| 44221 |
2024-05-11 14:58
|
 12345.exe 4f2c92a5edd8ce7a482694b9ad9ecbcf
Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware DNS |
|
1
121.177.29.204 - mailcious
|
|
|
1.4 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44222 |
2024-05-11 14:59
|
MSI.msi b4a482a7e96cfdef632a7af286120156
Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee ComputerName |
|
10
altynbe.com(138.124.183.215)
uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io(3.72.42.242)
ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io(54.159.36.188)
boriz400.com(91.194.11.183)
anikvan.com(95.164.68.73)
35.157.36.116
54.159.36.188
91.194.11.183
138.124.183.215
95.164.68.73
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
2.8 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44223 |
2024-05-11 15:00
|
 crypted_87ddcda6.exe 344a8dde0a6cc31070a057bac27be18f
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
1.8 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44224 |
2024-05-11 15:03
|
 system32.exe d1c30d86c227f9c6669b9e3d45489ae0
Emotet Gen1 Generic Malware Malicious Library Antivirus UPX PE64 PE File CAB DLL PE32 .NET DLL powershell AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key |
|
1
|
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44225 |
2024-05-11 15:05
|
mexicangirlsareverybeautifulan... 0d7ac12ba297bd78e159a43ea09b247c
MS_RTF_Obfuscation_Objects RTF File doc buffers extracted ICMP traffic RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed |
2
http://forxlamfile.duckdns.org/mexicodatingloverforchildern.jpg
https://paste.ee/d/MgxAi
|
52
paste.ee(172.67.187.200) - mailcious
forxlamfile.duckdns.org(192.3.101.142)
85.214.59.108
109.109.51.9
103.103.192.139
51.89.47.213
36.99.141.101
191.6.197.244
191.96.1.123
146.59.24.90
156.251.11.188
160.121.231.70
120.77.172.36
39.61.219.100
202.29.95.12 - malware
89.132.179.61
161.97.93.251
192.3.101.142 - malware
192.185.22.100
173.198.207.4
137.66.61.164
46.242.218.88
154.201.182.65
185.141.190.195
154.9.29.232
89.191.19.91
94.23.69.241
143.198.193.141
185.146.29.29
93.123.72.70
170.239.64.169
197.248.169.246
67.43.2.167
164.46.51.142
172.67.187.200 - mailcious
162.33.30.166
154.26.231.89
88.99.174.114
192.185.175.34
192.232.215.188
107.174.121.222
121.199.55.53
160.226.173.208
79.235.135.93
173.201.190.178
207.241.199.86
209.58.169.75
85.134.27.181
199.167.131.41
78.135.106.67
128.204.133.48
69.174.97.122
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
|
|
6.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44226 |
2024-05-11 19:29
|
 htm.exe 983f094cf97faca11916d717b22b64ca
Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself Detects VMWare VMware Tofsee Interception crashed |
|
2
onedrive.live.com(13.107.139.11) - mailcious
13.107.139.11
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44227 |
2024-05-11 19:30
|
frideurpearoundhavesuchabeauti... c46f92a410d2ba774146b68c7f245d35
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/krGPZ
http://fridayyyyvert.3utilities.com/europefridayedatingloverforchildern.jpg
|
7
paste.ee(104.21.84.67) - mailcious
fridayyyyvert.3utilities.com(192.3.101.142) - malware
uploaddeimagens.com.br(172.67.215.45) - malware
61.111.58.34 - malware
172.67.187.200 - mailcious
104.21.45.138 - malware
192.3.101.142 - malware
|
4
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY DNS Query to DynDNS Domain *.3utilities .com
ET INFO DYNAMIC_DNS HTTP Request to a *.3utilities .com Domain
|
|
4.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44228 |
2024-05-11 19:31
|
 Photo.scr 24eef227b95647e2ef8edf1b194d97ca
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
2.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44229 |
2024-05-11 19:31
|
 av_downloader.exe 8af4f985862c71682e796dcc912f27dc
Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File PE32 CAB VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS |
1
http://206.217.142.166:1234/windows/dr/dr.bat
|
1
|
|
|
9.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44230 |
2024-05-11 19:34
|
Photo.scr 8caa858a427dda38bced89183ad90530
Generic Malware Malicious Library UPX PE File OS Processor Check VirusTotal Malware |
|
|
|
|
0.4 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44231 |
2024-05-11 19:34
|
 xsharonzx.scr 9de9a50ec8399bcbea1697aed7f6b093
LokiBot Malicious Library .NET framework(MSIL) UPX Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software |
1
http://195.123.211.210/evie1/five/fre.php
|
1
|
|
|
14.0 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44232 |
2024-05-11 19:34
|
 beautifulgirlkeeptellingmeiwas... 07a9cf0368cad4b17cde67a7a60122a6
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
http://107.172.31.6/47009/imaginebeautifulpicture.jpg
https://paste.ee/d/8ItTk
|
3
paste.ee(172.67.187.200) - mailcious
107.172.31.6 - mailcious
104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44233 |
2024-05-11 19:36
|
 update.exe 1cedab2d08b660685f82d3a7c591bb47
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44234 |
2024-05-11 19:36
|
sweetgirllovedflowerseverywher... da7d7321a3f4c635422b6e04de990c23
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Windows Exploit DNS crashed Downloader |
1
http://103.186.117.21/29020/hjv.exe
|
3
onedrive.live.com(13.107.139.11) - mailcious
13.107.137.11 - mailcious
103.186.117.21 - mailcious
|
8
ET DROP Spamhaus DROP Listed Traffic Inbound group 17
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44235 |
2024-05-11 19:38
|
 wfopkrgoplq.exe 6a267a91de66ab6c8fbdf4cbaa1e27e9
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
5.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|