44086 |
2024-05-02 07:26
|
cock.exe bd909fb2282ec2e4a11400157c33494a Generic Malware Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself WriteConsoleW Windows DNS Cryptographic key |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 1
|
|
10.0 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44087 |
2024-05-02 07:27
|
EPQ.exe 615b4b1ddc71f4928bf4afdfaa68231f Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(172.67.74.152) 104.26.12.205
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44088 |
2024-05-02 07:29
|
setup_6053.exe a1361baff4d2c31430365cce9bc2cfff Generic Malware Malicious Library Antivirus UPX PE64 PE File OS Processor Check Emotet Malware download NetWireRC VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion Anonymous RAT DNS crashed |
|
2
6053.anonymousrat8.com(43.128.47.177) 43.128.47.177
|
2
ET MALWARE Anonymous RAT CnC Domain in DNS Lookup (anonymousrat8 .com) SURICATA Applayer Protocol detection skipped
|
|
7.4 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44089 |
2024-05-02 07:31
|
be.exe 219ad549c4d74baaf85871c1eb484b2f Downloader PE File PE32 VirusTotal Malware Check memory WriteConsoleW ComputerName |
|
|
|
|
3.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44090 |
2024-05-03 07:42
|
mm.exe 90023ee5d93707bca67e178daf81830f Malicious Packer UPX PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces DNS |
|
1
|
|
|
3.2 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44091 |
2024-05-03 07:42
|
build22.exe 06c758c576de9e18db3394f1044b27ae NSIS Generic Malware Malicious Library UPX Antivirus PE File PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.4 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44092 |
2024-05-03 07:44
|
lenin.exe 51eb099e680eb872a3619c63edcfdc5a UPX PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
5
ipinfo.io(34.117.186.192) db-ip.com(104.26.5.15) 147.45.47.93 - malware 104.26.5.15 34.117.186.192
|
8
ET MALWARE RisePro TCP Heartbeat Packet SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)
|
|
16.0 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44093 |
2024-05-03 07:45
|
GVV.exe fa3641c75d2beb68c01e8065eefc4707 Generic Malware Suspicious_Script_Bin Malicious Library UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) yuahdgbceja.sytes.net(23.94.53.100) 178.237.33.50 23.94.53.100
|
2
ET JA3 Hash - Remcos 3.x/4.x TLS Connection ET INFO DYNAMIC_DNS Query to a *.sytes.net Domain
|
|
13.8 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44094 |
2024-05-03 07:46
|
sok.exe ec7154a50488ecfd5936b6fd10e0a8e3 SystemBC Malicious Library Antivirus PE File PE32 VirusTotal Malware powershell AutoRuns Windows DNS |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 37
|
|
4.4 |
|
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44095 |
2024-05-03 07:48
|
flash.cn.exe 49e2d38242e314cb72ff7a297dbf132f Malicious Library PE64 PE File VirusTotal Malware RWX flags setting unpack itself ComputerName DNS |
|
1
|
|
|
5.2 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44096 |
2024-05-03 07:48
|
go.exe b8e5ad86c9e9b3aef46098f287e8b0ac Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://www.google.com/favicon.ico https://accounts.google.com/generate_204?iU4cJw https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AaSxoQxLNxI2HHlyxoGVcimqY4uM5LhzX4AaU3oCu3hm6douPS3R9_nXx_4seqaPnHWGVIcIYa-CcQ https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQyzK7K9-0SpUK5Ty5V-P6hQ_biFIJfL9ccChY7BZx85vNPhi5nC5sdCfjIBNHPOk2d3ZxGBoQ&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1073016254%3A1714689841540357 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
7
ssl.gstatic.com(172.217.25.163) accounts.google.com(108.177.125.84) www.google.com(142.250.207.100) 23.94.53.100 216.58.200.227 216.58.203.68 64.233.188.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44097 |
2024-05-03 07:49
|
mm2.exe 497d88a78d010a02672474e9cf67b5ff Malicious Packer UPX Anti_VM PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces DNS |
|
1
167.71.205.181 - mailcious
|
|
|
3.2 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44098 |
2024-05-03 07:50
|
sarra.exe 9108c53602981487b7b44c2729fbd5bc Anti_VM PE File PE32 Malware download VirusTotal Malware AutoRuns MachineGuid Checks debugger unpack itself Windows utilities Checks Bios Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName DNS crashed |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
6
ipinfo.io(34.117.186.192) db-ip.com(172.67.75.166) 147.45.47.93 - malware 104.26.5.15 167.71.205.181 - mailcious 34.117.186.192
|
4
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token)
|
|
10.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44099 |
2024-05-03 07:51
|
noa.exe ce55e5869c5b7274fdfee8145058a015 AgentTesla Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
3
api.ipify.org(172.67.74.152) 104.26.5.15 172.67.74.152
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44100 |
2024-05-03 07:53
|
mtls.exe 3b65343bff4c7397ed19ef22efaae899 Malicious Packer UPX PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces |
|
2
ns1.mtls.ink(167.71.205.181) 167.71.205.181 - mailcious
|
|
|
2.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|