44146 |
2021-01-04 22:03
|
11.exe 3a2c81004ec09fd05097000f3a1f776f Dridex Malware unpack itself Tofsee Interception DNS crashed |
|
4
easymcafunding.com(51.222.43.131) - malware discord.com(162.159.137.232) 162.159.137.232 51.222.43.131 - malware
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
2.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44147 |
2021-01-04 22:02
|
dctk.exe 683b2ef50e7525231d74f101bae391de suspicious privilege Check memory Checks debugger unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows |
|
|
|
|
4.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44148 |
2021-01-04 22:00
|
xx.exe 3c778cd34e3c5c09448411b0c545b2e3 malicious URLs IP Check DNS |
1
|
2
ip-api.com(208.95.112.1) 208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44149 |
2021-01-04 21:59
|
z.exe 49f6bc2ae9588495c19b4fc1d2c25189 MachineGuid Check memory WMI malicious URLs AntiVM_Disk VM Disk Size Check ComputerName Remote Code Execution DNS DDNS crashed |
|
2
nvdkljhbgsoiuhj.ddns.net(89.238.132.44) 89.238.132.44
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
4.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44150 |
2021-01-04 21:52
|
x.exe e17657980519481a0b685f36568e4c99 MachineGuid unpack itself Checks Bios malicious URLs AntiVM_Disk anti-virtualization VM Disk Size Check DNS |
|
|
|
|
4.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44151 |
2021-01-04 21:50
|
https://lowyersolus.nl/jaxxlib... cbc3de44ccf3f2de407a48cd596eb000 Dridex Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
lowyersolus.nl(185.239.243.112) - malware 185.239.243.112 - malware
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44152 |
2021-01-04 21:36
|
system.exe 455a11610acde7fee4d30d962f9900af VirusTotal Malware RWX flags setting malicious URLs DNS |
|
1
|
|
|
4.2 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44153 |
2021-01-04 21:26
|
Server.exe ca31a02b5f399516dc35a16e46aa1244 VirusTotal Malware RWX flags setting DNS |
|
1
|
|
|
3.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44154 |
2021-01-04 21:25
|
scriptxls_ffb47d90-e51d-4e42-9... 6f20093b3de537822c3a7726b0430c72 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
4.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44155 |
2021-01-04 21:16
|
oghkdfgh.exe 593eea90e533ed14757d62b4f2c7d969 Browser Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs Browser DNS crashed |
|
1
malscxa.ac.ug() - mailcious
|
|
|
9.8 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44156 |
2021-01-04 21:14
|
rc.exe 54a4be7037ecdb031563998906a365cd Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder malicious URLs Tofsee Interception Windows |
|
7
taenaia.ac.ug(185.140.53.149) - mailcious agentpapple.ac.ug() - mailcious discord.com(162.159.138.232) cdn.discordapp.com(162.159.129.233) - malware 185.140.53.149 - mailcious 162.159.138.232 162.159.130.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44157 |
2021-01-04 21:12
|
oghkdfgh.exe 593eea90e533ed14757d62b4f2c7d969 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs DNS |
|
|
|
|
6.4 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44158 |
2021-01-04 20:08
|
munafa_slip.exe 50ee8d6a24c1e29d184ecec1eb205ecf VirusTotal Malware AutoRuns Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check Windows ComputerName |
|
2
info.v-pn.co(194.5.98.55) 194.5.98.55
|
|
|
8.8 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44159 |
2021-01-04 20:05
|
miu111.exe b377350471f435c9260876a28980aa45 VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder malicious URLs suspicious TLD WriteConsoleW Windows ComputerName DNS keylogger |
1
http://tj.77w62.top/tongji.php?os=6.1.7601&userid=miu555&mac=&ver=&xiezai=0&wb=&az=0&uid=
|
2
tj.77w62.top(27.124.45.168) 27.124.45.168 - malware
|
2
ET DNS Query to a *.top domain - Likely Hostile ET INFO HTTP Request to a *.top domain
|
|
9.8 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44160 |
2021-01-04 19:49
|
KingNote-72.exe f188bbfe0aceab2a154e735978f48019 VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process malicious URLs sandbox evasion WriteConsoleW installed browsers check Windows Browser ComputerName Remote Code Execution DNS |
6
http://ip.ws.126.net/ipquery http://config.xihon.cn/res/updateconfig/56/57/72/cfg_updateconfig_use.zip http://config.xihon.cn/res/pcadconfig/56/57/72/cfg_pcadconfig.zip http://sd.xihon.cn/log/sendmsg.php http://pv.sohu.com/cityjson http://config.xihon.cn/uploads/20201224/df3583758c11c9bf60ac91758222c69a.zip
|
9
ip.ws.126.net(59.111.181.52) pv.sohu.com(175.100.207.230) config.xihon.cn(120.52.95.234) sd.xihon.cn(123.56.15.95) 218.12.76.164 175.100.207.230 218.12.76.163 59.111.181.52 123.56.15.95
|
2
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) SURICATA HTTP unable to match response to request
|
|
10.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|