44161 |
2021-01-04 19:46
|
file.exe 2707a1146af033468369f6ea6b322282 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44162 |
2021-01-04 19:42
|
fa.exe 5188c198e093757a394d4bcb495f325d VirusTotal Malware AutoRuns Check memory RWX flags setting unpack itself malicious URLs AntiVM_Disk anti-virtualization VM Disk Size Check Windows |
|
|
|
|
4.6 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44163 |
2021-01-04 19:36
|
ebook.exe 07f79b595254bd60ccec7561e858de35 Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check |
|
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44164 |
2021-01-04 19:30
|
ds1.exe 75ce299ceb045c97ab990e27b0e71f41 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs crashed |
|
|
|
|
8.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44165 |
2021-01-04 19:29
|
CLzuij6r3l8hw0B.exe 6e4da3fa7328c529bb8ff1b892b61c38 suspicious privilege Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44166 |
2021-01-04 19:26
|
client_connector.exe 5d1df2995bd1b54b98368d2287d34713 VirusTotal Malware AutoRuns PDB Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder malicious URLs IP Check Tofsee Windows DNS |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
5
api.ipify.org(23.21.42.25) crt.comodoca.com(91.199.212.52) org-2fa.link() - malware 91.199.212.52 23.21.252.4
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44167 |
2021-01-04 19:25
|
angelx.scr 980bd29a88ceb4a3e0f07d789768bcbf Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
|
|
|
12.0 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44168 |
2021-01-04 19:15
|
angelx.scr 980bd29a88ceb4a3e0f07d789768bcbf Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger |
|
|
|
|
13.8 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44169 |
2021-01-04 19:15
|
BXC6N26G9.doc 40f79fcaa6e497435e1ac54f87fe90ab Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
|
4
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 75.109.111.18 - mailcious 192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
6.6 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44170 |
2021-01-04 15:50
|
130322_FS_Setup.exe 0127495b7b6ec2eeb59684745fbcdf16 VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
2.0 |
|
11 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44171 |
2021-01-03 14:40
|
aghkdfgh.exe 170faeb45ecbd3499349403e53573a5f Browser Info Stealer Emotet Malware download FTP Client Info Stealer Vidar Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Ransomware Interception Zeus OskiStealer Stealer Windows Browser Email ComputerName Cryptographic key Software crashed Downloader |
11
http://malscxa.ac.ug/nss3.dll http://malscxa.ac.ug/msvcp140.dll http://rebelfgighter.ac.ug/index.php http://malscxa.ac.ug/softokn3.dll http://malscxa.ac.ug/vcruntime140.dll http://malscxa.ac.ug/main.php http://malscxa.ac.ug/ http://malscxa.ac.ug/freebl3.dll http://malscxa.ac.ug/sqlite3.dll http://malscxa.ac.ug/mozglue.dll https://cdn.discordapp.com/attachments/752128569169281083/794719134130110464/Wypr123
|
10
rebelfgighter.ac.ug(194.61.53.10) - malware agentpapple.ac.ug() - mailcious cdn.discordapp.com(162.159.135.233) - malware discord.com(162.159.137.232) malscxa.ac.ug(194.61.53.10) taenaia.ac.ug(185.140.53.149) - mailcious 194.61.53.10 - malware 162.159.136.232 162.159.129.233 - malware 185.140.53.149 - mailcious
|
10
ET MALWARE AZORult v3.3 Server Response M3 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative) ET INFO Executable Download from dotted-quad Host ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
28.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44172 |
2021-01-03 14:38
|
ZG8Y0NI8.doc a92e2090f008413439f1936f59b92b6b Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
|
4
insvat.com(185.42.104.77) - malware 75.188.107.174 - mailcious 185.42.104.77 - malware 75.109.111.18 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
6.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44173 |
2021-01-03 14:30
|
TC1WI34YWX4.doc 40f79fcaa6e497435e1ac54f87fe90ab Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
|
4
mediatorstewart.com(192.169.217.36) - malware 75.188.107.174 - mailcious 192.169.217.36 - malware 75.109.111.18 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP
|
|
6.4 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44174 |
2021-01-03 14:29
|
uglNVuKJ8fDyYcpC8TZSUi.dll edcd762c12b22607a61e4c97e686f2d0 VirusTotal Malware PDB Malicious Traffic Checks debugger ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
3
138.197.99.250 - mailcious 152.170.79.100 - mailcious 190.247.139.101
|
|
|
9.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44175 |
2021-01-03 14:16
|
A2POF9K.doc 822dec5f5d51a065b4ff2a0b46eaecf0 Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
2
http://cahyaproperty.bbtbatam.com/mhD/ http://cahyaproperty.bbtbatam.com/cgi-sys/suspendedpage.cgi
|
14
coshou.com(207.148.24.55) techworldo.com(103.117.212.212) familylifetruth.com(162.254.150.6) - malware dieuhoaxanh.vn(112.213.89.42) - malware www.todoensaludips.com(142.44.230.78) - malware depannage-vehicule-maroc.com(81.169.145.152) - malware cahyaproperty.bbtbatam.com(101.50.1.27) 142.44.230.78 - mailcious 207.148.24.55 81.169.145.152 - malware 101.50.1.27 - mailcious 112.213.89.42 - malware 103.117.212.212 - mailcious 162.254.150.6 - malware
|
3
SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.2 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|