44131 |
2021-01-05 10:11
|
ac.exe 29e43b9937420f643f53af873c84b858 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName |
|
3
agentpurple.ac.ug() - mailcious agentttt.ac.ug(79.134.225.40) - mailcious 79.134.225.40 - mailcious
|
|
|
11.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44132 |
2021-01-05 10:09
|
A8QXXV0I33NDQDZ.doc faf2165619d1daa46b0d172147a52541 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
1
http://90.160.138.175/a58pjx17aikad6ot/ - rule_id: 207
|
3
etbnaman.com(103.237.147.16) - malware 103.237.147.16 - malware 90.160.138.175 - mailcious
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
|
5.2 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44133 |
2021-01-05 09:49
|
3DSXMACC6MUCS0N.doc 379b78c9d16039d7993e1e7703c2d524 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
|
3
etbnaman.com(103.237.147.16) - malware 103.237.147.16 - malware 90.160.138.175 - mailcious
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
5.2 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44134 |
2021-01-05 08:03
|
http://menol.eu/wp/mT/ 14f59a1ea2283c858ea95fc4b14e719c Dridex VirusTotal Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
menol.eu(80.237.130.106) - malware 80.237.130.106 - malware
|
6
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
5.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44135 |
2021-01-04 22:38
|
SGHKTD.exe 62e18a39916c9bf82ef1b8d19d429925 AutoRuns Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows ComputerName DNS DDNS |
|
2
karakounta.duckdns.org(95.90.241.144) 95.90.241.144
|
1
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
9.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44136 |
2021-01-04 22:31
|
qf2rlXEs14oPFz6.exe f697a082ed2e8ce81ee8bb46fe8b6896 suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder malicious URLs WriteConsoleW VMware anti-virtualization Windows ComputerName DNS Software |
|
|
|
|
14.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44137 |
2021-01-04 22:31
|
scriptxls_4e270c39-ab5b-40af-9... 5ac28f78814ba152cbeb7ca435cc32fe VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
|
4
bit.do(54.83.52.76) - mailcious lowyersolus.nl(185.239.243.112) - malware 185.239.243.112 - malware 54.83.52.76 - suspicious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Bit.do Shortened Link Request (set)
|
|
8.2 |
M |
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44138 |
2021-01-04 22:23
|
PROYECTO_FINAL_WF_1.exe 8b3404eba184e959ce1975a34dc5399a Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself malicious URLs human activity check Tofsee ComputerName |
2
http://google.com/generate_204 https://gist.githubusercontent.com/Rako-Team/a253d0e77acaa53e0dcb0a5d21e9672c/raw/7fd9bc64a8f9de0a65a5c096f1d33077743f4d11/gistfile1.txt
|
6
google.com(172.217.175.110) gist.githubusercontent.com(151.101.192.133) - mailcious carperzone-connect.xyz(199.247.30.102) 199.247.30.102 172.217.24.78 151.101.76.133 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44139 |
2021-01-04 22:23
|
po.exe 145d08f897eb350ba87e8003ff45723e Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Checks debugger unpack itself malicious URLs Tofsee Windows Browser Email ComputerName DNS Software crashed |
4
http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1609766446&mv=u&mvi=7&pl=18&shardbypass=yes https://update.googleapis.com/service/update2?cup2key=10:4182187193&cup2hreq=4e6330dc4c89151dac6b8c520543e5360e820e4b0983d243951256595ea13d6e https://update.googleapis.com/service/update2
|
2
r7---sn-3u-bh2lz.gvt1.com(59.18.45.210) 59.18.45.210
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
9.6 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44140 |
2021-01-04 22:18
|
Order.exe ff54a5c5816d0bbb3722a504f9979fdd Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted unpack itself human activity check Windows ComputerName DNS DDNS |
|
2
tcpasca.ddns.net(194.5.97.205) 194.5.97.205
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
8.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44141 |
2021-01-04 22:18
|
me.exe 421de22e246d416e7309e54268052ada suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName |
|
|
|
|
10.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44142 |
2021-01-04 22:15
|
GWqhcX68z24xeAO.exe 88d3d51b7b9153aa613d4ce1253ba022 suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Ransomware Windows ComputerName DNS keylogger |
1
http://speed-bg.com/kalaz/ferrapos/gudda/aglz/RT2cSc6DgcZ5t8G.exe
|
3
speed-bg.com(79.124.76.20) - malware 185.157.162.81 - mailcious 79.124.76.20 - mailcious
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
14.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44143 |
2021-01-04 22:14
|
me.exe 421de22e246d416e7309e54268052ada suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName |
|
|
|
|
10.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44144 |
2021-01-04 22:07
|
me.exe 421de22e246d416e7309e54268052ada suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName |
|
|
|
|
10.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44145 |
2021-01-04 22:06
|
GWqhcX68z24xeAO.exe 88d3d51b7b9153aa613d4ce1253ba022 suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS |
|
|
|
|
9.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|