| 44326 |
2024-05-16 09:11
|
 647c143e-7885-49f0-aca4-712bdd... 84db43a164ce3f375e38430aa3c817c5
Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key |
|
|
|
|
4.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44327 |
2024-05-16 09:11
|
 vnc.exe a9d3bb0da3b9e0e7e58d67bd854600e1
Formbook Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
2
http://www.zshoessale.com/ht3d/?X2JtLLIP=KNW++co0WOUUOeVy1yumhiPpCJt5B+GOr4dwSTSfofY/YX8F6Ro1LNTkPqjSHYlOaPmihmJ6&bl=UVW8MhVXhZQ8-4w
http://www.coachwunder.com/ht3d/?X2JtLLIP=/YUL6YCHhTiRbngjw+JX2TJKTr93KVrGBAteOVqB4a1cvSMCaV6LIhkawvKbzE1nb4sI3EFe&bl=UVW8MhVXhZQ8-4w
|
6
www.coachwunder.com(91.195.240.19)
www.used-cars-77695.bond()
www.earthoftender.com()
www.zshoessale.com(104.21.35.22)
91.195.240.19 - mailcious
172.67.211.158
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44328 |
2024-05-16 09:12
|
 mimikats.ps1 929da23097367077c3678dea19303133
Hide_EXE Generic Malware Antivirus VirusTotal Malware powershell Check memory heapspray unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
2.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44329 |
2024-05-16 09:13
|
beautifuldaystartedwithbeautiu... 6fd521ca6607ad89cfaabeccfa7ae150
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed |
1
http://198.12.81.162/60590/spoolsv.exe
|
1
198.12.81.162 - mailcious
|
5
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44330 |
2024-05-16 09:14
|
 regasms.exe 9cded6e0c0b625370bb17884b7611955
AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Malware download AsyncRAT NetWireRC VirusTotal Malware DDNS DoTNet |
|
2
leetboy.dynuddns.net(185.196.11.252)
185.196.11.252
|
4
ET INFO DYNAMIC_DNS Query to a *.dynuddns .net Domain
ET DROP Spamhaus DROP Listed Traffic Inbound group 32
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
ET MALWARE Generic AsyncRAT Style SSL Cert
|
|
1.2 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44331 |
2024-05-16 09:16
|
 vncx.exe d21ff27f8fcaee1acf0047dde48f4759
NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44332 |
2024-05-16 09:17
|
beautifulthingstohappenedevery... faf0cacc6b11e438c4bfec5aff2e4927
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed |
2
https://api.ipify.org/
http://192.227.173.67/Ifeanyi.exe
|
3
api.ipify.org(172.67.74.152)
192.227.173.67 - malware
172.67.74.152
|
8
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44333 |
2024-05-16 09:17
|
 costs.vbs d789af96fc286fcccec141524b71d243
Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
1
http://91.92.251.57:80/holo.png
|
|
|
|
5.4 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44334 |
2024-05-16 09:19
|
 BigProject.exe bcc6522e6cd09522a15bd196f39ae6fa
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Tofsee ComputerName crashed |
|
2
bitbucket.org(104.192.141.1) - malware
104.192.141.1 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.0 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44335 |
2024-05-16 09:20
|
AppGate2103v01.exe 362697c95a1c9964af1ab23ddfc29b04
Themida Packer MPRESS PE64 PE File VirusTotal Malware heapspray unpack itself Windows crashed |
|
|
|
|
4.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44336 |
2024-05-16 09:21
|
beautifulimagesgetmebacktotheu... a1868b7be5d36a3ee8255f438ab3fd30
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
1
http://45.33.50.155/2202/sampleimagepixelupdated.jpg
|
1
|
|
|
4.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44337 |
2024-05-16 09:24
|
 spoolsv.exe 6b080165abd64d082a4e0b0d7990840c
Generic Malware Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser |
4
http://www.gregoriusalvin.com/a42m/?4vGbLF=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&su=fQtUjSda-Qz5xqs
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
http://www.gregoriusalvin.com/a42m/
http://www.tintasmaiscor.com/a42m/
|
10
www.italiangreyhounds.online()
www.gregoriusalvin.com(103.247.10.164)
www.tintasmaiscor.com(162.240.81.18)
www.designsbysruly.com()
www.gcashservice247.com()
www.weeveno.com()
www.infomail.website()
162.240.81.18 - mailcious
103.247.10.164
45.33.6.223
|
1
ET MALWARE FormBook CnC Checkin (GET) M5
|
|
12.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44338 |
2024-05-16 09:26
|
 lync.exe c37355fcfdc33a45159dce1b21e20d88
Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44339 |
2024-05-16 18:20
|
 gold.exe 7f981db325bfed412599b12604bd00ab
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44340 |
2024-05-16 18:20
|
 redline1.exe 9faf597de46ed64912a01491fe550d33
RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
185.215.113.67 - mailcious
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 32
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
8.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|