43996 |
2021-01-11 10:13
|
paymentconfirmation.exe eaecc717d59fcef048ff434817317202 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName crashed |
|
|
|
|
10.8 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43997 |
2021-01-11 10:12
|
smss.exe df850a023c4594ece918855a62d1b842 VirusTotal Malware AutoRuns Code Injection Check memory unpack itself Windows utilities suspicious process AppData folder Windows ComputerName DNS crashed |
|
1
124.132.153.147 - malware
|
|
|
8.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43998 |
2021-01-10 17:19
|
lv.exe 0869d37b927777b6269f136e04d75c95 VirusTotal Malware AutoRuns Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check human activity check Windows ComputerName crashed |
1
|
2
ip-api.com(208.95.112.1) 208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
|
12.0 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43999 |
2021-01-10 17:17
|
AQW.exe c4b5c5da311f94d1df0ae07b51c03f71 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself suspicious process malicious URLs WriteConsoleW Windows Cryptographic key keylogger |
|
2
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.136) - mailcious 192.253.246.136
|
|
|
15.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44000 |
2021-01-10 17:15
|
file.exe d83cd7278c47f4f3c7884eb9593a256c VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44001 |
2021-01-09 18:47
|
hfix.jpg.exe d7c8605a63f8f65eca9833f926d69ca1 Browser Info Stealer Malware download VirusTotal Malware Buffer PE AutoRuns PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check SectopRAT Windows Browser Backdoor ComputerName Remote Code Execution DNS Cryptographic key |
1
|
5
sRmI.sRmI() eth0.me(5.132.162.27) TjnuXZtAGcUwwuGywC.TjnuXZtAGcUwwuGywC() 5.132.162.27 34.253.207.79
|
1
ET MALWARE Arechclient2 Backdoor CnC Init
|
|
14.6 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44002 |
2021-01-09 17:02
|
r.dll 02917a061ab8ffb22011549f55d5c546 VirusTotal Malware PDB suspicious privilege Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key crashed |
|
4
89.163.210.141 - mailcious 163.53.204.180 - mailcious 203.157.152.9 - mailcious 125.0.215.60 - mailcious
|
|
|
9.4 |
M |
49 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44003 |
2021-01-09 16:33
|
YQjwQLxHO3BOkm.dll bf5f3eb8ea51ae9412b876f76590090d VirusTotal Malware PDB suspicious privilege Malicious Traffic Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check human activity check installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key crashed |
1
http://90.160.138.175/sl4c7o2a/ - rule_id: 207
|
3
74.222.117.42 - mailcious 90.160.138.175 - mailcious 157.245.123.197 - mailcious
|
|
1
|
10.4 |
M |
49 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44004 |
2021-01-09 16:12
|
exe2.exe abcf59406ee86bdb65405932d8320323 Malware download Dridex VirusTotal Malware suspicious privilege MachineGuid Check memory buffers extracted WMI Creates shortcut ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW Ransom Message Firewall state off VM Disk Size Check Tofsee Ransomware GameoverP2P Interception Zeus Windows Tor ComputerName Trojan Banking DNS crashed |
2
http://api.blockcypher.com/v1/btc/main/addrs/17gd1msp5FnMcEMF1MitTNSsYs7w7AQyCt?_=1610182566733 https://chain.so/api/v2/address/btc/17gd1msp5FnMcEMF1MitTNSsYs7w7AQyCt?_=1610182571627
|
1095
api.blockcypher.com(104.20.20.251) chain.so(172.67.157.138) bitaps.com(178.128.255.179) btc.blockr.io() 149.202.250.108 149.202.248.99 149.202.248.98 149.202.251.94 149.202.248.95 149.202.248.94 149.202.248.97 149.202.248.96 149.202.248.91 149.202.248.90 149.202.248.93 149.202.248.92 149.202.250.37 149.202.249.195 149.202.250.89 149.202.251.101 149.202.251.95 149.202.250.88 149.202.251.16 178.128.255.179 149.202.251.15 149.202.251.14 149.202.250.235 149.202.122.10 149.202.122.11 149.202.122.12 149.202.122.13 149.202.122.14 149.202.122.15 149.202.122.16 149.202.122.17 149.202.122.18 149.202.122.19 149.202.251.19 149.202.251.18 172.67.157.138 149.202.250.35 149.202.64.6 149.202.64.0 149.202.251.144 149.202.251.145 149.202.250.34 149.202.251.147 149.202.251.140 149.202.251.141 149.202.251.142 149.202.251.143 149.202.250.32 149.202.251.149 149.202.251.118 149.202.248.168 149.202.248.169 149.202.248.160 149.202.248.161 149.202.248.162 149.202.248.163 149.202.248.164 149.202.248.165 149.202.248.166 149.202.248.167 149.202.248.241 149.202.248.240 149.202.248.243 149.202.248.242 149.202.248.245 149.202.248.244 149.202.248.247 149.202.248.246 149.202.248.249 149.202.248.248 149.202.249.248 149.202.249.249 149.202.64.18 149.202.64.19 149.202.249.244 149.202.249.245 149.202.249.246 149.202.249.247 149.202.249.240 149.202.249.241 149.202.249.242 149.202.249.243 149.202.250.168 149.202.64.15 149.202.250.70 149.202.250.33 149.202.250.71 149.202.250.31 149.202.248.159 149.202.251.29 149.202.248.253 149.202.251.40 149.202.251.41 149.202.251.42 149.202.251.43 149.202.251.44 149.202.250.74 149.202.251.4 149.202.251.47 149.202.251.48 149.202.251.49 149.202.250.75 149.202.249.89 149.202.249.88 149.202.250.110 149.202.250.111 149.202.250.116 149.202.250.117 149.202.250.114 149.202.250.115 149.202.249.81 149.202.249.80 149.202.249.83 149.202.249.82 149.202.249.85 149.202.249.84 149.202.249.87 149.202.249.86 149.202.251.203 149.202.251.202 149.202.251.201 149.202.251.200 149.202.251.207 149.202.251.206 149.202.251.205 149.202.251.204 149.202.251.209 149.202.250.210 149.202.249.185 149.202.250.43 149.202.250.220 149.202.250.42 149.202.250.41 149.202.250.40 149.202.251.183 149.202.250.47 149.202.250.46 149.202.249.154 149.202.249.155 149.202.248.48 149.202.248.49 149.202.249.150 149.202.249.151 149.202.249.152 149.202.249.153 149.202.248.42 149.202.248.43 149.202.248.40 149.202.248.41 149.202.248.46 149.202.248.47 149.202.248.44 149.202.248.45 149.202.250.167 149.202.250.166 149.202.250.165 149.202.249.193 149.202.249.38 149.202.249.39 149.202.250.161 149.202.250.160 149.202.249.34 149.202.249.194 149.202.249.36 149.202.249.37 149.202.249.30 149.202.249.31 149.202.249.32 104.20.21.251 149.202.249.196 149.202.249.197 149.202.251.108 149.202.249.198 149.202.250.30 149.202.249.199 149.202.251.100 149.202.250.90 149.202.251.102 149.202.251.103 149.202.251.104 149.202.251.105 149.202.251.106 149.202.251.107 149.202.249.141 149.202.251.110 149.202.248.38 149.202.251.7 149.202.250.91 149.202.248.205 149.202.248.204 149.202.248.207 149.202.248.206 149.202.248.201 149.202.248.200 149.202.248.203 149.202.248.202 149.202.250.49 149.202.250.48 149.202.248.209 149.202.248.208 149.202.64.26 149.202.249.149 149.202.251.75 149.202.249.148 149.202.249.200 149.202.249.201 149.202.249.202 149.202.249.203 149.202.249.204 149.202.249.205 149.202.249.206 149.202.249.207 149.202.249.208 149.202.249.209 149.202.250.213 149.202.250.212 149.202.251.74 149.202.250.249 149.202.250.216 149.202.250.219 149.202.250.65 149.202.248.111 149.202.248.110 149.202.248.113 149.202.122.5 149.202.122.2 149.202.122.3 149.202.122.0 149.202.248.116 149.202.248.119 149.202.248.118 149.202.122.8 149.202.122.9 149.202.251.66 149.202.249.190 149.202.250.218 149.202.251.64 149.202.64.12 149.202.251.85 149.202.251.65 149.202.251.76 149.202.251.62 149.202.251.63 149.202.249.67 149.202.249.66 149.202.249.65 149.202.249.64 149.202.249.63 149.202.249.191 149.202.249.61 149.202.249.60 149.202.251.6 149.202.251.61 149.202.250.85 149.202.249.69 149.202.249.68 149.202.249.118 149.202.249.119 149.202.251.71 149.202.251.98 149.202.249.110 149.202.249.111 149.202.249.112 149.202.249.113 149.202.249.114 149.202.249.115 149.202.249.116 149.202.249.117 149.202.248.186 149.202.248.187 149.202.248.184 149.202.248.185 149.202.248.182 149.202.248.183 149.202.248.180 149.202.248.181 149.202.250.123 149.202.250.122 149.202.250.121 149.202.250.120 149.202.250.127 149.202.250.126 149.202.248.188 149.202.248.189 149.202.250.222 149.202.251.254 149.202.251.255 149.202.251.250 149.202.251.251 149.202.251.252 149.202.251.253 149.202.250.98 149.202.251.54 149.202.250.99 149.202.251.80 149.202.251.146 149.202.250.45 149.202.250.64 149.202.251.81 149.202.251.72 149.202.248.15 149.202.248.14 149.202.248.17 149.202.248.16 149.202.248.11 149.202.248.10 149.202.248.13 149.202.248.12 149.202.248.220 149.202.251.109 149.202.248.19 149.202.248.18 149.202.250.239 149.202.250.238 149.202.250.93 149.202.251.86 149.202.251.82 149.202.250.94 149.202.250.95 149.202.250.159 149.202.250.96 149.202.250.97 149.202.251.171 149.202.251.170 149.202.251.173 149.202.250.84 149.202.251.175 149.202.251.174 149.202.251.177 149.202.251.176 149.202.251.179 149.202.251.178 149.202.251.116 149.202.251.148 149.202.251.137 149.202.248.155 149.202.248.154 149.202.248.157 149.202.248.156 149.202.248.151 149.202.248.150 149.202.248.153 149.202.248.152 149.202.250.72 149.202.250.73 149.202.248.254 149.202.248.255 149.202.248.252 149.202.248.158 149.202.248.250 149.202.248.251 149.202.122.6 149.202.64.29 149.202.64.28 149.202.122.7 149.202.64.23 149.202.64.22 149.202.64.21 149.202.64.20 149.202.64.27 149.202.122.4 149.202.64.25 149.202.64.24 149.202.248.112 149.202.248.115 149.202.248.114 149.202.248.117 149.202.251.59 149.202.251.58 149.202.251.57 149.202.251.56 149.202.251.55 149.202.122.1 149.202.251.53 149.202.251.52 149.202.251.51 149.202.251.50 149.202.250.240 149.202.250.63 149.202.251.211 149.202.251.210 149.202.250.241 149.202.251.212 149.202.251.213 149.202.251.214 149.202.250.38 149.202.251.216 149.202.251.217 149.202.250.62 149.202.251.219 149.202.250.39 149.202.251.215 149.202.64.3 149.202.249.58 149.202.249.59 149.202.249.56 149.202.249.57 149.202.249.54 149.202.249.55 149.202.249.52 149.202.249.53 149.202.249.50 149.202.249.51 149.202.248.5 149.202.248.4 149.202.248.7 149.202.248.6 149.202.248.1 149.202.248.0 149.202.248.3 149.202.248.2 149.202.248.9 149.202.248.8 149.202.248.59 149.202.248.58 149.202.249.163 149.202.249.162 149.202.249.165 149.202.249.164 149.202.249.167 149.202.249.166 149.202.248.51 149.202.248.50 149.202.248.53 149.202.248.52 149.202.248.55 149.202.248.54 149.202.248.57 149.202.248.56 149.202.250.174 149.202.250.175 149.202.249.29 149.202.249.28 149.202.250.170 149.202.250.171 149.202.250.172 149.202.250.173 149.202.249.23 149.202.249.22 149.202.249.21 149.202.249.20 149.202.249.27 149.202.249.26 149.202.249.25 149.202.249.24 149.202.250.54 149.202.250.55 149.202.251.135 149.202.251.134 149.202.250.67 149.202.251.136 149.202.251.131 149.202.251.130 149.202.251.133 149.202.251.132 149.202.251.139 149.202.251.138 149.202.249.183 149.202.249.182 149.202.250.202 149.202.250.53 149.202.249.181 149.202.249.180 149.202.122.30 149.202.122.31 149.202.251.218 149.202.249.187 149.202.250.228 149.202.249.186 149.202.248.212 149.202.248.213 149.202.248.210 149.202.248.211 149.202.248.216 149.202.248.217 149.202.248.214 149.202.248.215 149.202.250.58 149.202.248.218 149.202.248.219 149.202.250.59 149.202.251.84 149.202.249.239 149.202.249.238 149.202.249.235 149.202.249.234 149.202.249.237 149.202.249.236 149.202.249.231 149.202.249.230 149.202.249.233 149.202.249.232 149.202.249.161 149.202.250.6 149.202.250.7 149.202.250.4 149.202.250.5 149.202.250.2 149.202.250.3 149.202.250.0 149.202.250.1 149.202.64.14 149.202.250.8 149.202.249.160 149.202.251.13 149.202.251.12 149.202.251.11 149.202.251.10 149.202.251.17 149.202.248.199 149.202.248.108 149.202.248.109 149.202.248.106 149.202.248.107 149.202.248.104 149.202.248.105 149.202.248.102 149.202.248.103 149.202.248.100 149.202.248.101 149.202.250.25 149.202.250.24 149.202.250.27 149.202.250.26 149.202.250.21 149.202.250.20 149.202.250.23 149.202.250.22 149.202.64.11 149.202.250.29 149.202.250.223 149.202.249.62 149.202.250.224 149.202.251.67 149.202.250.225 149.202.250.226 149.202.250.227 149.202.250.189 149.202.250.188 149.202.249.12 149.202.249.13 149.202.249.10 149.202.249.11 149.202.249.16 149.202.249.17 149.202.249.14 149.202.249.15 149.202.249.18 149.202.249.19 149.202.249.125 149.202.249.124 149.202.249.127 149.202.249.126 149.202.249.121 149.202.249.120 149.202.249.123 149.202.249.122 149.202.249.129 149.202.249.128 149.202.251.68 149.202.251.69 149.202.250.138 149.202.250.139 149.202.250.186 149.202.250.81 149.202.250.130 149.202.250.131 149.202.250.132 149.202.250.133 149.202.250.134 149.202.250.135 149.202.250.136 149.202.250.137 149.202.249.169 149.202.249.229 149.202.249.168 149.202.251.93 149.202.251.92 149.202.250.78 149.202.251.91 149.202.251.3 149.202.251.90 149.202.251.181 149.202.251.97 149.202.250.176 149.202.251.96 149.202.248.20 149.202.248.21 149.202.248.22 149.202.248.23 149.202.248.24 149.202.248.25 149.202.248.26 149.202.248.27 149.202.248.28 149.202.248.29 149.202.250.187 149.202.250.185 149.202.250.181 149.202.250.180 149.202.250.183 149.202.250.182 149.202.250.242 149.202.251.5 149.202.250.243 149.202.251.187 149.202.250.129 149.202.64.8 149.202.250.229 149.202.250.128 149.202.251.168 149.202.251.169 149.202.251.166 149.202.250.184 149.202.251.164 149.202.250.177 149.202.251.162 149.202.250.79 149.202.251.160 149.202.250.247 149.202.251.8 149.202.250.244 149.202.250.178 149.202.250.245 149.202.250.179 149.202.64.2 149.202.250.82 149.202.250.221 149.202.250.80 149.202.250.248 149.202.251.45 149.202.248.142 149.202.248.143 149.202.248.140 149.202.248.228 149.202.248.146 149.202.248.147 149.202.248.144 149.202.248.145 149.202.248.223 149.202.248.222 149.202.248.221 149.202.248.149 149.202.248.227 149.202.248.226 149.202.248.225 149.202.248.224 149.202.250.125 149.202.251.167 149.202.250.124 149.202.251.182 149.202.251.165 149.202.64.30 149.202.64.31 149.202.249.184 149.202.251.163 149.202.251.193 149.202.251.192 149.202.251.191 149.202.251.190 149.202.251.197 149.202.251.196 149.202.251.195 149.202.251.194 149.202.251.199 149.202.251.161 149.202.250.112 149.202.251.28 149.202.250.208 149.202.250.255 149.202.250.113 149.202.251.22 149.202.251.23 149.202.251.20 149.202.251.21 149.202.251.26 149.202.251.27 149.202.251.24 149.202.251.25 149.202.248.137 149.202.248.136 149.202.248.135 149.202.248.134 149.202.248.133 149.202.248.132 149.202.248.131 149.202.248.130 149.202.251.36 149.202.248.139 149.202.248.138 149.202.250.209 149.202.250.254 149.202.251.229 149.202.251.228 149.202.64.9 149.202.251.225 149.202.251.224 149.202.251.227 149.202.251.226 149.202.251.221 149.202.250.109 149.202.251.223 149.202.251.222 149.202.251.83 149.202.251.185 149.202.250.118 149.202.250.206 149.202.250.119 149.202.249.49 149.202.249.48 149.202.249.45 149.202.249.44 149.202.249.47 149.202.249.46 149.202.249.41 149.202.249.40 149.202.249.43 149.202.249.42 149.202.249.178 149.202.249.179 149.202.249.176 149.202.249.177 149.202.249.174 149.202.249.175 149.202.249.172 149.202.249.173 149.202.249.170 149.202.249.171 149.202.248.64 149.202.248.65 149.202.248.66 149.202.248.67 149.202.248.60 149.202.248.61 149.202.248.62 149.202.248.63 149.202.248.68 149.202.248.69 149.202.250.141 149.202.250.140 149.202.250.143 149.202.250.142 149.202.250.145 149.202.250.144 149.202.250.147 149.202.250.146 149.202.250.149 149.202.250.148 149.202.250.204 149.202.250.76 149.202.248.88 149.202.248.89 149.202.248.86 149.202.248.87 149.202.248.84 149.202.248.85 149.202.248.82 149.202.248.83 149.202.248.80 149.202.248.81 149.202.251.122 149.202.251.123 149.202.251.120 149.202.251.121 149.202.251.126 149.202.251.127 149.202.251.124 149.202.250.155 149.202.251.128 149.202.251.129 149.202.250.77 149.202.251.208 149.202.250.44 149.202.250.12 149.202.122.25 149.202.122.24 149.202.122.27 149.202.122.26 149.202.122.21 149.202.122.20 149.202.122.23 149.202.122.22 149.202.250.253 149.202.249.189 149.202.249.188 149.202.122.29 149.202.122.28 149.202.251.2 149.202.250.69 149.202.250.68 149.202.251.172 149.202.248.229 149.202.249.228 149.202.248.141 149.202.250.203 149.202.250.252 149.202.249.222 149.202.249.223 149.202.249.220 149.202.249.221 149.202.249.226 149.202.249.227 149.202.249.224 149.202.249.225 149.202.251.157 149.202.251.156 149.202.251.155 149.202.251.125 149.202.251.153 149.202.251.152 149.202.251.151 149.202.251.150 149.202.251.159 149.202.251.158 149.202.250.61 149.202.250.60 149.202.248.148 149.202.248.179 149.202.248.178 149.202.248.173 149.202.248.172 149.202.248.171 149.202.248.170 149.202.248.177 149.202.248.176 149.202.248.175 149.202.248.174 149.202.250.10 149.202.250.11 149.202.249.192 149.202.250.13 149.202.250.14 149.202.250.15 149.202.250.16 149.202.250.17 149.202.250.18 149.202.250.19 149.202.250.66 149.202.64.7 149.202.249.255 149.202.249.254 149.202.249.253 149.202.249.252 149.202.249.251 149.202.249.250 149.202.64.4 149.202.250.83 149.202.251.220 149.202.250.158 149.202.64.5 149.202.249.132 149.202.249.133 149.202.249.130 149.202.249.131 149.202.249.136 149.202.249.137 149.202.249.134 149.202.249.135 149.202.249.138 149.202.249.139 149.202.251.79 149.202.251.78 149.202.250.105 149.202.250.104 149.202.249.98 149.202.249.99 149.202.250.101 149.202.250.100 149.202.250.103 149.202.250.102 149.202.249.92 149.202.249.93 149.202.249.90 149.202.249.91 149.202.249.96 149.202.249.97 149.202.249.94 149.202.249.95 149.202.251.99 149.202.250.234 149.202.251.154 149.202.250.107 149.202.250.233 149.202.64.16 149.202.250.232 149.202.251.87 149.202.250.231 149.202.250.230 149.202.249.156 149.202.250.246 149.202.249.157 149.202.250.106 149.202.251.46 149.202.64.17 149.202.249.147 149.202.249.146 149.202.249.145 149.202.249.144 149.202.249.143 149.202.249.142 149.202.248.39 149.202.249.140 149.202.248.37 149.202.248.36 149.202.248.35 149.202.248.34 149.202.248.33 149.202.248.32 149.202.248.31 149.202.248.30 149.202.250.211 149.202.250.154 149.202.250.198 149.202.250.199 149.202.250.215 149.202.250.214 149.202.250.217 149.202.250.207 149.202.250.192 149.202.250.193 149.202.250.190 149.202.250.191 149.202.250.196 149.202.250.197 149.202.250.194 149.202.250.195 149.202.250.237 149.202.250.205 149.202.64.1 149.202.249.158 149.202.250.28 149.202.249.159 149.202.251.30 149.202.249.0 149.202.251.119 149.202.250.92 149.202.250.200 149.202.249.102 149.202.251.113 149.202.251.112 149.202.251.111 149.202.250.201 149.202.251.117 149.202.249.2 149.202.251.115 149.202.251.114 149.202.249.3 149.202.251.244 149.202.249.4 149.202.249.5 149.202.250.164 149.202.249.6 149.202.250.163 149.202.249.7 149.202.250.162 149.202.248.238 149.202.248.239 149.202.250.56 149.202.250.57 149.202.250.50 149.202.250.51 149.202.250.52 149.202.248.198 149.202.248.230 149.202.248.231 149.202.248.232 149.202.248.233 149.202.248.234 149.202.248.235 149.202.248.236 149.202.248.237 149.202.64.13 149.202.249.35 149.202.250.87 149.202.250.251 149.202.250.250 149.202.249.213 149.202.249.212 149.202.249.211 149.202.249.210 149.202.249.217 149.202.249.216 149.202.249.215 149.202.249.214 149.202.250.150 149.202.249.219 149.202.249.218 149.202.251.77 149.202.64.10 149.202.251.180 149.202.250.156 149.202.251.1 149.202.251.0 149.202.251.184 149.202.250.169 149.202.251.186 149.202.250.157 149.202.251.188 149.202.251.189 149.202.251.9 149.202.249.33 149.202.248.193 149.202.251.70 149.202.251.39 149.202.251.38 149.202.251.60 149.202.248.192 149.202.251.73 149.202.251.31 149.202.250.152 149.202.251.33 149.202.251.32 149.202.251.35 149.202.251.34 149.202.251.37 149.202.250.153 149.202.248.124 149.202.248.125 149.202.248.126 149.202.248.127 149.202.248.120 149.202.248.121 149.202.248.122 149.202.248.123 149.202.250.236 149.202.250.151 149.202.248.128 149.202.248.129 149.202.251.198 149.202.251.238 149.202.251.239 149.202.251.232 149.202.251.233 149.202.251.230 149.202.251.231 149.202.251.236 149.202.251.237 149.202.251.234 149.202.251.235 149.202.249.78 149.202.249.79 149.202.250.86 149.202.249.70 149.202.249.71 149.202.249.72 149.202.249.73 149.202.249.74 149.202.249.75 149.202.249.76 149.202.249.77 149.202.249.8 149.202.249.9 149.202.249.109 149.202.249.108 149.202.251.88 149.202.251.89 149.202.249.103 149.202.249.1 149.202.249.101 149.202.249.100 149.202.249.107 149.202.249.106 149.202.249.105 149.202.249.104 149.202.248.73 149.202.248.72 149.202.248.71 149.202.248.70 149.202.248.77 149.202.248.76 149.202.248.75 149.202.248.74 149.202.248.191 149.202.248.190 149.202.248.79 149.202.248.78 149.202.248.195 149.202.248.194 149.202.248.197 149.202.248.196 149.202.250.36 149.202.251.249 149.202.251.248 149.202.251.247 149.202.251.246 149.202.251.245 149.202.250.9 149.202.251.243 149.202.251.242 149.202.251.241 149.202.251.240
|
4
ET MALWARE Ransomware/Cerber Checkin M3 (4) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
15.4 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44005 |
2021-01-09 15:16
|
r.dll 02917a061ab8ffb22011549f55d5c546 VirusTotal Malware PDB suspicious privilege Checks debugger buffers extracted Creates shortcut ICMP traffic RWX flags setting unpack itself malicious URLs AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Advertising ComputerName DNS Cryptographic key crashed keylogger |
|
4
89.163.210.141 - mailcious 163.53.204.180 - mailcious 203.157.152.9 - mailcious 125.0.215.60 - mailcious
|
|
|
11.4 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44006 |
2021-01-09 10:14
|
vbc.exe 51caccb732bdbc34a7fd2b4523c23426 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed |
|
|
|
|
10.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44007 |
2021-01-09 09:59
|
FILE_MCCP8GJTDQ7.doc f8b8680be2cdd99618c8dd4e99476d0d Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
4
http://www.sourcetechno.com/wp-includes/pl0_sux_k2b4cgyr/ http://www.tarjetasas.com/web/o9kb_qb_na7usf6/ http://guyn3.com/newsletter/z3a_r_rm70xlsb3/ http://sourcetechno.com/wp-includes/pl0_sux_k2b4cgyr/
|
11
haek.net(188.164.199.164) - mailcious greatfxmedia.com(68.183.54.194) - malware sourcetechno.com(64.188.26.36) www.tarjetasas.com(209.239.122.205) www.sourcetechno.com(64.188.26.36) guyn3.com(192.3.201.235) - mailcious 64.188.26.36 - mailcious 68.183.54.194 - malware 209.239.122.205 188.164.199.164 - mailcious 192.3.201.235 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44008 |
2021-01-09 09:56
|
load.jpg.exe ca6a4b1b9012eab962aab9f3d8bdfe94 VirusTotal Malware |
|
|
|
|
1.0 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44009 |
2021-01-08 18:38
|
azcvkjfdg.exe 4bf8fe02eb7e322bef254486723216be Browser Info Stealer Emotet Malware download FTP Client Info Stealer Vidar Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Ransomware Interception Zeus OskiStealer Stealer Windows Browser Email ComputerName DNS Cryptographic key Software crashed Downloader |
10
http://regay.ac.ug/sqlite3.dll http://scouragae.ac.ug/index.php http://regay.ac.ug/nss3.dll http://regay.ac.ug/ http://regay.ac.ug/msvcp140.dll http://regay.ac.ug/softokn3.dll http://regay.ac.ug/mozglue.dll http://regay.ac.ug/freebl3.dll http://regay.ac.ug/main.php - rule_id: 209 http://regay.ac.ug/vcruntime140.dll
|
10
regay.ac.ug(185.215.113.77) - mailcious agentpapple.ac.ug() - mailcious scouragae.ac.ug(185.215.113.77) - malware cdn.discordapp.com(162.159.134.233) - malware discord.com(162.159.136.232) taenaia.ac.ug(185.140.53.149) - mailcious 162.159.134.233 - malware 185.215.113.77 - malware 162.159.138.232 185.140.53.149 - mailcious
|
9
ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative) ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE AZORult v3.3 Server Response M3 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
|
1
http://regay.ac.ug/main.php
|
29.6 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44010 |
2021-01-08 18:35
|
11996634181610039829.exe cfae6ddf82347d7f7b8b2ec75aeb4307 Malware download NetWireRC VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Ransomware BitRAT Windows ComputerName DNS DDNS keylogger Password |
3
http://www.xenarmor.com/xen-check-portable-license.php?key=\xc3\xb8\xc3\x9e\xc3\x9e~\xc2\x82nr%5DE%1C\xc2\xb2%12a\xc2\xb8B\xc3\xb4%0D%17X0%1E&email=SD\xc3\x8c\xc3\xa3\xc3\xa9\xc2\x8b\xc2\x83Qa4i%19\xc2\x90\xc3\xa8Q\xc2\x98\xc2\x86\xc3\xbb\xc3\xbe\xc3\xb3u\xc3\x80c;\xc3\xaaf:\xc3\x8d5\xc2\x9d$\xc3\x97rAV&productid=5701 https://cdn.discordapp.com/attachments/794704721662705695/796765628870164490/5axzCKPiEf6pVK9.exe https://microsoff.webcindario.com/Microsoft.exe
|
8
v13cracker.ddns.net(92.185.183.6) microsoff.webcindario.com(5.57.226.202) www.xenarmor.com(69.64.94.128) cdn.discordapp.com(162.159.129.233) - malware 92.185.183.6 69.64.94.128 162.159.129.233 - malware 5.57.226.202 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY DNS Query to DynDNS Domain *.ddns .net ET MALWARE Observed Malicious SSL Cert (BitRAT CnC) ET POLICY XenArmor Password Recovery License Check
|
|
17.0 |
|
14 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|