43951 |
2021-01-13 11:20
|
bin.jpg.exe 4ab07abbbf9d50f25e3b16e71d3cf10d Malware suspicious privilege Malicious Traffic Checks debugger Creates executable files ICMP traffic unpack itself AppData folder malicious URLs DNS DDNS |
10
http://www.adanonce.com/4qdc/ http://www.permanentmakeupprescott.com/4qdc/?w6A=GyJvs69DAGSdIa99E4o+nDEpCOHU/x8n4tr980vbRTNu9PnrATAFvU/76Au826WMYU8koDny&-ZS=W6O83nah- http://www.permanentmakeupprescott.com/4qdc/ http://www.samsunbahis.com/4qdc/ http://www.lieferjunge.com/4qdc/ http://www.180-g.com/4qdc/?w6A=N1f1ATQBIO4XdmNF2EF0hsFlDVXT2Tqy54Mz0z19RjDHrMcln4rAWlzeNNcn/knmz3tPEyY3&-ZS=W6O83nah- http://www.lieferjunge.com/4qdc/?w6A=e/5wGgagEQeneIbEnsfjC3u5oEL2kUHNigg02KBJY3EIfdi2tvw+5Zks8kaDra+4rJn8o27a&-ZS=W6O83nah- http://www.adanonce.com/4qdc/?w6A=irSP8K5q9f/sHU9dsJ5hR9VcwBOK/QGx3SbGFjk/oD5LcKKys6GCgOeGRjjNSvyVqZa8r1Oa&-ZS=W6O83nah- http://www.180-g.com/4qdc/ http://www.samsunbahis.com/4qdc/?w6A=6+OhFJ+WAwhHAUnrjG5kqsVjW9yFlRJ9kH9sCaLg7OwEi/SvlZi3/4xk7Is+TjGvyc2E457t&-ZS=W6O83nah-
|
17
www.rybaczowka.net(103.152.226.83) www.collecthreeao-sarmalliy.com() bu250653.hopto.org(79.134.225.12) www.flatlandgardenning.com() www.permanentmakeupprescott.com(184.168.131.241) www.lieferjunge.com(35.172.94.1) www.adanonce.com(103.80.16.121) www.samsunbahis.com(104.31.74.189) www.humanpotentialai.com() www.180-g.com(34.102.136.180) 103.80.16.121 103.152.226.83 184.168.131.241 - mailcious 79.134.225.12 - mailcious 34.102.136.180 - mailcious 100.24.208.97 104.31.74.189
|
1
ET POLICY DNS Query to DynDNS Domain *.hopto .org
|
|
8.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43952 |
2021-01-13 11:18
|
D9wyAv.dll 336628002d3f222161b8449ce45ceacb unpack itself |
|
|
|
|
1.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43953 |
2021-01-13 11:11
|
BATZMPLB.doc 79dfb1dd886e7e55fe2c8cfdef6fe1f0 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
|
14
snowremoval-services.com(35.209.101.201) - malware kitsunecomplements.com(149.202.105.228) - mailcious altrashift.com(172.67.217.110) shop.animewho.com(104.18.41.172) www.autoeck-baden.at(81.19.159.72) - mailcious ojodetigremezcal.com(45.77.102.200) - malware imperioone.com(162.241.203.91) - malware 104.18.41.172 81.19.159.72 - mailcious 104.27.159.29 162.241.203.91 - malware 35.209.101.201 - malware 149.202.105.228 - mailcious 45.77.102.200 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43954 |
2021-01-13 11:10
|
3010CHANGE.png.exe d6728383e72d94601773366caa797014 |
|
|
|
|
0.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43955 |
2021-01-13 10:56
|
16XT5UDVQIPOH7J.doc 37f09032e9a1a53a5252c8a09db41b16 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
2
http://kitsunecomplements.com/too-much-phppq/n65U/ http://www.autoeck-baden.at/wp-content/w0Vb/
|
14
snowremoval-services.com(35.209.101.201) - malware kitsunecomplements.com(149.202.105.228) altrashift.com(104.27.158.29) shop.animewho.com(104.18.40.172) www.autoeck-baden.at(81.19.159.72) ojodetigremezcal.com(45.77.102.200) - malware imperioone.com(162.241.203.91) - malware 81.19.159.72 - mailcious 104.18.40.172 162.241.203.91 - malware 35.209.101.201 - malware 149.202.105.228 45.77.102.200 - malware 104.27.158.29
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43956 |
2021-01-13 10:55
|
5PD5T1TH3ELY.doc 10eb8fa1a6ba17505b6a14cc63aaa13f Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
2
http://kitsunecomplements.com/too-much-phppq/n65U/ http://www.autoeck-baden.at/wp-content/w0Vb/
|
14
snowremoval-services.com(35.209.101.201) - malware kitsunecomplements.com(149.202.105.228) altrashift.com(104.27.159.29) shop.animewho.com(172.67.180.86) www.autoeck-baden.at(81.19.159.72) ojodetigremezcal.com(45.77.102.200) - malware imperioone.com(162.241.203.91) - malware 104.18.41.172 81.19.159.72 - mailcious 104.27.159.29 162.241.203.91 - malware 35.209.101.201 - malware 149.202.105.228 45.77.102.200 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43957 |
2021-01-13 10:40
|
winlog.exe 2e56ef2fbc6e9d6eacdef3c1551b4d07 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
2
http://www.shpments75.com/aky/?AlO=QJsFaO0X6l0SCcPcH95f28dp4Wbv5YN2+vmWYF1EMxQF4F5IAIONzl4rn1fKuXpVmsYVqW4y&ar8=tXIxBhE0ZJytS http://www.2125lynchmere.com/aky/?AlO=drx5wtjzGJI5wn+wgH0PIRGa3kRhI43tCyOBbRs53f+JfMyNzvkMfC8O18yAZPU4c48BDJ2p&ar8=tXIxBhE0ZJytS
|
5
www.shpments75.com(172.67.144.205) www.shining.ink() www.2125lynchmere.com(69.10.230.169) 69.10.230.169 104.24.119.101
|
|
|
9.0 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43958 |
2021-01-13 10:38
|
0A.dll a82fc3ce011bfe8f0ad807446b835104 unpack itself |
|
|
|
|
1.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43959 |
2021-01-13 10:21
|
regasm.exe 6ccfb215045ba2fc275cb2a644a3404c VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key |
|
|
|
|
10.4 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43960 |
2021-01-13 10:21
|
vbc.exe e92f0e2d08762687dc5cf2258258f72a VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed |
|
|
|
|
10.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43961 |
2021-01-13 10:12
|
PO_RFQ_2021_12_01.jpg.exe 2562fa72916dff516613b3c9662bc41a Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(172.67.188.154) checkip.dyndns.org(131.186.161.70) 216.146.43.71 172.67.188.154
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response
|
|
14.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43962 |
2021-01-13 10:12
|
AEW.exe 7a99807a434f33b10783b43bc2906fbe VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself suspicious process malicious URLs WriteConsoleW Windows Cryptographic key keylogger |
|
2
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.144) - mailcious 192.253.246.144
|
|
|
14.6 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43963 |
2021-01-13 09:46
|
xls2212exe-2.xls 0b371fc01c22280e04a3e964faa4fc18 Dridex VirusTotal Malware Creates executable files unpack itself malicious URLs Tofsee |
|
2
therapypsyche.com(162.241.253.69) 162.241.253.69
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
3.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43964 |
2021-01-13 09:44
|
q0ig4v.rar.exe 8e5596083fd4c3134204e905f7f66325 VirusTotal Malware |
|
|
|
|
1.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43965 |
2021-01-13 09:37
|
pass4476_details2312.xls da6e11faf3c93ee211a5e3275322acfb unpack itself DNS |
|
|
|
|
1.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|