44491 |
2020-12-20 18:18
|
CyberGuard.exe d259f32b74a652fd423459736e397f73 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
|
1
|
|
|
10.0 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44492 |
2020-12-20 18:09
|
CyberGuard.exe d259f32b74a652fd423459736e397f73 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
|
1
|
|
|
9.0 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44493 |
2020-12-20 18:08
|
Fireeye.exe 70f2b6159dad55915ade4a201644f89c VirusTotal Malware RWX flags setting unpack itself Windows crashed |
|
|
|
|
3.2 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44494 |
2020-12-19 22:23
|
AQW.exe 6aa2322441883ae8dce5403dc0de0c83 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself suspicious process malicious URLs Windows ComputerName Cryptographic key crashed keylogger |
|
2
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.143) - mailcious 192.253.246.143
|
|
|
15.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44495 |
2020-12-19 22:06
|
AQW.exe 6aa2322441883ae8dce5403dc0de0c83 Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself suspicious process malicious URLs Windows DNS Cryptographic key keylogger |
|
2
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.143) - mailcious 192.253.246.143
|
|
|
14.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44496 |
2020-12-18 18:37
|
winlog.exe ded64e567dba740ae8a47527ae486651 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software |
1
http://webtex.ga/akin/gate.php - rule_id: 186
|
2
webtex.ga(185.193.143.118) - mailcious 185.193.143.118
|
8
ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Fake 404 Response
|
1
http://webtex.ga/akin/gate.php
|
13.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44497 |
2020-12-18 18:37
|
vbc.exe f653761c51d9032885abee7c4da9b06c VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44498 |
2020-12-18 18:31
|
regasm.exe 4578b188645f157291b8081faf680a4a Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software |
|
2
begadi.ga(185.193.143.118) - mailcious 185.193.143.118
|
10
ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
|
13.6 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44499 |
2020-12-18 18:31
|
svchost.exe ed427d483fedf9e80f4a3cbba7638b06 VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox suspicious process malicious URLs VMware anti-virtualization ComputerName Software |
1
http://www.collaborativeprosperity.com/kgw/?tZUP=ZTGFXILPBGyvvjWZr7XaEGL3pYrty2mW6bog9Ez6xTGxXN0WUyjWA3yW7Ca1/fiMcxzlU7Cj&9r4L1=FdC0
|
3
www.collaborativeprosperity.com(34.102.136.180) www.viagraytqwi.com() 34.102.136.180 - mailcious
|
|
|
13.8 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44500 |
2020-12-18 17:53
|
kg.exe 8c29b3b5d7de4173ce340ff4c2dffe10 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS crashed |
|
|
|
|
12.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44501 |
2020-12-18 17:53
|
102w.jpg.exe 7ee7f1272a292fff71d189f5f3b908ca VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://paste.ee/r/MZBBS https://paste.ee/r/TK7t6
|
2
paste.ee(104.18.49.20) - mailcious 172.67.219.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44502 |
2020-12-18 17:47
|
svchost.exe 50b29294dbc99f5c880e59ce9e08c983 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName Trojan DNS Software |
1
http://begadi.ga/chud/gate.php - rule_id: 161
|
2
begadi.ga(185.193.143.118) - mailcious 185.193.143.118
|
10
ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO DNS Query for Suspicious .ga Domain ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://begadi.ga/chud/gate.php
|
13.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44503 |
2020-12-18 17:47
|
win32.exe 6179cc7f3caa1ab44cf06fc4917813e4 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Trojan DNS Software |
1
http://begadi.ga/clue/gate.php - rule_id: 158
|
2
begadi.ga(185.193.143.118) - mailcious 185.193.143.118
|
10
ET INFO DNS Query for Suspicious .ga Domain ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP POST Request to Suspicious *.ga Domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://begadi.ga/clue/gate.php
|
13.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44504 |
2020-12-18 16:48
|
regasm.exe 2dd315281d64b04beca11cc61101baaa VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs DNS |
|
|
|
|
6.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44505 |
2020-12-18 16:47
|
loader.hta eb55d80407a08dbfa854c7e6ebc7178a VirusTotal Malware malicious URLs crashed |
|
|
|
|
1.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|