44461 |
2024-05-22 13:26
|
dr.bat ce802b6e8add0c59b4c1ceea614bafa3 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware Code Injection Check memory RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows |
4
http://206.217.142.166:1234/windows/dr/contents1.txt
http://206.217.142.166:1234/windows/dr/contents2.txt
http://206.217.142.166:1234/windows/dr/contents3.txt
http://206.217.142.166:1234/windows/dr/contents4.txt
|
|
|
|
3.8 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44462 |
2024-05-22 13:26
|
lamda.cmd 7aad5e78aa5e3c4c1fd5da339379185e Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
2
http://85.209.133.18/LgGFdDAm/AntiVirus.exe
http://85.209.133.18/LgGFdDAm/AntiVirus2.exe
|
|
|
|
5.2 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44463 |
2024-05-23 01:06
|
crypted.exe 8246f422d28415bbb58d8fa3e2891817 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
47 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44464 |
2024-05-23 03:30
|
https://onedrive.live.com/?aut... 1f0a8223e2e506ee6878045f0f96902f Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
onedrive.live.com(13.107.139.11) - mailcious 13.107.139.11
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44465 |
2024-05-23 09:32
|
AntiVirus2.exe 46fc9e5e1fbeed55281cd5f25310f8d3 PE File .NET EXE PE32 Malware download AsyncRAT NetWireRC VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Check memory Checks debugger buffers extracted unpack itself Ransomware Windows ComputerName DNS Cryptographic key |
|
1
|
4
SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SURICATA Applayer Detect protocol only one direction ET MALWARE Generic AsyncRAT Style SSL Cert
|
|
7.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44466 |
2024-05-23 09:35
|
downexcel.php cb04460ddd619b8c8ee5640700e68505 Downloader PE64 PE File DLL Checks debugger unpack itself suspicious process Tofsee crashed |
1
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt
|
2
www.siguefutbol.com(194.124.213.167) 194.124.213.167
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44467 |
2024-05-23 09:37
|
AAozznaq.exe a9438d893c19d866cf720a581c9476bc Malicious Library PE File PE32 VirusTotal Malware crashed |
|
|
|
|
2.0 |
M |
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44468 |
2024-05-23 09:39
|
ngown.exe 66e5c9de148b496d53b2968c6a03c257 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
5.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44469 |
2024-05-23 09:39
|
AGambXYA.exe 6983f7001de10f4d19fc2d794c3eb534 Malicious Library PE File PE32 VirusTotal Malware Check memory WriteConsoleW |
|
|
|
|
1.6 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44470 |
2024-05-23 09:41
|
gywervcyuj.exe d90f41701d76908bf5a1519fe7b99f23 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
1
|
2
api.ipify.org(104.26.12.205) 104.26.12.205
|
3
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
|
|
8.0 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44471 |
2024-05-23 09:44
|
wxijgyp.exe ca82319fef771a184d1f98750e5bbb21 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Browser Email ComputerName crashed |
1
http://ip-api.com/line/?fields=hosting
|
2
ip-api.com(208.95.112.1) 208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
|
6.8 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44472 |
2024-05-23 09:46
|
lionshavethebeautiuflthingswhi... aee84865f46aa4a99f5298a9100c7965 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
https://paste.ee/d/KQnGa
http://107.172.148.210/XAMPP/kob/lionsbeautiuflpictureinHDquality.bmp
|
3
paste.ee(104.21.84.67) - mailcious 107.172.148.210 - malware
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44473 |
2024-05-23 09:47
|
bluelinkimagesgreatwithlionpic... 579ae7684b44059c6df7f843af04fd72 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
2
https://paste.ee/d/VBx1m
http://198.12.81.178/rev44/importedlionsbluelinkimagesview.bmp
|
3
paste.ee(104.21.84.67) - mailcious 104.21.84.67 - malware
198.12.81.178 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44474 |
2024-05-23 09:49
|
lionisthekingofthejunglewhosur... 0185e99b23980e018cdb8575daa7aca0 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
https://paste.ee/d/d1fcB
http://103.182.19.148/36U/lioniskingofjungleimagesHDisthis.bmp
|
3
paste.ee(172.67.187.200) - mailcious 103.182.19.148 - malware
104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44475 |
2024-05-23 09:51
|
lionisthekingofthejunglewhohav... 6aec8d3f4cf4fad632339f01c93cfd52 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
https://paste.ee/d/AiiY9
http://198.12.81.178/ma36/lionisthekingofthejunglewhichcanadvice.bmp
|
3
paste.ee(104.21.84.67) - mailcious 172.67.187.200 - mailcious
198.12.81.178 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|