| 4411 |
2024-12-01 12:40
|
 lnwtLq4.exe 3475c7d37c7995451275305684114989
Generic Malware Malicious Library Malicious Packer UPX DllRegisterServer dll PE32 PE File OS Processor Check VirusTotal Malware suspicious privilege Windows |
|
|
|
|
2.6 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4412 |
2024-12-01 12:40
|
 gU8ND0g.exe 4c64aec6c5d6a5c50d80decb119b3c78
Generic Malware UPX Antivirus PE64 PE File VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.8 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4413 |
2024-12-01 02:27
|
 dns.log 09b081750dde8d0cebad84499db9fc11
ScreenShot Anti_VM AntiDebug AntiVM Check memory unpack itself |
|
|
|
|
1.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4414 |
2024-12-01 02:16
|
 analyzer.log a6a4a1e82b1baedd0016891a8c19e817
ScreenShot AntiDebug AntiVM Check memory unpack itself |
|
|
|
|
1.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4415 |
2024-11-29 22:11
|
https://lula.com.br/
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2d2ec6c2b091e
https://lula.com.br/
|
2
lula.com.br(104.21.69.207)
104.21.69.207
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4416 |
2024-11-29 22:11
|
https://lula.com.br/
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2d265a8c12aaa
https://lula.com.br/
|
2
lula.com.br(172.67.213.24)
104.21.69.207
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4417 |
2024-11-29 22:10
|
https://lula.com.br/
AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2d3d01995f7bb
https://lula.com.br/
|
2
lula.com.br(104.21.69.207)
172.67.213.24
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4418 |
2024-11-29 22:08
|
https://lula.com.br/
AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2d1259d9b2aaf
|
2
lula.com.br(172.67.213.24)
172.67.213.24
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4419 |
2024-11-29 22:08
|
https://lula.com.br/
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2cf690af27c35
https://lula.com.br/
|
2
lula.com.br(172.67.213.24)
104.21.69.207
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4420 |
2024-11-29 22:08
|
https://lula.com.br/
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2cf0e2b1f2aaa
https://lula.com.br/
|
2
lula.com.br(172.67.213.24)
104.21.69.207
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4421 |
2024-11-29 22:07
|
https://lula.com.br/
AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2ce7abdde2aaf
https://lula.com.br/
|
2
lula.com.br(172.67.213.24)
172.67.213.24
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4422 |
2024-11-29 22:06
|
https://lula.com.br/
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2cbe3a93669be
https://lula.com.br/
|
2
lula.com.br(104.21.69.207)
104.21.69.207
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4423 |
2024-11-29 22:06
|
https://lula.com.br/
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2cbae89597c35
https://lula.com.br/
|
2
lula.com.br(172.67.213.24)
104.21.69.207
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4424 |
2024-11-29 22:05
|
https://lula.com.br/
AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
https://lula.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ea2cbd3fef469a6
https://lula.com.br/
|
2
lula.com.br(104.21.69.207)
104.21.69.207
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4425 |
2024-11-29 21:57
|
 SSD-Z.exe dc6e1b46c89572020133463ec43ca414
Malicious Library Malicious Packer UPX PE32 PE File MZP Format VirusTotal Malware Check memory unpack itself AntiVM_Disk anti-virtualization VM Disk Size Check |
|
|
|
|
2.2 |
|
1 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|