44341 |
2024-05-16 18:22
|
FlexPremises.exe bdaf0c44377ebc825e98d8e649ca8f4b NSIS Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName |
|
|
|
|
6.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44342 |
2024-05-17 07:29
|
324hj23k4jh423kjh4g423.exe 348bce7a46271aa5ff25de5e15e291d4 Malicious Library Downloader UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
1.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44343 |
2024-05-17 07:31
|
smss.exe 413bf385b1f985dcd43e2cdd2ebce8c5 Formbook Generic Malware Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser crashed |
9
http://www.crimsoncascade.xyz/a42m/ http://www.gregoriusalvin.com/a42m/ - rule_id: 39605 http://www.gregoriusalvin.com/a42m/?AhB=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&eS0G=fcpMuMP5iihRHWDU - rule_id: 39605 http://www.xn--bb55rtp-9va2p.store/a42m/?AhB=SpRmwiWWWie0LiCQik30fMumghQ1V43TuTRukl4i+K/mOSJ9++mg5ZeFxUAkG3Pdc43Qwg0V3CKoqh5jVerICFqxOreCo6UFThdoK0ITtUR0x3kt6DvHO7oYbUe5+lYToPjvUAg=&eS0G=fcpMuMP5iihRHWDU http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip http://www.crimsoncascade.xyz/a42m/?AhB=OaCxij+az8CWZkVV/54ln7Tii7cuYBvJsZdPmSHU0RFVoK/pLfrBdHMvdCD9qCJrgyFEUHy2yFOAdhP54QELuvsZtM/ZdHBp7cl68dN6EF+6a9fy3QPRhNX/VA1OInBnCfWbr6U=&eS0G=fcpMuMP5iihRHWDU http://www.xn--bb55rtp-9va2p.store/a42m/ http://www.tintasmaiscor.com/a42m/?AhB=BaBbynwG2FaMiw+hhIbbh28MgtbEHbpnPsDfKOVNrs70A5vduIAGjxN5gftBLQVIAtEactO1mhmKtuNjdeyvWaHsEukAqVbBiuakY2ayn/21WOCwyWJ4ZPsM5Fw7u2uLCIVlGog=&eS0G=fcpMuMP5iihRHWDU - rule_id: 39606 http://www.tintasmaiscor.com/a42m/ - rule_id: 39606
|
14
www.crimsoncascade.xyz(162.0.237.22) www.italiangreyhounds.online() - mailcious www.xn--bb55rtp-9va2p.store(84.32.84.32) www.gregoriusalvin.com(103.247.10.164) - mailcious www.tintasmaiscor.com(162.240.81.18) - mailcious www.designsbysruly.com() - mailcious www.gcashservice247.com() - mailcious www.weeveno.com() - mailcious www.infomail.website() - mailcious 162.0.237.22 84.32.84.32 - mailcious 45.33.6.223 162.240.81.18 - mailcious 103.247.10.164 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET) M5
|
4
http://www.gregoriusalvin.com/a42m/ http://www.gregoriusalvin.com/a42m/ http://www.tintasmaiscor.com/a42m/ http://www.tintasmaiscor.com/a42m/
|
10.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44344 |
2024-05-17 07:32
|
ReurgingGleek.exe 1d3535cc01b2cc54b808a55e945707a0 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44345 |
2024-05-17 07:32
|
bas.exe 53d0c5288b720419cb95ed2cb57cbfd9 Malicious Library UPX AntiDebug AntiVM PE File DllRegisterServer dll PE32 MZP Format URL Format VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Tofsee Interception Windows Advertising Google ComputerName DNS Cryptographic key keylogger |
2
https://drive.usercontent.google.com/download?id=1_F5U1nd9cmh25WycEA26uaCrdwmT4bZN&export=download https://drive.google.com/uc?export=download&id=1_F5U1nd9cmh25WycEA26uaCrdwmT4bZN
|
5
drive.usercontent.google.com(142.250.206.193) - mailcious drive.google.com(142.250.76.142) - mailcious 63.250.43.146 142.251.220.14 142.250.66.65
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44346 |
2024-05-17 07:34
|
yak.exe 33bbd27a00b4160a844a7edf2efef84e Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format URL Format Remcos VirusTotal Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Tofsee Windows Advertising Google DNS DDNS keylogger |
3
http://geoplugin.net/json.gp https://drive.google.com/uc?export=download&id=17oU8oYytI1akPiuIHIUd9KLqlDrKFCY3 https://drive.usercontent.google.com/download?id=17oU8oYytI1akPiuIHIUd9KLqlDrKFCY3&export=download
|
8
drive.usercontent.google.com(142.250.206.193) - mailcious geoplugin.net(178.237.33.50) drive.google.com(142.250.76.142) - mailcious myumysmeetr.ddns.net(89.117.145.5) 142.251.220.78 178.237.33.50 142.250.66.97 89.117.145.5
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY DNS Query to DynDNS Domain *.ddns .net ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
5.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44347 |
2024-05-17 07:39
|
gotomeeting.exe 877187ad95d25a0e3582331588ac8892 Malicious Library PE64 PE File VirusTotal Malware Malicious Traffic RWX flags setting unpack itself ComputerName DNS |
1
http://3.208.96.244/functionalStatus?_=EInrswNj-Smw7wHUODEblLL439ayqOOtH_5tR6ROrd0QGwcO1yuDBudGKa4SC9TtxUwCInmkBxwGljbmw0ILNKuyhL8Nlfy8cQKnl4mbPhiqNUkRPS4Fq54Lqcliho2IiNBBA30VUjOrMgNSUV_JL-Rjy6UxR-vRc9NeDvPoRko
|
1
|
|
|
4.4 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44348 |
2024-05-17 07:39
|
sb.exe 04bcca3d8db9f3034c8814acd8735073 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory Windows |
|
|
|
|
2.2 |
|
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44349 |
2024-05-17 07:41
|
grace.exe 6cb57b7bbac238426bb2f888fbfc3ed7 Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.6 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44350 |
2024-05-17 07:43
|
shell.exe 346dae7e729ed4f192d213fcd2292d58 UPX MPRESS PE File PE32 DLL VirusTotal Malware AutoRuns Check memory Creates executable files AppData folder sandbox evasion Windows |
|
|
|
|
4.6 |
|
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44351 |
2024-05-17 09:10
|
mrngisagreatdayformebecausewew... 8dc3b5e3a2c0fbc303f76905e8247926 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware ICMP traffic RWX flags setting exploit crash Tofsee Exploit DNS DDNS crashed |
2
http://wednesdayyyymangeo.duckdns.org/morning_wednesdaydatingmango.vbs https://paste.ee/d/ougGo
|
4
wednesdayyyymangeo.duckdns.org(107.173.4.20) paste.ee(172.67.187.200) - mailcious 107.173.4.20 - malware 172.67.187.200 - mailcious
|
5
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
|
|
4.4 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44352 |
2024-05-17 09:10
|
createdbeautifulimagesentirepl... 118a6298bf966ad5979e15faca957cbd MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed |
2
http://172.245.123.8/80090/createdveryhdimagestoview.png https://paste.ee/d/OJmBL
|
3
paste.ee(172.67.187.200) - mailcious 104.21.84.67 - malware 172.245.123.8 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44353 |
2024-05-17 09:11
|
dl.php 9b811321fcab794c77c3f9a6b6622c37 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44354 |
2024-05-17 09:13
|
weneverneedtokissflowersbeause... 4f3983c99751f41c7d1639fccbee0491 Formbook MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed |
13
http://www.crimsoncascade.xyz/a42m/
http://www.gregoriusalvin.com/a42m/ - rule_id: 39605
http://www.gregoriusalvin.com/a42m/?IWGZfq=6CH/YRMAK7aydmoeIYug/5bPLtmJ66q3593I/qH1Euv5gdtO1aVIO5sIkdD8Uy+PegRauaWIQNwg1s6QWSBfdi8lbfjBcXeXE7/rv5fmweeN04I7MmJWMdAH+Ho2e4yDZBqoJ1k=&6Za=ySE9k110 - rule_id: 39605
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip
http://www.xn--bb55rtp-9va2p.store/a42m/?IWGZfq=SpRmwiWWWie0LiCQik30fMumghQ1V43TuTRukl4i+K/mOSJ9++mg5ZeFxUAkG3Pdc43Qwg0V3CKoqh5jVerICFqxOreCo6UFThdoK0ITtUR0x3kt6DvHO7oYbUe5+lYToPjvUAg=&6Za=ySE9k110
http://www.fidyart.com/a42m/?IWGZfq=TRa47sC0zg9DwlJH2ofZbpLPxb60FAnROaHr8XI2UWJs85O5KJ5v05dP6WLbumUjxgnYSz8VJIiFOj3/jDGGhDjJnNfIP19njrbmy90O84rAfsEKawWCksmZBQaaYfgJFBMVu+Q=&6Za=ySE9k110
http://www.tintasmaiscor.com/a42m/?IWGZfq=BaBbynwG2FaMiw+hhIbbh28MgtbEHbpnPsDfKOVNrs70A5vduIAGjxN5gftBLQVIAtEactO1mhmKtuNjdeyvWaHsEukAqVbBiuakY2ayn/21WOCwyWJ4ZPsM5Fw7u2uLCIVlGog=&6Za=ySE9k110 - rule_id: 39606
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip
http://www.fidyart.com/a42m/
http://www.crimsoncascade.xyz/a42m/?IWGZfq=OaCxij+az8CWZkVV/54ln7Tii7cuYBvJsZdPmSHU0RFVoK/pLfrBdHMvdCD9qCJrgyFEUHy2yFOAdhP54QELuvsZtM/ZdHBp7cl68dN6EF+6a9fy3QPRhNX/VA1OInBnCfWbr6U=&6Za=ySE9k110
http://www.xn--bb55rtp-9va2p.store/a42m/
http://www.tintasmaiscor.com/a42m/ - rule_id: 39606
http://192.3.216.156/71120/smss.exe
|
17
www.crimsoncascade.xyz(162.0.237.22)
www.fidyart.com(63.250.43.146)
www.italiangreyhounds.online() - mailcious
www.xn--bb55rtp-9va2p.store(84.32.84.32)
www.gregoriusalvin.com(103.247.10.164) - mailcious
www.tintasmaiscor.com(162.240.81.18) - mailcious
www.designsbysruly.com() - mailcious
www.gcashservice247.com() - mailcious
www.weeveno.com() - mailcious
www.infomail.website() - mailcious 162.0.237.22
84.32.84.32 - mailcious
45.33.6.223
63.250.43.147
162.240.81.18 - mailcious
103.247.10.164 - mailcious
192.3.216.156 - malware
|
7
ET MALWARE FormBook CnC Checkin (GET) M5 ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious smss.exe in URI ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
4
http://www.gregoriusalvin.com/a42m/ http://www.gregoriusalvin.com/a42m/ http://www.tintasmaiscor.com/a42m/ http://www.tintasmaiscor.com/a42m/
|
4.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44355 |
2024-05-17 09:13
|
dl.php d20089770bdb6ace5be655ee209e4f24 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|