44326 |
2024-05-16 09:11
|
647c143e-7885-49f0-aca4-712bdd... 84db43a164ce3f375e38430aa3c817c5 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key |
|
|
|
|
4.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44327 |
2024-05-16 09:11
|
vnc.exe a9d3bb0da3b9e0e7e58d67bd854600e1 Formbook Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
2
http://www.zshoessale.com/ht3d/?X2JtLLIP=KNW++co0WOUUOeVy1yumhiPpCJt5B+GOr4dwSTSfofY/YX8F6Ro1LNTkPqjSHYlOaPmihmJ6&bl=UVW8MhVXhZQ8-4w http://www.coachwunder.com/ht3d/?X2JtLLIP=/YUL6YCHhTiRbngjw+JX2TJKTr93KVrGBAteOVqB4a1cvSMCaV6LIhkawvKbzE1nb4sI3EFe&bl=UVW8MhVXhZQ8-4w
|
6
www.coachwunder.com(91.195.240.19) www.used-cars-77695.bond() www.earthoftender.com() www.zshoessale.com(104.21.35.22) 91.195.240.19 - mailcious 172.67.211.158
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44328 |
2024-05-16 09:12
|
mimikats.ps1 929da23097367077c3678dea19303133 Hide_EXE Generic Malware Antivirus VirusTotal Malware powershell Check memory heapspray unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
2.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44329 |
2024-05-16 09:13
|
beautifuldaystartedwithbeautiu... 6fd521ca6607ad89cfaabeccfa7ae150 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed |
1
http://198.12.81.162/60590/spoolsv.exe
|
1
198.12.81.162 - mailcious
|
5
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44330 |
2024-05-16 09:14
|
regasms.exe 9cded6e0c0b625370bb17884b7611955 AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Malware download AsyncRAT NetWireRC VirusTotal Malware DDNS DoTNet |
|
2
leetboy.dynuddns.net(185.196.11.252) 185.196.11.252
|
4
ET INFO DYNAMIC_DNS Query to a *.dynuddns .net Domain ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) ET MALWARE Generic AsyncRAT Style SSL Cert
|
|
1.2 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44331 |
2024-05-16 09:16
|
vncx.exe d21ff27f8fcaee1acf0047dde48f4759 NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44332 |
2024-05-16 09:17
|
beautifulthingstohappenedevery... faf0cacc6b11e438c4bfec5aff2e4927 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed |
2
https://api.ipify.org/
http://192.227.173.67/Ifeanyi.exe
|
3
api.ipify.org(172.67.74.152) 192.227.173.67 - malware
172.67.74.152
|
8
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44333 |
2024-05-16 09:17
|
costs.vbs d789af96fc286fcccec141524b71d243 Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
1
http://91.92.251.57:80/holo.png
|
|
|
|
5.4 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44334 |
2024-05-16 09:19
|
BigProject.exe bcc6522e6cd09522a15bd196f39ae6fa Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Tofsee ComputerName crashed |
|
2
bitbucket.org(104.192.141.1) - malware 104.192.141.1 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44335 |
2024-05-16 09:20
|
AppGate2103v01.exe 362697c95a1c9964af1ab23ddfc29b04 Themida Packer MPRESS PE64 PE File VirusTotal Malware heapspray unpack itself Windows crashed |
|
|
|
|
4.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44336 |
2024-05-16 09:21
|
beautifulimagesgetmebacktotheu... a1868b7be5d36a3ee8255f438ab3fd30 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
1
http://45.33.50.155/2202/sampleimagepixelupdated.jpg
|
1
|
|
|
4.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44337 |
2024-05-16 09:24
|
spoolsv.exe 6b080165abd64d082a4e0b0d7990840c Generic Malware Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser |
4
http://www.gregoriusalvin.com/a42m/?4vGbLF=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&su=fQtUjSda-Qz5xqs http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip http://www.gregoriusalvin.com/a42m/ http://www.tintasmaiscor.com/a42m/
|
10
www.italiangreyhounds.online() www.gregoriusalvin.com(103.247.10.164) www.tintasmaiscor.com(162.240.81.18) www.designsbysruly.com() www.gcashservice247.com() www.weeveno.com() www.infomail.website() 162.240.81.18 - mailcious 103.247.10.164 45.33.6.223
|
1
ET MALWARE FormBook CnC Checkin (GET) M5
|
|
12.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44338 |
2024-05-16 09:26
|
lync.exe c37355fcfdc33a45159dce1b21e20d88 Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44339 |
2024-05-16 18:20
|
gold.exe 7f981db325bfed412599b12604bd00ab Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44340 |
2024-05-16 18:20
|
redline1.exe 9faf597de46ed64912a01491fe550d33 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
185.215.113.67 - mailcious
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
8.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|