| 43606 |
2021-02-01 11:28
|
cpu64.exe a431c41c39712dfbc0c8a50fe6abc95f
unpack itself malicious URLs DNS |
|
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43607 |
2021-02-01 11:28
|
wifi.exe 022abc021cc91efe3e1bc65b158654e4
VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName |
|
|
|
|
10.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43608 |
2021-02-01 11:17
|
svch.exe d7c6ddd2feb3c305103f5c3cbb81ba01
VirusTotal Malware suspicious privilege Malicious Traffic unpack itself |
7
http://www.cbrealvitalize.com/bw82/ - rule_id: 171
http://www.cbrealvitalize.com/bw82/?Lh38w=QMz1n+xx2KiD30AmT9IbdZVffunkwaB1v+iSpZgJgwTVZu6PNQxJOIJjV5QBJp9Es7YbcplQ&UR-X=D8Opc - rule_id: 171
http://www.housebulb.com/bw82/?Lh38w=mLdVvjD1AdGiZCaQi9zNl/jZmYLrRWlh7y0PmaE2JOXYml8BP0ZPnpOO6IWo6uQ+XsyL7mYN&UR-X=D8Opc
http://www.rizrvd.com/bw82/?Lh38w=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&UR-X=D8Opc - rule_id: 170
http://www.rizrvd.com/bw82/?Lh38w=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&UR-X=D8Opc
http://www.rizrvd.com/bw82/ - rule_id: 170
http://www.housebulb.com/bw82/
|
22
www.learnplaychess.com(103.250.186.248) - mailcious
www.kolamart.com(34.102.136.180) - mailcious
www.chrisbubser.digital() - mailcious
www.magnabeautystyle.com(184.168.131.241) - mailcious
www.h2oturkiye.com(94.73.146.42) - mailcious
www.yjpps.com(0.0.0.0)
www.cbrealvitalize.com(34.102.136.180) - mailcious
www.rizrvd.com(34.102.136.180) - mailcious
www.housebulb.com(173.234.15.207)
www.semenboostplus.com()
www.riggsfarmfenceservices.com()
www.dameadamea.com()
www.fcoins.club()
www.pandabutik.com(78.142.208.189) - mailcious
www.medkomp.online(81.200.118.106) - mailcious
94.73.146.42 - mailcious
184.168.131.241 - mailcious
173.234.15.207
34.102.136.180 - mailcious
78.142.208.189 - mailcious
81.200.118.106 - mailcious
103.250.186.248 - mailcious
|
|
4
http://www.cbrealvitalize.com/bw82/
http://www.cbrealvitalize.com/bw82/
http://www.rizrvd.com/bw82/
http://www.rizrvd.com/bw82/
|
4.0 |
M |
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43609 |
2021-02-01 11:17
|
vbc.exe 6eac032479caee22d70c96d763cc5e10
Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed |
1
http://51.195.53.221/p.php/zAjk1t0dYWTzj
|
1
51.195.53.221 - mailcious
|
6
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
|
|
14.4 |
M |
46 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43610 |
2021-02-01 11:11
|
SQLSerase.exe af9652990abce48e2e848e097c7ee4ab
AutoRuns suspicious privilege Creates executable files unpack itself malicious URLs Windows DNS |
|
2
d.nxxxn.ga(91.208.245.238) - mailcious
91.208.245.238
|
1
ET INFO DNS Query for Suspicious .ga Domain
|
|
4.6 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43611 |
2021-02-01 11:03
|
ReportServser.exe a2eea769cf4aa2d2f21b9b2292332a43
Buffer PE AutoRuns suspicious privilege Code Injection Check memory buffers extracted Creates executable files unpack itself Windows utilities AppData folder sandbox evasion WriteConsoleW Windows Remote Code Execution DNS |
|
2
r.nxxxn.ga(91.208.245.238) - mailcious
91.208.245.238
|
1
ET INFO DNS Query for Suspicious .ga Domain
|
|
10.8 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43612 |
2021-01-31 16:38
|
regasm.exe d7c6ddd2feb3c305103f5c3cbb81ba01
VirusTotal Malware suspicious privilege Malicious Traffic unpack itself |
13
http://www.rizrvd.com/bw82/ - rule_id: 170
http://www.ctfocbdwholesale.com/bw82/
http://www.thebabyfriendly.com/bw82/?9rn0nZSH=r3fdhBxd74oEgZicGttpxejAYTJXJLNaeaQcIVjlA69R3Zm0PRCvEsUIL1HUx1pPfbJ8Suyi&w2=jFQp3Rm0k
http://www.rizrvd.com/bw82/?9rn0nZSH=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&w2=jFQp3Rm0k - rule_id: 170
http://www.rizrvd.com/bw82/?9rn0nZSH=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&w2=jFQp3Rm0k
http://www.thedancehalo.com/bw82/?9rn0nZSH=TJmBUVi76XvdedvdT4XTiNg0xow+eIDVhd+PvrNB1pQf64xZGmJKzxet+DQnJGM605l+3b5o&w2=jFQp3Rm0k - rule_id: 174
http://www.thebabyfriendly.com/bw82/
http://www.ctfocbdwholesale.com/bw82/?9rn0nZSH=Rxta6xhvu0A+EUy44SYKtO8XUaMinJcredwrnbAyLO8KeYZYbVzWAt3TsErgmguQWvKNX28r&w2=jFQp3Rm0k
http://www.thedancehalo.com/bw82/ - rule_id: 174
http://www.wellnesssensation.com/bw82/?9rn0nZSH=455EGVYNkgtY7DWQNruX/4AMFbR5eugGoF6uNR+Emdxr+jw+VvqHfprsjaey9bT2FO76WXiQ&w2=jFQp3Rm0k
http://www.wellnesssensation.com/bw82/
http://www.gdsjgf.com/bw82/?9rn0nZSH=7KG5rMnLNS/F00cUwyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27kzNH/2ON0tx/WWBZXRB&w2=jFQp3Rm0k - rule_id: 173
http://www.gdsjgf.com/bw82/ - rule_id: 173
|
23
www.gdsjgf.com(34.102.136.180) - mailcious
www.kolamart.com(34.102.136.180) - mailcious
www.thedancehalo.com(34.102.136.180) - mailcious
www.medkomp.online(81.200.118.106) - mailcious
www.rumblingrambles.com() - mailcious
www.curateherstories.com(34.102.136.180) - mailcious
www.rizrvd.com(34.102.136.180) - mailcious
www.mybestaide.com(52.216.8.26) - mailcious
www.gallerybrows.com(34.102.136.180) - mailcious
www.wellnesssensation.com(52.128.23.153)
www.thebabyfriendly.com(154.80.226.18)
www.magnabeautystyle.com(184.168.131.241) - mailcious
www.leadeligey.com(192.0.78.24) - mailcious
www.ctfocbdwholesale.com(34.102.136.180)
www.acdfr.com(199.34.228.73) - mailcious
52.128.23.153
199.34.228.73 - mailcious
52.216.95.162
184.168.131.241 - mailcious
34.102.136.180 - mailcious
81.200.118.106 - mailcious
154.80.226.18
192.0.78.25 - mailcious
|
|
6
http://www.rizrvd.com/bw82/
http://www.rizrvd.com/bw82/
http://www.thedancehalo.com/bw82/
http://www.thedancehalo.com/bw82/
http://www.gdsjgf.com/bw82/
http://www.gdsjgf.com/bw82/
|
4.0 |
M |
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43613 |
2021-01-31 16:37
|
nvidia.exe a624a6472a4bb22c1e44526c804b5034
Check memory malicious URLs DNS |
|
|
|
|
3.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43614 |
2021-01-31 16:33
|
newcontrol.jpg.exe 4b20a886d3d419d051ca73917c4136bd |
|
|
|
|
0.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43615 |
2021-01-31 16:31
|
map.jar 7f2806f2d337879f4f7cf6e28cddd192
VirusTotal Malware Check memory heapspray unpack itself Java DNS |
|
|
|
|
3.0 |
M |
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43616 |
2021-01-31 16:30
|
mapdata.exe b57ce0d894eab00c88302eda3cc38d22
VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
3.2 |
M |
42 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43617 |
2021-01-31 13:54
|
kali.jpg.exe 81efb00f23b3842eaf30892002881d00
VirusTotal Malware suspicious privilege Malicious Traffic unpack itself DNS |
4
http://www.pero.financial/zuwc/?XVJPeDJ8=KSzAckj6vZRzbHSgvOuoQcFRCDGtGsaGXQ0rJ7ukk4z5XwJdgYKOrN38Us0xB4GT3N9YpGSa&EBZ=ZTItdVbp4tXxc
http://www.tuoku8.site/zuwc/?XVJPeDJ8=cD2HLICwWD82TuTM7Y2bqNWV4EMYPvVGYnjgOjabJ2m8ZNOMmCD3BDcKqP3kBdPOk8QKALhW&EBZ=ZTItdVbp4tXxc
http://www.thediscussionnetwork.com/zuwc/?XVJPeDJ8=4UiOAvAF1xuoFDuIZ2DKtSwkIUNYfOEhj2+1uyzg4GiaNgt8tr6SZ44N4eEVnUbCvsxCi7+Q&EBZ=ZTItdVbp4tXxc
http://www.quickpaymentbank.com/zuwc/?XVJPeDJ8=ymPs2kS3sVaJY3gjejH+qC1Te4KqkK57wMIePSq8KVrJSRtX7MRVAmKhf3mAkTI3YaoAoaEX&EBZ=ZTItdVbp4tXxc
|
9
www.bossbabevibesz.com()
www.tuoku8.site(35.244.174.135)
www.pero.financial(34.102.136.180)
www.thediscussionnetwork.com(182.50.132.242)
www.quickpaymentbank.com(103.20.212.212)
35.244.174.135
103.20.212.212
34.102.136.180 - mailcious
182.50.132.242 - mailcious
|
|
|
4.2 |
M |
48 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43618 |
2021-01-31 13:54
|
KYC DOCS.exe 7c7fefeba48f240024a5392ca73a1c99
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key |
|
4
www.gallerybrows.com(34.102.136.180) - mailcious
www.joeisono.com(210.188.193.44)
34.102.136.180 - mailcious
210.188.193.44
|
|
|
10.0 |
M |
41 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43619 |
2021-01-31 13:50
|
IMG_05299.pdf.exe 2f5f5167931bd03205678c1ab20cd636
VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces malicious URLs AntiVM_Disk VM Disk Size Check Tofsee Windows Cryptographic key |
1
|
3
www.google.com(172.217.26.4)
172.217.174.100
172.217.25.196 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.8 |
M |
25 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43620 |
2021-01-31 13:49
|
gfers.exe 322ecf88ef73979abfdcea838ccdd94f
VirusTotal Malware unpack itself DNS |
|
|
|
|
3.0 |
M |
43 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|