| 42886 |
2021-08-15 12:18
|
 Get-Variable.exe 0e78df69265dc57c37673bdee540ce2f
VMProtect UPX Malicious Library PE File PE32 Malware download VirusTotal Malware IoC Malicious Traffic Checks debugger unpack itself Windows utilities suspicious process Kovter Zeus Windows ComputerName Trojan DNS |
3
http://94.103.80.169/gate.php?type=update&uid=14F63AB901393115137325
http://94.103.80.169/gate.php?type=check&uid=14F63AB901393115137325
http://94.103.80.169/gate.php?type=ping&uid=14F63AB901393115137325
|
1
94.103.80.169 - mailcious
|
6
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE Trojan Generic - POST To gate.php with no accept headers
ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad
ET MALWARE Generic gate[.].php GET with minimal headers
ET HUNTING Suspicious GET To gate.php with no Referer
ET MALWARE WIN32/KOVTER.B Checkin
|
|
6.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42887 |
2021-08-14 16:32
|
 b4cfc49d647ebeffb99579dbd4be2a... b594afc619b7f19b04c125b093ddb099
CobaltStrike Generic Malware Malicious Packer UPX Malicious Library PE File PE64 VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
|
39 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42888 |
2021-08-14 10:09
|
 Setup-Outfox.exe 598c257c885f0b71816ff13d27b2579e
BitCoin Generic Malware AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://135.125.215.49:54405/
https://api.ip.sb/geoip
|
3
api.ip.sb(104.26.12.31)
135.125.215.49
104.26.12.31
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
|
|
11.8 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42889 |
2021-08-14 10:06
|
 sfgnvskjgnvlwknrfvlqknervjqnfb... d30c39fba040fff4e671659fd820bea5
RAT PWS .NET framework Generic Malware UPX OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://45.14.49.111:26475/
https://api.ip.sb/geoip
|
3
api.ip.sb(172.67.75.172)
45.14.49.111
104.26.13.31
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
|
|
7.4 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42890 |
2021-08-14 10:06
|
Mozi.m f9d9a97220224f47484df6d10733e931
Eir D1000 routers Vulnerability AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName keylogger |
|
|
|
|
5.4 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42891 |
2021-08-14 10:06
|
 P4SDww.exe d8b2a0b440b26c2dc3032e3f0de38b72
Gen1 RAT Generic Malware UPX Malicious Library Malicious Packer .NET EXE PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Windows Browser ComputerName Cryptographic key Software crashed |
13
http://music-sec.xyz/?k=v2&user=p4_5
http://music-sec.xyz/?k=v2&user=p4_4
http://sytareliar.xyz/
http://music-sec.xyz/?k=v2&user=p4_6
http://music-sec.xyz/?k=v2&user=p4_1
http://music-sec.xyz/?k=v2&user=p4_3
http://music-sec.xyz/?k=v2&user=p4_2
https://iplogger.org/1XqVr7
https://all-brain-company.xyz/ - rule_id: 2927
https://api.ip.sb/geoip
https://all-brain-company.xyz/api.php?getusers - rule_id: 2928
https://iplogger.org/1DSJe7
https://all-brain-company.xyz/api.php - rule_id: 2928
|
10
music-sec.xyz(104.21.92.87)
all-brain-company.xyz(104.21.87.184) - mailcious
sytareliar.xyz(212.224.105.106)
api.ip.sb(172.67.75.172)
iplogger.org(88.99.66.31) - mailcious
212.224.105.106
88.99.66.31 - mailcious
104.26.13.31
104.21.87.184 - mailcious
104.21.92.87
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
3
https://all-brain-company.xyz/
https://all-brain-company.xyz/api.php
https://all-brain-company.xyz/api.php
|
12.4 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42892 |
2021-08-14 10:02
|
 refno2.exe 8ed7a017019ddb3974773f00201ce7ff
RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
5
http://www.theleedongreen.com/i7dg/?Wz=ypSwwrM3wKNdfLS8mF2vipmcYk/3i6508EavNptUwufqgKOEsgideXOUhIXigZLST3smYLe0&vB=chrxU
http://www.japanesexxxvideo7.com/i7dg/?Wz=9+PcFwF+yKwQzFuxBI05Qt+M2ZGoD6AK8+6TrakvekZYWOE0h2iaxxkSU/NDZ/8I9vMQgLcP&vB=chrxU
http://www.connorcartledgerock.com/i7dg/?Wz=+QwcFSc3LAszI5STokBrj/G8xmYTR3ePtZ4+LNmYgJK+lnQni8LjtB976bxiuML43SANpGxN&vB=chrxU
http://www.fvckshirt.com/i7dg/?Wz=Brxl0ootlrHDmuE8D8C/z9eXAv9DW2BvFzN2VmYPaGRsQUWnFEbzO+2N9aJ9smzbU33e4lgs&vB=chrxU
http://www.wqfilter.com/i7dg/?Wz=f8iD9L4dCkbpAKOV3a2zV06Ib9jyqzB9Ki8lcYXtvMA4ssIJMUtZ9I613gG4tg+W1f0MRSWa&vB=chrxU
|
15
www.beerdominant.com()
www.japanesexxxvideo7.com(46.182.111.137)
www.pdam-lebak.com()
www.connorcartledgerock.com(198.49.23.144)
www.fvckshirt.com(67.195.197.25)
www.bj-htst.com()
www.theleedongreen.com(101.100.204.11)
www.shoplasero.com()
www.xilomo.xyz()
www.wqfilter.com(154.88.24.172)
67.195.197.25 - phishing
46.182.111.137
154.88.24.172
101.100.204.11
198.185.159.144 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42893 |
2021-08-14 10:00
|
 .svchost.exe 85ef4d2c4d482b353c237e1145fc52bd
GuLoader Generic Malware Malicious Packer UPX Malicious Library PE File PE32 VirusTotal Malware RWX flags setting unpack itself |
|
|
|
|
2.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42894 |
2021-08-14 09:59
|
 software.exe e4102e8888cdd54defb8babef27dcaef
Gen2 RAT Generic Malware Themida Packer Malicious Packer UPX Malicious Library OS Processor Check .NET EXE PE File PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName RCE Firmware Cryptographic key crashed |
2
http://alasshrilm.xyz/
https://api.ip.sb/geoip
|
4
alasshrilm.xyz(212.224.105.79)
api.ip.sb(172.67.75.172)
104.26.13.31
212.224.105.79 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42895 |
2021-08-14 09:57
|
 refno3.exe c7cda00215a9747d2a6142919bd45227
Generic Malware Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.8 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42896 |
2021-08-14 09:56
|
 rollerkind2.exe 29873d5f4db7060243199e49d7af8930
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42897 |
2021-08-14 09:55
|
 abdulzx.exe a999f70ef203107555ad230346b89c80
Generic Malware Antivirus UPX PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself |
|
|
|
|
1.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42898 |
2021-08-14 09:54
|
 apines.exe d60de31e6e431d66634f84ef0ee29f37
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.4 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42899 |
2021-08-14 09:53
|
 update.dll fef6b272e83c2db9338ad55ffb6e8f6e
UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 VirusTotal Malware Buffer PE Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser DNS Cryptographic key crashed |
|
1
192.52.167.44 - mailcious
|
|
|
5.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42900 |
2021-08-14 09:52
|
 pub1.exe 9f6cc7e30cf819e9e22558d3868a692d
UPX Malicious Library OS Processor Check PE File PE32 PDB unpack itself |
|
|
|
|
1.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|