| 44491 |
2020-12-20 18:18
|
CyberGuard.exe d259f32b74a652fd423459736e397f73
VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
|
1
|
|
|
10.0 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44492 |
2020-12-20 18:09
|
CyberGuard.exe d259f32b74a652fd423459736e397f73
VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
|
1
|
|
|
9.0 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44493 |
2020-12-20 18:08
|
Fireeye.exe 70f2b6159dad55915ade4a201644f89c
VirusTotal Malware RWX flags setting unpack itself Windows crashed |
|
|
|
|
3.2 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44494 |
2020-12-19 22:23
|
AQW.exe 6aa2322441883ae8dce5403dc0de0c83
VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself suspicious process malicious URLs Windows ComputerName Cryptographic key crashed keylogger |
|
2
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.143) - mailcious
192.253.246.143
|
|
|
15.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44495 |
2020-12-19 22:06
|
AQW.exe 6aa2322441883ae8dce5403dc0de0c83
Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself suspicious process malicious URLs Windows DNS Cryptographic key keylogger |
|
2
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.143) - mailcious
192.253.246.143
|
|
|
14.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44496 |
2020-12-18 18:37
|
winlog.exe ded64e567dba740ae8a47527ae486651
Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software |
1
http://webtex.ga/akin/gate.php - rule_id: 186
|
2
webtex.ga(185.193.143.118) - mailcious
185.193.143.118
|
8
ET INFO DNS Query for Suspicious .ga Domain
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.ga Domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Fake 404 Response
|
1
http://webtex.ga/akin/gate.php
|
13.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44497 |
2020-12-18 18:37
|
vbc.exe f653761c51d9032885abee7c4da9b06c
VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44498 |
2020-12-18 18:31
|
regasm.exe 4578b188645f157291b8081faf680a4a
Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software |
|
2
begadi.ga(185.193.143.118) - mailcious
185.193.143.118
|
10
ET INFO DNS Query for Suspicious .ga Domain
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.ga Domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
13.6 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44499 |
2020-12-18 18:31
|
svchost.exe ed427d483fedf9e80f4a3cbba7638b06
VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox suspicious process malicious URLs VMware anti-virtualization ComputerName Software |
1
http://www.collaborativeprosperity.com/kgw/?tZUP=ZTGFXILPBGyvvjWZr7XaEGL3pYrty2mW6bog9Ez6xTGxXN0WUyjWA3yW7Ca1/fiMcxzlU7Cj&9r4L1=FdC0
|
3
www.collaborativeprosperity.com(34.102.136.180)
www.viagraytqwi.com()
34.102.136.180 - mailcious
|
|
|
13.8 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44500 |
2020-12-18 17:53
|
kg.exe 8c29b3b5d7de4173ce340ff4c2dffe10
VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS crashed |
|
|
|
|
12.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44501 |
2020-12-18 17:53
|
102w.jpg.exe 7ee7f1272a292fff71d189f5f3b908ca
VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://paste.ee/r/MZBBS
https://paste.ee/r/TK7t6
|
2
paste.ee(104.18.49.20) - mailcious
172.67.219.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44502 |
2020-12-18 17:47
|
svchost.exe 50b29294dbc99f5c880e59ce9e08c983
Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software |
1
http://begadi.ga/chud/gate.php - rule_id: 161
|
2
begadi.ga(185.193.143.118) - mailcious
185.193.143.118
|
10
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO DNS Query for Suspicious .ga Domain
ET INFO HTTP POST Request to Suspicious *.ga Domain
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://begadi.ga/chud/gate.php
|
13.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44503 |
2020-12-18 17:47
|
win32.exe 6179cc7f3caa1ab44cf06fc4917813e4
Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software |
1
http://begadi.ga/clue/gate.php - rule_id: 158
|
2
begadi.ga(185.193.143.118) - mailcious
185.193.143.118
|
10
ET INFO DNS Query for Suspicious .ga Domain
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.ga Domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://begadi.ga/clue/gate.php
|
13.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44504 |
2020-12-18 16:48
|
regasm.exe 2dd315281d64b04beca11cc61101baaa
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs DNS |
|
|
|
|
6.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44505 |
2020-12-18 16:47
|
loader.hta eb55d80407a08dbfa854c7e6ebc7178a
VirusTotal Malware malicious URLs crashed |
|
|
|
|
1.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|