| 43951 |
2021-01-13 11:20
|
bin.jpg.exe 4ab07abbbf9d50f25e3b16e71d3cf10d
Malware suspicious privilege Malicious Traffic Checks debugger Creates executable files ICMP traffic unpack itself AppData folder malicious URLs DNS DDNS |
10
http://www.adanonce.com/4qdc/
http://www.permanentmakeupprescott.com/4qdc/?w6A=GyJvs69DAGSdIa99E4o+nDEpCOHU/x8n4tr980vbRTNu9PnrATAFvU/76Au826WMYU8koDny&-ZS=W6O83nah-
http://www.permanentmakeupprescott.com/4qdc/
http://www.samsunbahis.com/4qdc/
http://www.lieferjunge.com/4qdc/
http://www.180-g.com/4qdc/?w6A=N1f1ATQBIO4XdmNF2EF0hsFlDVXT2Tqy54Mz0z19RjDHrMcln4rAWlzeNNcn/knmz3tPEyY3&-ZS=W6O83nah-
http://www.lieferjunge.com/4qdc/?w6A=e/5wGgagEQeneIbEnsfjC3u5oEL2kUHNigg02KBJY3EIfdi2tvw+5Zks8kaDra+4rJn8o27a&-ZS=W6O83nah-
http://www.adanonce.com/4qdc/?w6A=irSP8K5q9f/sHU9dsJ5hR9VcwBOK/QGx3SbGFjk/oD5LcKKys6GCgOeGRjjNSvyVqZa8r1Oa&-ZS=W6O83nah-
http://www.180-g.com/4qdc/
http://www.samsunbahis.com/4qdc/?w6A=6+OhFJ+WAwhHAUnrjG5kqsVjW9yFlRJ9kH9sCaLg7OwEi/SvlZi3/4xk7Is+TjGvyc2E457t&-ZS=W6O83nah-
|
17
www.rybaczowka.net(103.152.226.83)
www.collecthreeao-sarmalliy.com()
bu250653.hopto.org(79.134.225.12)
www.flatlandgardenning.com()
www.permanentmakeupprescott.com(184.168.131.241)
www.lieferjunge.com(35.172.94.1)
www.adanonce.com(103.80.16.121)
www.samsunbahis.com(104.31.74.189)
www.humanpotentialai.com()
www.180-g.com(34.102.136.180)
103.80.16.121
103.152.226.83
184.168.131.241 - mailcious
79.134.225.12 - mailcious
34.102.136.180 - mailcious
100.24.208.97
104.31.74.189
|
1
ET POLICY DNS Query to DynDNS Domain *.hopto .org
|
|
8.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43952 |
2021-01-13 11:18
|
D9wyAv.dll 336628002d3f222161b8449ce45ceacb
unpack itself |
|
|
|
|
1.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43953 |
2021-01-13 11:11
|
BATZMPLB.doc 79dfb1dd886e7e55fe2c8cfdef6fe1f0
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
|
14
snowremoval-services.com(35.209.101.201) - malware
kitsunecomplements.com(149.202.105.228) - mailcious
altrashift.com(172.67.217.110)
shop.animewho.com(104.18.41.172)
www.autoeck-baden.at(81.19.159.72) - mailcious
ojodetigremezcal.com(45.77.102.200) - malware
imperioone.com(162.241.203.91) - malware
104.18.41.172
81.19.159.72 - mailcious
104.27.159.29
162.241.203.91 - malware
35.209.101.201 - malware
149.202.105.228 - mailcious
45.77.102.200 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43954 |
2021-01-13 11:10
|
3010CHANGE.png.exe d6728383e72d94601773366caa797014 |
|
|
|
|
0.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43955 |
2021-01-13 10:56
|
16XT5UDVQIPOH7J.doc 37f09032e9a1a53a5252c8a09db41b16
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
2
http://kitsunecomplements.com/too-much-phppq/n65U/
http://www.autoeck-baden.at/wp-content/w0Vb/
|
14
snowremoval-services.com(35.209.101.201) - malware
kitsunecomplements.com(149.202.105.228)
altrashift.com(104.27.158.29)
shop.animewho.com(104.18.40.172)
www.autoeck-baden.at(81.19.159.72)
ojodetigremezcal.com(45.77.102.200) - malware
imperioone.com(162.241.203.91) - malware
81.19.159.72 - mailcious
104.18.40.172
162.241.203.91 - malware
35.209.101.201 - malware
149.202.105.228
45.77.102.200 - malware
104.27.158.29
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43956 |
2021-01-13 10:55
|
5PD5T1TH3ELY.doc 10eb8fa1a6ba17505b6a14cc63aaa13f
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
2
http://kitsunecomplements.com/too-much-phppq/n65U/
http://www.autoeck-baden.at/wp-content/w0Vb/
|
14
snowremoval-services.com(35.209.101.201) - malware
kitsunecomplements.com(149.202.105.228)
altrashift.com(104.27.159.29)
shop.animewho.com(172.67.180.86)
www.autoeck-baden.at(81.19.159.72)
ojodetigremezcal.com(45.77.102.200) - malware
imperioone.com(162.241.203.91) - malware
104.18.41.172
81.19.159.72 - mailcious
104.27.159.29
162.241.203.91 - malware
35.209.101.201 - malware
149.202.105.228
45.77.102.200 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43957 |
2021-01-13 10:40
|
winlog.exe 2e56ef2fbc6e9d6eacdef3c1551b4d07
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
2
http://www.shpments75.com/aky/?AlO=QJsFaO0X6l0SCcPcH95f28dp4Wbv5YN2+vmWYF1EMxQF4F5IAIONzl4rn1fKuXpVmsYVqW4y&ar8=tXIxBhE0ZJytS
http://www.2125lynchmere.com/aky/?AlO=drx5wtjzGJI5wn+wgH0PIRGa3kRhI43tCyOBbRs53f+JfMyNzvkMfC8O18yAZPU4c48BDJ2p&ar8=tXIxBhE0ZJytS
|
5
www.shpments75.com(172.67.144.205)
www.shining.ink()
www.2125lynchmere.com(69.10.230.169)
69.10.230.169
104.24.119.101
|
|
|
9.0 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43958 |
2021-01-13 10:38
|
0A.dll a82fc3ce011bfe8f0ad807446b835104
unpack itself |
|
|
|
|
1.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43959 |
2021-01-13 10:21
|
regasm.exe 6ccfb215045ba2fc275cb2a644a3404c
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key |
|
|
|
|
10.4 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43960 |
2021-01-13 10:21
|
vbc.exe e92f0e2d08762687dc5cf2258258f72a
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed |
|
|
|
|
10.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43961 |
2021-01-13 10:12
|
PO_RFQ_2021_12_01.jpg.exe 2562fa72916dff516613b3c9662bc41a
Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(172.67.188.154)
checkip.dyndns.org(131.186.161.70)
216.146.43.71
172.67.188.154
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
|
|
14.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43962 |
2021-01-13 10:12
|
AEW.exe 7a99807a434f33b10783b43bc2906fbe
VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself suspicious process malicious URLs WriteConsoleW Windows Cryptographic key keylogger |
|
2
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.144) - mailcious
192.253.246.144
|
|
|
14.6 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43963 |
2021-01-13 09:46
|
xls2212exe-2.xls 0b371fc01c22280e04a3e964faa4fc18
Dridex VirusTotal Malware Creates executable files unpack itself malicious URLs Tofsee |
|
2
therapypsyche.com(162.241.253.69)
162.241.253.69
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43964 |
2021-01-13 09:44
|
q0ig4v.rar.exe 8e5596083fd4c3134204e905f7f66325
VirusTotal Malware |
|
|
|
|
1.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43965 |
2021-01-13 09:37
|
pass4476_details2312.xls da6e11faf3c93ee211a5e3275322acfb
unpack itself DNS |
|
|
|
|
1.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|