44221 |
2024-05-11 14:58
|
12345.exe 4f2c92a5edd8ce7a482694b9ad9ecbcf Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware DNS |
|
1
121.177.29.204 - mailcious
|
|
|
1.4 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44222 |
2024-05-11 14:59
|
MSI.msi b4a482a7e96cfdef632a7af286120156 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee ComputerName |
|
10
altynbe.com(138.124.183.215) uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io(3.72.42.242) ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io(54.159.36.188) boriz400.com(91.194.11.183) anikvan.com(95.164.68.73) 35.157.36.116 54.159.36.188 91.194.11.183 138.124.183.215 95.164.68.73
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
2.8 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44223 |
2024-05-11 15:00
|
crypted_87ddcda6.exe 344a8dde0a6cc31070a057bac27be18f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
1.8 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44224 |
2024-05-11 15:03
|
system32.exe d1c30d86c227f9c6669b9e3d45489ae0 Emotet Gen1 Generic Malware Malicious Library Antivirus UPX PE64 PE File CAB DLL PE32 .NET DLL powershell AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key |
|
1
|
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44225 |
2024-05-11 15:05
|
mexicangirlsareverybeautifulan... 0d7ac12ba297bd78e159a43ea09b247c MS_RTF_Obfuscation_Objects RTF File doc buffers extracted ICMP traffic RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed |
2
http://forxlamfile.duckdns.org/mexicodatingloverforchildern.jpg https://paste.ee/d/MgxAi
|
52
paste.ee(172.67.187.200) - mailcious forxlamfile.duckdns.org(192.3.101.142) 85.214.59.108 109.109.51.9 103.103.192.139 51.89.47.213 36.99.141.101 191.6.197.244 191.96.1.123 146.59.24.90 156.251.11.188 160.121.231.70 120.77.172.36 39.61.219.100 202.29.95.12 - malware 89.132.179.61 161.97.93.251 192.3.101.142 - malware 192.185.22.100 173.198.207.4 137.66.61.164 46.242.218.88 154.201.182.65 185.141.190.195 154.9.29.232 89.191.19.91 94.23.69.241 143.198.193.141 185.146.29.29 93.123.72.70 170.239.64.169 197.248.169.246 67.43.2.167 164.46.51.142 172.67.187.200 - mailcious 162.33.30.166 154.26.231.89 88.99.174.114 192.185.175.34 192.232.215.188 107.174.121.222 121.199.55.53 160.226.173.208 79.235.135.93 173.201.190.178 207.241.199.86 209.58.169.75 85.134.27.181 199.167.131.41 78.135.106.67 128.204.133.48 69.174.97.122
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
|
|
6.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44226 |
2024-05-11 19:29
|
htm.exe 983f094cf97faca11916d717b22b64ca Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself Detects VMWare VMware Tofsee Interception crashed |
|
2
onedrive.live.com(13.107.139.11) - mailcious 13.107.139.11
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44227 |
2024-05-11 19:30
|
frideurpearoundhavesuchabeauti... c46f92a410d2ba774146b68c7f245d35 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/krGPZ
http://fridayyyyvert.3utilities.com/europefridayedatingloverforchildern.jpg
|
7
paste.ee(104.21.84.67) - mailcious
fridayyyyvert.3utilities.com(192.3.101.142) - malware
uploaddeimagens.com.br(172.67.215.45) - malware 61.111.58.34 - malware
172.67.187.200 - mailcious
104.21.45.138 - malware
192.3.101.142 - malware
|
4
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY DNS Query to DynDNS Domain *.3utilities .com ET INFO DYNAMIC_DNS HTTP Request to a *.3utilities .com Domain
|
|
4.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44228 |
2024-05-11 19:31
|
Photo.scr 24eef227b95647e2ef8edf1b194d97ca Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
2.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44229 |
2024-05-11 19:31
|
av_downloader.exe 8af4f985862c71682e796dcc912f27dc Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File PE32 CAB VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS |
1
http://206.217.142.166:1234/windows/dr/dr.bat
|
1
|
|
|
9.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44230 |
2024-05-11 19:34
|
Photo.scr 8caa858a427dda38bced89183ad90530 Generic Malware Malicious Library UPX PE File OS Processor Check VirusTotal Malware |
|
|
|
|
0.4 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44231 |
2024-05-11 19:34
|
xsharonzx.scr 9de9a50ec8399bcbea1697aed7f6b093 LokiBot Malicious Library .NET framework(MSIL) UPX Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software |
1
http://195.123.211.210/evie1/five/fre.php
|
1
|
|
|
14.0 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44232 |
2024-05-11 19:34
|
beautifulgirlkeeptellingmeiwas... 07a9cf0368cad4b17cde67a7a60122a6 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
http://107.172.31.6/47009/imaginebeautifulpicture.jpg https://paste.ee/d/8ItTk
|
3
paste.ee(172.67.187.200) - mailcious 107.172.31.6 - mailcious 104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44233 |
2024-05-11 19:36
|
update.exe 1cedab2d08b660685f82d3a7c591bb47 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44234 |
2024-05-11 19:36
|
sweetgirllovedflowerseverywher... da7d7321a3f4c635422b6e04de990c23 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Windows Exploit DNS crashed Downloader |
1
http://103.186.117.21/29020/hjv.exe
|
3
onedrive.live.com(13.107.139.11) - mailcious 13.107.137.11 - mailcious 103.186.117.21 - mailcious
|
8
ET DROP Spamhaus DROP Listed Traffic Inbound group 17 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44235 |
2024-05-11 19:38
|
wfopkrgoplq.exe 6a267a91de66ab6c8fbdf4cbaa1e27e9 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
5.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|