| 44086 |
2024-05-02 07:26
|
 cock.exe bd909fb2282ec2e4a11400157c33494a
Generic Malware Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself WriteConsoleW Windows DNS Cryptographic key |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 1
|
|
10.0 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44087 |
2024-05-02 07:27
|
 EPQ.exe 615b4b1ddc71f4928bf4afdfaa68231f
Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(172.67.74.152)
104.26.12.205
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44088 |
2024-05-02 07:29
|
 setup_6053.exe a1361baff4d2c31430365cce9bc2cfff
Generic Malware Malicious Library Antivirus UPX PE64 PE File OS Processor Check Emotet Malware download NetWireRC VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion Anonymous RAT DNS crashed |
|
2
6053.anonymousrat8.com(43.128.47.177)
43.128.47.177
|
2
ET MALWARE Anonymous RAT CnC Domain in DNS Lookup (anonymousrat8 .com)
SURICATA Applayer Protocol detection skipped
|
|
7.4 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44089 |
2024-05-02 07:31
|
 be.exe 219ad549c4d74baaf85871c1eb484b2f
Downloader PE File PE32 VirusTotal Malware Check memory WriteConsoleW ComputerName |
|
|
|
|
3.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44090 |
2024-05-03 07:42
|
 mm.exe 90023ee5d93707bca67e178daf81830f
Malicious Packer UPX PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces DNS |
|
1
|
|
|
3.2 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44091 |
2024-05-03 07:42
|
 build22.exe 06c758c576de9e18db3394f1044b27ae
NSIS Generic Malware Malicious Library UPX Antivirus PE File PE32 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.4 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44092 |
2024-05-03 07:44
|
 lenin.exe 51eb099e680eb872a3619c63edcfdc5a
UPX PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
5
ipinfo.io(34.117.186.192)
db-ip.com(104.26.5.15)
147.45.47.93 - malware
104.26.5.15
34.117.186.192
|
8
ET MALWARE RisePro TCP Heartbeat Packet
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE [ANY.RUN] RisePro TCP (Activity)
ET MALWARE [ANY.RUN] RisePro TCP (External IP)
ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)
ET MALWARE RisePro CnC Activity (Inbound)
|
|
16.0 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44093 |
2024-05-03 07:45
|
 GVV.exe fa3641c75d2beb68c01e8065eefc4707
Generic Malware Suspicious_Script_Bin Malicious Library UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
yuahdgbceja.sytes.net(23.94.53.100)
178.237.33.50
23.94.53.100
|
2
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
ET INFO DYNAMIC_DNS Query to a *.sytes.net Domain
|
|
13.8 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44094 |
2024-05-03 07:46
|
 sok.exe ec7154a50488ecfd5936b6fd10e0a8e3
SystemBC Malicious Library Antivirus PE File PE32 VirusTotal Malware powershell AutoRuns Windows DNS |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 37
|
|
4.4 |
|
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44095 |
2024-05-03 07:48
|
 flash.cn.exe 49e2d38242e314cb72ff7a297dbf132f
Malicious Library PE64 PE File VirusTotal Malware RWX flags setting unpack itself ComputerName DNS |
|
1
|
|
|
5.2 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44096 |
2024-05-03 07:48
|
 go.exe b8e5ad86c9e9b3aef46098f287e8b0ac
Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://www.google.com/favicon.ico
https://accounts.google.com/generate_204?iU4cJw
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
https://accounts.google.com/_/bscframe
https://accounts.google.com/
https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AaSxoQxLNxI2HHlyxoGVcimqY4uM5LhzX4AaU3oCu3hm6douPS3R9_nXx_4seqaPnHWGVIcIYa-CcQ
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AaSxoQyzK7K9-0SpUK5Ty5V-P6hQ_biFIJfL9ccChY7BZx85vNPhi5nC5sdCfjIBNHPOk2d3ZxGBoQ&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1073016254%3A1714689841540357
https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
|
7
ssl.gstatic.com(172.217.25.163)
accounts.google.com(108.177.125.84)
www.google.com(142.250.207.100)
23.94.53.100
216.58.200.227
216.58.203.68
64.233.188.84
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44097 |
2024-05-03 07:49
|
 mm2.exe 497d88a78d010a02672474e9cf67b5ff
Malicious Packer UPX Anti_VM PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces DNS |
|
1
167.71.205.181 - mailcious
|
|
|
3.2 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44098 |
2024-05-03 07:50
|
 sarra.exe 9108c53602981487b7b44c2729fbd5bc
Anti_VM PE File PE32 Malware download VirusTotal Malware AutoRuns MachineGuid Checks debugger unpack itself Windows utilities Checks Bios Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName DNS crashed |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
6
ipinfo.io(34.117.186.192)
db-ip.com(172.67.75.166)
147.45.47.93 - malware
104.26.5.15
167.71.205.181 - mailcious
34.117.186.192
|
4
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Token)
|
|
10.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44099 |
2024-05-03 07:51
|
 noa.exe ce55e5869c5b7274fdfee8145058a015
AgentTesla Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
3
api.ipify.org(172.67.74.152)
104.26.5.15
172.67.74.152
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44100 |
2024-05-03 07:53
|
 mtls.exe 3b65343bff4c7397ed19ef22efaae899
Malicious Packer UPX PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces |
|
2
ns1.mtls.ink(167.71.205.181)
167.71.205.181 - mailcious
|
|
|
2.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|