| 44461 |
2024-05-22 13:26
|
 dr.bat ce802b6e8add0c59b4c1ceea614bafa3
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows |
4
http://206.217.142.166:1234/windows/dr/contents1.txt
http://206.217.142.166:1234/windows/dr/contents2.txt
http://206.217.142.166:1234/windows/dr/contents3.txt
http://206.217.142.166:1234/windows/dr/contents4.txt
|
|
|
|
3.8 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44462 |
2024-05-22 13:26
|
 lamda.cmd 7aad5e78aa5e3c4c1fd5da339379185e
Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
2
http://85.209.133.18/LgGFdDAm/AntiVirus.exe
http://85.209.133.18/LgGFdDAm/AntiVirus2.exe
|
|
|
|
5.2 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44463 |
2024-05-23 01:06
|
 crypted.exe 8246f422d28415bbb58d8fa3e2891817
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
47 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44464 |
2024-05-23 03:30
|
https://onedrive.live.com/?aut... 1f0a8223e2e506ee6878045f0f96902f
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
onedrive.live.com(13.107.139.11) - mailcious
13.107.139.11
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44465 |
2024-05-23 09:32
|
 AntiVirus2.exe 46fc9e5e1fbeed55281cd5f25310f8d3
PE File .NET EXE PE32 Malware download AsyncRAT NetWireRC VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Check memory Checks debugger buffers extracted unpack itself Ransomware Windows ComputerName DNS Cryptographic key |
|
1
|
4
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SURICATA Applayer Detect protocol only one direction
ET MALWARE Generic AsyncRAT Style SSL Cert
|
|
7.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44466 |
2024-05-23 09:35
|
 downexcel.php cb04460ddd619b8c8ee5640700e68505
Downloader PE64 PE File DLL Checks debugger unpack itself suspicious process Tofsee crashed |
1
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt
|
2
www.siguefutbol.com(194.124.213.167)
194.124.213.167
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44467 |
2024-05-23 09:37
|
 AAozznaq.exe a9438d893c19d866cf720a581c9476bc
Malicious Library PE File PE32 VirusTotal Malware crashed |
|
|
|
|
2.0 |
M |
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44468 |
2024-05-23 09:39
|
 ngown.exe 66e5c9de148b496d53b2968c6a03c257
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
5.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44469 |
2024-05-23 09:39
|
 AGambXYA.exe 6983f7001de10f4d19fc2d794c3eb534
Malicious Library PE File PE32 VirusTotal Malware Check memory WriteConsoleW |
|
|
|
|
1.6 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44470 |
2024-05-23 09:41
|
 gywervcyuj.exe d90f41701d76908bf5a1519fe7b99f23
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
1
|
2
api.ipify.org(104.26.12.205)
104.26.12.205
|
3
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
|
|
8.0 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44471 |
2024-05-23 09:44
|
 wxijgyp.exe ca82319fef771a184d1f98750e5bbb21
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Browser Email ComputerName crashed |
1
http://ip-api.com/line/?fields=hosting
|
2
ip-api.com(208.95.112.1)
208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
|
6.8 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44472 |
2024-05-23 09:46
|
lionshavethebeautiuflthingswhi... aee84865f46aa4a99f5298a9100c7965
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
https://paste.ee/d/KQnGa
http://107.172.148.210/XAMPP/kob/lionsbeautiuflpictureinHDquality.bmp
|
3
paste.ee(104.21.84.67) - mailcious
107.172.148.210 - malware
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44473 |
2024-05-23 09:47
|
bluelinkimagesgreatwithlionpic... 579ae7684b44059c6df7f843af04fd72
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
2
https://paste.ee/d/VBx1m
http://198.12.81.178/rev44/importedlionsbluelinkimagesview.bmp
|
3
paste.ee(104.21.84.67) - mailcious
104.21.84.67 - malware
198.12.81.178 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44474 |
2024-05-23 09:49
|
lionisthekingofthejunglewhosur... 0185e99b23980e018cdb8575daa7aca0
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
https://paste.ee/d/d1fcB
http://103.182.19.148/36U/lioniskingofjungleimagesHDisthis.bmp
|
3
paste.ee(172.67.187.200) - mailcious
103.182.19.148 - malware
104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44475 |
2024-05-23 09:51
|
lionisthekingofthejunglewhohav... 6aec8d3f4cf4fad632339f01c93cfd52
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
https://paste.ee/d/AiiY9
http://198.12.81.178/ma36/lionisthekingofthejunglewhichcanadvice.bmp
|
3
paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
198.12.81.178 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|