44026 |
2024-04-24 09:24
|
45692.exe 5f0bd8c5cc15d405a006bd023b8d3a6c Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
1.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44027 |
2024-04-24 13:21
|
ireallywanthowimportantthisgir... b4b0c10dc8fb59ed963fe34b31f6da3e MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit DNS crashed |
1
http://103.198.26.173/355/HJC.exe
|
3
onedrive.live.com(13.107.139.11) - 13.107.139.11 - 103.198.26.173 -
|
7
ET DROP Spamhaus DROP Listed Traffic Inbound group 17 ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44028 |
2024-04-25 10:22
|
HJC.exe da7c2473b5c455f25f420827af596286 Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware RWX flags setting unpack itself Tofsee Interception crashed |
|
2
onedrive.live.com(13.107.139.11) - mailcious 13.107.137.11 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44029 |
2024-04-25 10:23
|
ireallywanthoimportantthisgirl... 956ae61939b3dc9f9bbaed850423740b MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Windows Exploit DNS crashed |
1
http://103.198.26.173/360/HJC.exe
|
3
onedrive.live.com(13.107.139.11) - mailcious 13.107.139.11 103.198.26.173 - mailcious
|
7
ET DROP Spamhaus DROP Listed Traffic Inbound group 17 ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44030 |
2024-04-25 10:25
|
pros.scr 097b18a8698466754be20ba312481236 AgentTesla Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
10.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44031 |
2024-04-25 10:25
|
HJC.exe 2cc30d206669699e58870623365fef82 Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware RWX flags setting unpack itself Tofsee Interception crashed |
|
2
onedrive.live.com(13.107.139.11) - mailcious 13.107.139.11
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44032 |
2024-04-26 07:22
|
tiktok.exe 6c93fc68e2f01c20fb81af24470b790c Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
2.2 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44033 |
2024-04-26 07:22
|
nikto.exe 6795efba98699a0cae3c4f729b83ace9 Themida Packer Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Firmware DNS Software crashed |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
5
ipinfo.io(34.117.186.192) db-ip.com(104.26.5.15) 147.45.47.93 - malware 172.67.75.166 34.117.186.192
|
6
ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
|
|
15.4 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44034 |
2024-04-26 13:21
|
AdvancedIPScanner.msix c79834aec56238560ad7f9fb7e96bc85 ZIP Format VirusTotal Malware |
|
|
|
|
0.6 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44035 |
2024-04-26 13:23
|
ad.msi 666151c11b7899a0c764abe711d3f9b3 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check ComputerName |
|
|
|
|
2.6 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44036 |
2024-04-26 14:45
|
fxYvCG6c.exe c228f16074d1919a6bf30642a6e6541e Generic Malware Malicious Library Malicious Packer Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key |
|
|
|
|
8.6 |
M |
55 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44037 |
2024-04-27 04:03
|
13357A53F4C23BD8AC44790AA1DB32... 204801e838e4a29f8270ab0ed7626555 Emotet Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check DLL PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder crashed |
|
1
|
|
|
4.0 |
|
46 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44038 |
2024-04-27 10:35
|
0095a2ddc9363c91fc497296555de1... aa0b53e96cbf0d9acbeccd55c4b83d75 RedLine Infostealer RedLine stealer RedlineStealer Malicious Library Confuser .NET .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
3.8 |
|
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44039 |
2024-04-27 11:56
|
Exodus.exe 3b43da1be0c39802b78f6b2c55c4d7e6 PE64 PE File VirusTotal Malware DNS |
|
4
xmr-eu1.nanopool.org(162.19.224.121) - mailcious pachydermal-deviati.000webhostapp.com(145.14.144.166) 51.15.58.224 145.14.145.233 - phishing
|
2
ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) ET INFO Observed Free Hosting Domain (*.000webhostapp .com in DNS Lookup)
|
|
2.2 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44040 |
2024-04-27 11:58
|
loader-1000.exe 705685a8deace858e7fc849471c045f3 NSIS Generic Malware Malicious Library UPX Antivirus PE File PE32 PowerShell DLL OS Processor Check VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
8
http://185.172.128.59/ISetup1.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://240216234727901.mjj.xne26.cfd/f/fvgbm0216901.txt https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=456 https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=425&c=1000 https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=444 https://d68kcn56pzfb4.cloudfront.net/load/load.php?c=1000 https://d68kcn56pzfb4.cloudfront.net/load/th.php?c=1000
|
8
240216234727901.mjj.xne26.cfd(94.156.35.76) d68kcn56pzfb4.cloudfront.net(99.86.146.198) monoblocked.com(45.130.41.108) - malware 61.111.58.34 - malware 45.130.41.108 - malware 179.43.158.2 185.172.128.59 - malware 99.86.146.198
|
7
ET DROP Spamhaus DROP Listed Traffic Inbound group 32 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
12.0 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|