44176 |
2024-05-07 14:39
|
winin-checker.exe 4149f3a009a0d407a22c36d1ad3c4116 UPX PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44177 |
2024-05-07 14:42
|
156.exe 5b8cd5d7476ecc75bf63024abbc61827 Craxs RAT Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName Cryptographic key Software crashed |
1
https://pastebin.com/raw/KE5Mft0T
|
4
aifiller.sbs(116.203.6.63) pastebin.com(104.20.3.235) - mailcious 104.20.4.235 - mailcious 116.203.6.63
|
3
ET INFO Microsoft net.tcp Connection Initialization Activity SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE MetaStealer Activity (Response)
|
|
14.4 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44178 |
2024-05-07 14:44
|
winin.exe 18c7f4960a41689820dae3ed4449b06c PE64 PE File VirusTotal Malware |
|
2
zeph.kryptex.network(142.132.131.238) 142.132.131.238
|
|
|
1.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44179 |
2024-05-07 14:47
|
aioc_5.0.0.63_it.exe 8159129f7ea53b01c9d930c38052112e Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS |
|
1
|
|
|
7.4 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44180 |
2024-05-07 16:58
|
winin.exe 18c7f4960a41689820dae3ed4449b06c HelloXD Ransomware PE64 PE File VirusTotal Malware |
|
2
zeph.kryptex.network(142.132.131.238) 142.132.131.238
|
|
|
1.4 |
M |
51 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44181 |
2024-05-07 17:05
|
libcef.exe d3466d3503d830cccdc003917572b7fc Generic Malware PE File PE32 VirusTotal Malware AutoRuns suspicious privilege RWX flags setting Windows DNS |
|
3
vip0388.cn() 142.132.131.238 49.232.243.145 - malware
|
|
|
4.4 |
M |
51 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44182 |
2024-05-07 17:58
|
1db61ae18c85d6aca77a4a3800af07... 1db61ae18c85d6aca77a4a3800af07b4 Generic Malware Malicious Library AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email |
|
|
|
|
4.0 |
|
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44183 |
2024-05-08 07:50
|
ngrok.exe d028e35142a32bb77301ea582548c71a Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware crashed |
|
|
|
|
0.8 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44184 |
2024-05-08 07:52
|
newexe.exe edcd9de4254f050ffa56e723be49c0c5 NSIS Generic Malware Malicious Library UPX Antivirus AntiDebug AntiVM PE64 PE File PowerShell PE32 OS Processor Check VirusTotal Malware powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization Tofsee Windows ComputerName DNS Cryptographic key crashed |
7
http://193.233.132.234/files/setup.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://nic-it.nl/games/index.php https://yip.su/RNWPd.exe - rule_id: 37623 https://realdeepai.org/6779d89b7a368f4f3f340b50a9d18d71.exe https://pastebin.com/raw/V6VJsrV3 - rule_id: 37255 https://onlycitylink.com/baf14778c246e15550645e30ba78ce1c.exe
|
20
jonathantwo.com(172.67.176.131) onlycitylink.com(104.21.18.166) realdeepai.org(172.67.193.79) firstfirecar.com(104.21.60.76) pastebin.com(172.67.19.24) - mailcious yip.su(172.67.169.89) - mailcious nic-it.nl(116.58.10.59) 172.67.193.79 172.67.19.24 - mailcious 104.21.60.76 182.162.106.33 - malware 172.67.169.89 193.233.132.234 - mailcious 81.183.132.103 104.21.31.124 - phishing 182.162.106.144 185.172.128.59 - malware 104.21.90.14 104.21.18.166 193.233.132.175 - malware
|
10
ET DROP Spamhaus DROP Listed Traffic Inbound group 37 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP
|
2
https://yip.su/RNWPd.exe https://pastebin.com/raw/V6VJsrV3
|
21.6 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44185 |
2024-05-08 07:52
|
ProjectE_5.exe aabe25c748360f1575c09d77cc281e07 Malicious Library UPX PE64 PE File Malware Malicious Traffic Checks debugger unpack itself ComputerName DNS |
1
http://64.95.10.243/api/mytest
|
1
|
|
|
3.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44186 |
2024-05-08 07:52
|
Isetup2.exe 6fbe36ef1d6599968f107c7b6eb19225 Generic Malware NSIS Antivirus Malicious Library UPX AntiDebug AntiVM PE64 PE File PowerShell PE32 OS Processor Check VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization Tofsee Windows ComputerName DNS Cryptographic key crashed |
7
http://193.233.132.234/files/setup.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://nic-it.nl/games/index.php https://pastebin.com/raw/xYhKBupz - rule_id: 36780 https://yip.su/RNWPd.exe - rule_id: 37623 https://realdeepai.org/6779d89b7a368f4f3f340b50a9d18d71.exe https://onlycitylink.com/baf14778c246e15550645e30ba78ce1c.exe
|
18
jonathantwo.com(104.21.31.124) onlycitylink.com(104.21.18.166) realdeepai.org(104.21.90.14) nic-it.nl(190.220.21.28) pastebin.com(172.67.19.24) - mailcious yip.su(104.21.79.77) - mailcious firstfirecar.com(104.21.60.76) 182.162.106.33 - malware 104.20.3.235 104.21.60.76 172.67.182.192 - mailcious 172.67.176.131 172.67.193.220 185.172.128.59 - malware 78.89.199.216 - malware 193.233.132.234 - mailcious 104.21.90.14 172.67.169.89
|
10
ET DROP Spamhaus DROP Listed Traffic Inbound group 32 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DROP Spamhaus DROP Listed Traffic Inbound group 37 ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO EXE - Served Attached HTTP
|
2
https://pastebin.com/raw/xYhKBupz https://yip.su/RNWPd.exe
|
20.2 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44187 |
2024-05-08 07:54
|
rdbc.exe bebc3002ec0a3811aea8644a88bf590e Craxs RAT Malicious Library Socket AntiDebug AntiVM PE File .NET EXE PE32 PNG Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications AntiVM_Disk sandbox evasion anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed |
1
https://db-ip.com/demo/home.php?s=185.82.218.142
|
5
ipinfo.io(34.117.186.192) db-ip.com(172.67.75.166) 172.67.75.166 185.82.218.142 - malware 34.117.186.192
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RisePro CnC Activity (Inbound) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE RisePro CnC Activity (Outbound)
|
|
15.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44188 |
2024-05-08 07:57
|
Discord.exe f0d723bcc3e6a9b9c2bce6662d7c5075 AsyncRAT Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Tofsee DNS |
|
5
pastebin.ai(198.12.245.107) 172.67.182.192 - mailcious 198.12.245.107 - malware 104.21.90.14 172.67.169.89
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44189 |
2024-05-08 07:59
|
cryptography_module_windows.ex... ec69806113c382160f37a6ace203e280 Gen1 Generic Malware Malicious Library UPX Anti_VM PE64 PE File OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files DNS |
|
5
182.162.106.144 172.67.193.79 182.162.106.33 - malware 104.21.18.166 172.67.169.89
|
|
|
3.2 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44190 |
2024-05-08 08:02
|
060.exe 95bc6944bac20cc15abd010760c63182 Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 MZP Format PE64 DLL OS Processor Check ftp DllRegisterServer dll Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed |
|
|
|
|
3.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|