242 |
2021-08-24 09:35
|
 bom.exe 7151706b714e5711fc0c3a49fb4cf9be
PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
5
http://www.pawsthemomentpetphotography.com/wufn/?2dqLWP=Rf1VSXHhjAd3xZbUZ5Onn240es76xn7Vld3yUvp1C0rvyafmXRD7FVPOu25ZGszyPHif5o0I&bv4=XVM4iF7P - rule_id: 3861
http://www.fafene.com/wufn/?2dqLWP=q/nZ/0xlcjzfYRCf5lAcwW207Vt55gufSh16C11IQhOATpN5dzVRCn9ZCCtSRwIl23yr9iWQ&bv4=XVM4iF7P - rule_id: 3499
http://www.gaigoilaocai.com/wufn/?2dqLWP=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&bv4=XVM4iF7P - rule_id: 2912
http://www.greenmommarket.com/wufn/?2dqLWP=logrQKqda1/opVmk9q1z/5ZQb95Ly1nqc2GBYZTvjO1HhHB33MEfO9H+6r3OjIRWUPAbFm8G&bv4=XVM4iF7P
http://www.theforumonline.com/wufn/?2dqLWP=oMJPIIffiJ/xnzh2dmE4H4v++ePVGdJ47Cs+qN5CdohcdEg0FINWW3sNxjaQaIOEvkNj7L2f&bv4=XVM4iF7P - rule_id: 4199
|
11
www.theforumonline.com(69.163.228.182)
www.333s998.com(103.200.30.245)
www.gaigoilaocai.com(34.98.99.30)
www.cuadorcoast.com()
www.greenmommarket.com(34.98.99.30)
www.fafene.com(34.98.99.30)
www.pawsthemomentpetphotography.com(198.54.126.105)
192.133.77.59
198.54.126.105 - mailcious
34.98.99.30 - phishing
69.163.228.182 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
4
http://www.pawsthemomentpetphotography.com/wufn/
http://www.fafene.com/wufn/
http://www.gaigoilaocai.com/wufn/
http://www.theforumonline.com/wufn/
|
9.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42243 |
2021-08-24 09:33
|
 chioma.exe e9c5234672c791846a076210769b9c87
Generic Malware PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
5.2 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42244 |
2021-08-24 09:33
|
 musik.exe 8c02034958ae86a8d8b42fa5545561a7
RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
3.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42245 |
2021-08-24 09:32
|
 bom-01.exe 4f9bae274183d2340e7d0cf1d0a37b88
RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
14
http://www.333s998.com/wufn/?t8o8nPp=VTesff5V8BaVQfct7ufB+ZGDNoZjfYL94mUu5cNf67hmTMf3dCw98cZx4Ykp6QvQWnzQdmMu&jPjX_=pFQLrvsp3 - rule_id: 3871
http://www.nathanielwhite108.com/wufn/?t8o8nPp=YfnY/Fsmz+QKrLXZBRDCHXjbe12Sn7h7KuPrYhZcTvyjTPZF+555S5Iv48Qw/Q2USlOtryNo&jPjX_=pFQLrvsp3
http://www.nathanielwhite108.com/wufn/
http://www.solanohomebuyerclass.com/wufn/ - rule_id: 4193
http://www.333s998.com/wufn/ - rule_id: 3871
http://www.peak-valleyadvertising.com/wufn/ - rule_id: 3521
http://www.craftbychristians.com/wufn/ - rule_id: 2908
http://www.craftbychristians.com/wufn/?t8o8nPp=rclXbN+KSBSlJsrhYTkKU4x5e2l7eFQRzjtsLZ0wIslBHruFqS+r6dHnex4dI2ICZk3527X7&jPjX_=pFQLrvsp3 - rule_id: 2908
http://www.fafene.com/wufn/?t8o8nPp=q/nZ/0xlcjzfYRCf5lAcwW207Vt55gufSh16C11IQhOATpN5dzVRCn9ZCCtSRwIl23yr9iWQ&jPjX_=pFQLrvsp3 - rule_id: 3499
http://www.searchlakeconroehomes.com/wufn/?t8o8nPp=PMoU3Bb4pp7kIq7s9Lu9lk9x8XSdLDPlrC1uiYxj/TRDLGMuRYRvVOWSTnHGXDduCYD74xYV&jPjX_=pFQLrvsp3 - rule_id: 3867
http://www.solanohomebuyerclass.com/wufn/?t8o8nPp=+zzRrn2LuczUop/Cd/o3ZSAnv7QTnqViuhwHS4/CIqz6rF5318dL6hgqnxmK9Gf+t0N7z3vJ&jPjX_=pFQLrvsp3 - rule_id: 4193
http://www.searchlakeconroehomes.com/wufn/ - rule_id: 3867
http://www.peak-valleyadvertising.com/wufn/?t8o8nPp=FgzG7Qx2bDHQRqzBshosqp2KyuZ4BKgjCPQpIPsUZT2saqt6xf80CxpLR0Dj1LrdceOnKHHp&jPjX_=pFQLrvsp3 - rule_id: 3521
http://www.fafene.com/wufn/ - rule_id: 3499
|
16
www.solanohomebuyerclass.com(182.50.132.242)
www.searchlakeconroehomes.com(104.21.0.250)
www.nathanielwhite108.com(172.217.175.19)
www.peak-valleyadvertising.com(34.102.136.180)
www.kyg-cpa.com() - mailcious
www.occulusblu.com()
www.333s998.com(108.160.165.189)
www.joshuatreeresearch.com()
www.fafene.com(34.98.99.30)
www.craftbychristians.com(34.102.136.180)
172.217.175.83 - mailcious
34.102.136.180 - mailcious
31.13.80.37
198.71.232.3 - mailcious
104.21.0.250 - mailcious
34.98.99.30 - phishing
|
|
12
http://www.333s998.com/wufn/
http://www.solanohomebuyerclass.com/wufn/
http://www.333s998.com/wufn/
http://www.peak-valleyadvertising.com/wufn/
http://www.craftbychristians.com/wufn/
http://www.craftbychristians.com/wufn/
http://www.fafene.com/wufn/
http://www.searchlakeconroehomes.com/wufn/
http://www.solanohomebuyerclass.com/wufn/
http://www.searchlakeconroehomes.com/wufn/
http://www.peak-valleyadvertising.com/wufn/
http://www.fafene.com/wufn/
|
8.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42246 |
2021-08-24 09:31
|
 omass.exe ba6c5d53e9418b5ce3c569831b68a0c7
RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
3.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42247 |
2021-08-24 09:29
|
 blessedzx.exe a27561650fe74ab80657545858791cd4
AgentTesla browser info stealer Generic Malware Google Chrome User Data Admin Tool (Sysinternals etc ...) Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS keylogger |
|
1
79.134.225.21 - mailcious
|
|
|
11.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42248 |
2021-08-24 09:29
|
 Microsoft.exe 0defe1e926b2407ee4a292480d8ebf48
RAT Generic Malware Themida Packer Anti_VM PE File OS Processor Check .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key crashed |
1
|
3
api.ip.sb(104.26.13.31)
65.21.203.163
104.26.12.31
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42249 |
2021-08-24 09:27
|
 Windows.exe a6b0c68d5870d0962b905eb433ab1cb7
RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
11.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42250 |
2021-08-24 09:26
|
 jojo.exe 7de8ca081578b160483afc1f4d84c960
RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
3.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42251 |
2021-08-24 09:24
|
 joboy.exe 0fe65d945d9f773bec35a27ce6999a3f
RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
2.8 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42252 |
2021-08-24 09:24
|
 pals.exe 1995b0023c950d538750ede62a7c19db
RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
3.0 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42253 |
2021-08-24 09:24
|
 BIN.exe fdbfac3db38e579f28f6a51e55e7b01b
Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
16
http://www.wintonplaceoh.com/n8ba/
http://www.dfendglobal.com/n8ba/
http://www.ascope.club/n8ba/
http://www.naamt.com/n8ba/
http://www.goldenstatelabradoodles.com/n8ba/?LZT8=e60qEcsBiihKxWoRMHsW7u7BjuDaTcxFYqqhC6dyhFGy/A9/KDqWhMaJuZl0wMpQJwhi+sN7&uTux=njoTZ26xmz
http://www.naamt.com/n8ba/?LZT8=k6UYYutEW45PHOXLeWa6OuzmySSf0U/4OHoQgLQZWOBhR3GPD0Rc3M/2tbIwYil2wNSxlE6G&uTux=njoTZ26xmz
http://www.wintonplaceoh.com/n8ba/?LZT8=AVTd1ZN4UWfa3pMJYW+9mBRbWrEnsObc4GxuOgTv+oU74bastT2cYQ1nQ05mxdjtjivpiZLt&uTux=njoTZ26xmz
http://www.braun-mathematik.online/n8ba/
http://www.goldenstatelabradoodles.com/n8ba/
http://www.hauhome.club/n8ba/
http://www.hauhome.club/n8ba/?LZT8=NUeE9ayeqIvtmXJqNXjn0BYB7KGsqh3j5qXA7JKIOsOTIn2Xwxqo8UvFEu3rEeEWLrajsBTb&uTux=njoTZ26xmz
http://www.ascope.club/n8ba/?LZT8=u7WOyhgpLcKkZ3NME85LieZphkZvcqsYIx1o9bJe3DTXHuf5LOGJb9G8tFdvd6sWNuBR8AZ2&uTux=njoTZ26xmz
http://www.braun-mathematik.online/n8ba/?LZT8=+h7Xj+nVXSXdbfNy6Fq1cf2yPuoKyU42UF3/DIUS/dweac3mPynWRx+hybL2rkFqOU3XmxbO&uTux=njoTZ26xmz
http://www.animalds.com/n8ba/?LZT8=ma7grn9fRVytzixCP6VmMhjzZf0Hpfy4HhEbvxYYwLK4ZW8Hoq4Np5gx365LkuQGDkZB+u21&uTux=njoTZ26xmz
http://www.dfendglobal.com/n8ba/?LZT8=vkKjRLs3CaveMkKih3FkRB4gQWVj8i1HH1jWe2WAqlMZtQHHe7vSVJN92s33LNF/LCFOjYAl&uTux=njoTZ26xmz
http://www.animalds.com/n8ba/
|
18
www.braun-mathematik.online(217.160.0.129)
www.hauhome.club(199.59.242.153)
www.animalds.com(99.83.230.40)
www.wintonplaceoh.com(198.71.233.107) - mailcious
www.thehighstatusemporium.com()
www.dfendglobal.com(94.127.7.174)
www.goldenstatelabradoodles.com(34.102.136.180)
www.naamt.com(3.130.158.209)
www.oneninelacrosse.com()
www.ascope.club(95.215.210.10)
198.71.233.107 - mailcious
94.127.7.174 - malware
3.130.158.209 - mailcious
75.2.124.199 - mailcious
34.102.136.180 - mailcious
95.215.210.10 - mailcious
199.59.242.153 - mailcious
217.160.0.129 - malware
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
11.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42254 |
2021-08-24 09:23
|
 bom-02.exe 6e33655754e13782626f4b2282a8264d
Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
9
http://www.searchlakeconroehomes.com/wufn/?lJBtHN_=PMoU3Bb4pp7kIq7s9Lu9lk9x8XSdLDPlrC1uiYxj/TRDLGMuRYRvVOWSTnHGXDduCYD74xYV&_hrpX=kzrxUp - rule_id: 3867
http://www.prinothhusky.com/wufn/?lJBtHN_=GFt2TzYQfdSiNG603WLL+Cz/jkuaKDaMw91O9Wlio7W/+JMlkABrabAp9DL5ExKj8sqeUNNS&_hrpX=kzrxUp - rule_id: 3291
http://www.nathanielwhite108.com/wufn/?lJBtHN_=YfnY/Fsmz+QKrLXZBRDCHXjbe12Sn7h7KuPrYhZcTvyjTPZF+555S5Iv48Qw/Q2USlOtryNo&_hrpX=kzrxUp
http://www.reshemporium.com/wufn/?lJBtHN_=wp/rTAq+nefw0Ut8gBAFiAOZsxmfnTEjPBWm4zxzbrCD8Q+PSp7/6kESKmxQvFdTe2TjazgW&_hrpX=kzrxUp - rule_id: 4201
http://www.rootmoover.com/wufn/?lJBtHN_=jUqWC+wM+s2Yehearj52syV+yALdMbb6PeN2CvBJSFCwW1HLktm3ATZosqzbiXJTH9I2JiE2&_hrpX=kzrxUp - rule_id: 3570
http://www.feathertiara.net/wufn/?lJBtHN_=kBuwGfiPz7ySFvcjUzLnibr355l72ljuv5/5hH3ZydAEXYL8DZHvf8y8kbj1LoIM4KSTAosX&_hrpX=kzrxUp
http://www.laterlifelendingsupermarket.com/wufn/?lJBtHN_=JK53FQapth9VDdSHXGajN0L5nsR3wCbJsKyzCV6oZDicv5erkPKtybHomSqu7DQ5sf8AoARo&_hrpX=kzrxUp - rule_id: 3501
http://www.mybodysaver.com/wufn/?lJBtHN_=iAyrziyFF9RqM6kqTrR2Gz8v85ou6HqcZ1qFLOyqSC08U8XZpeh2g5fFjWykbq8K9Lt/Vzcu&_hrpX=kzrxUp - rule_id: 3227
http://www.frystmor.city/wufn/?lJBtHN_=eWg3OYora75B6Z+tLCzm5f6Ri2Qy6T4wPAbOFkNyDPrqSJvJlKf467sJrNVRbgaUTepkudSS&_hrpX=kzrxUp - rule_id: 3223
|
19
www.systemofyouth.com() - mailcious
www.searchlakeconroehomes.com(172.67.151.130)
www.nathanielwhite108.com(172.217.175.19)
www.mybodysaver.com(104.21.91.185)
www.prinothhusky.com(34.102.136.180) - mailcious
www.feathertiara.net(154.220.112.199)
www.cuadorcoast.com()
www.laterlifelendingsupermarket.com(85.233.160.22)
www.rootmoover.com(91.195.240.117)
www.reshemporium.com(34.102.136.180)
www.frystmor.city(198.54.117.217)
172.67.151.130
198.54.117.211 - phishing
85.233.160.23 - mailcious
34.102.136.180 - mailcious
154.220.112.199
172.217.26.19 - phishing
91.195.240.117 - mailcious
104.21.91.185
|
|
7
http://www.searchlakeconroehomes.com/wufn/
http://www.prinothhusky.com/wufn/
http://www.reshemporium.com/wufn/
http://www.rootmoover.com/wufn/
http://www.laterlifelendingsupermarket.com/wufn/
http://www.mybodysaver.com/wufn/
http://www.frystmor.city/wufn/
|
9.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42255 |
2021-08-24 09:20
|
 nd.exe e249c3cf931a39ce861670aca977b737
PE File PE32 VirusTotal Malware unpack itself |
|
|
|
|
1.6 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|