| 44161 |
2021-01-04 19:46
|
file.exe 2707a1146af033468369f6ea6b322282
VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44162 |
2021-01-04 19:42
|
fa.exe 5188c198e093757a394d4bcb495f325d
VirusTotal Malware AutoRuns Check memory RWX flags setting unpack itself malicious URLs AntiVM_Disk anti-virtualization VM Disk Size Check Windows |
|
|
|
|
4.6 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44163 |
2021-01-04 19:36
|
ebook.exe 07f79b595254bd60ccec7561e858de35
Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check |
|
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44164 |
2021-01-04 19:30
|
ds1.exe 75ce299ceb045c97ab990e27b0e71f41
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself malicious URLs crashed |
|
|
|
|
8.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44165 |
2021-01-04 19:29
|
CLzuij6r3l8hw0B.exe 6e4da3fa7328c529bb8ff1b892b61c38
suspicious privilege Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44166 |
2021-01-04 19:26
|
client_connector.exe 5d1df2995bd1b54b98368d2287d34713
VirusTotal Malware AutoRuns PDB Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder malicious URLs IP Check Tofsee Windows DNS |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt
https://api.ipify.org/
|
5
api.ipify.org(23.21.42.25)
crt.comodoca.com(91.199.212.52)
org-2fa.link() - malware
91.199.212.52
23.21.252.4
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44167 |
2021-01-04 19:25
|
angelx.scr 980bd29a88ceb4a3e0f07d789768bcbf
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
|
|
|
12.0 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44168 |
2021-01-04 19:15
|
angelx.scr 980bd29a88ceb4a3e0f07d789768bcbf
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName DNS Cryptographic key Software crashed keylogger |
|
|
|
|
13.8 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44169 |
2021-01-04 19:15
|
BXC6N26G9.doc 40f79fcaa6e497435e1ac54f87fe90ab
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
|
4
mediatorstewart.com(192.169.217.36) - malware
75.188.107.174 - mailcious
75.109.111.18 - mailcious
192.169.217.36 - malware
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
6.6 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44170 |
2021-01-04 15:50
|
130322_FS_Setup.exe 0127495b7b6ec2eeb59684745fbcdf16
VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
2.0 |
|
11 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44171 |
2021-01-03 14:40
|
aghkdfgh.exe 170faeb45ecbd3499349403e53573a5f
Browser Info Stealer Emotet Malware download FTP Client Info Stealer Vidar Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Ransomware Interception Zeus OskiStealer Stealer Windows Browser Email ComputerName Cryptographic key Software crashed Downloader |
11
http://malscxa.ac.ug/nss3.dll
http://malscxa.ac.ug/msvcp140.dll
http://rebelfgighter.ac.ug/index.php
http://malscxa.ac.ug/softokn3.dll
http://malscxa.ac.ug/vcruntime140.dll
http://malscxa.ac.ug/main.php
http://malscxa.ac.ug/
http://malscxa.ac.ug/freebl3.dll
http://malscxa.ac.ug/sqlite3.dll
http://malscxa.ac.ug/mozglue.dll
https://cdn.discordapp.com/attachments/752128569169281083/794719134130110464/Wypr123
|
10
rebelfgighter.ac.ug(194.61.53.10) - malware
agentpapple.ac.ug() - mailcious
cdn.discordapp.com(162.159.135.233) - malware
discord.com(162.159.137.232)
malscxa.ac.ug(194.61.53.10)
taenaia.ac.ug(185.140.53.149) - mailcious
194.61.53.10 - malware
162.159.136.232
162.159.129.233 - malware
185.140.53.149 - mailcious
|
10
ET MALWARE AZORult v3.3 Server Response M3
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)
ET INFO Executable Download from dotted-quad Host
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2
ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
28.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44172 |
2021-01-03 14:38
|
ZG8Y0NI8.doc a92e2090f008413439f1936f59b92b6b
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
|
4
insvat.com(185.42.104.77) - malware
75.188.107.174 - mailcious
185.42.104.77 - malware
75.109.111.18 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
6.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44173 |
2021-01-03 14:30
|
TC1WI34YWX4.doc 40f79fcaa6e497435e1ac54f87fe90ab
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Windows DNS |
|
4
mediatorstewart.com(192.169.217.36) - malware
75.188.107.174 - mailcious
192.169.217.36 - malware
75.109.111.18 - mailcious
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE - Served Attached HTTP
|
|
6.4 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44174 |
2021-01-03 14:29
|
uglNVuKJ8fDyYcpC8TZSUi.dll edcd762c12b22607a61e4c97e686f2d0
VirusTotal Malware PDB Malicious Traffic Checks debugger ICMP traffic RWX flags setting unpack itself malicious URLs sandbox evasion Windows Advertising ComputerName DNS Cryptographic key |
|
3
138.197.99.250 - mailcious
152.170.79.100 - mailcious
190.247.139.101
|
|
|
9.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44175 |
2021-01-03 14:16
|
A2POF9K.doc 822dec5f5d51a065b4ff2a0b46eaecf0
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee DNS |
2
http://cahyaproperty.bbtbatam.com/mhD/
http://cahyaproperty.bbtbatam.com/cgi-sys/suspendedpage.cgi
|
14
coshou.com(207.148.24.55)
techworldo.com(103.117.212.212)
familylifetruth.com(162.254.150.6) - malware
dieuhoaxanh.vn(112.213.89.42) - malware
www.todoensaludips.com(142.44.230.78) - malware
depannage-vehicule-maroc.com(81.169.145.152) - malware
cahyaproperty.bbtbatam.com(101.50.1.27)
142.44.230.78 - mailcious
207.148.24.55
81.169.145.152 - malware
101.50.1.27 - mailcious
112.213.89.42 - malware
103.117.212.212 - mailcious
162.254.150.6 - malware
|
3
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.2 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|