| 44506 |
2020-12-18 16:18
|
net.exe a5965a9592a240bcaaaaafdcfaef13d2
VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself malicious URLs anti-virtualization installed browsers check Windows Browser ComputerName Cryptographic key |
|
|
|
|
6.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44507 |
2020-12-18 16:18
|
loader.hta eb55d80407a08dbfa854c7e6ebc7178a
VirusTotal Malware malicious URLs |
|
|
|
|
1.8 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44508 |
2020-12-18 15:40
|
Jormungandr4.exe 13b9ee8bc19bde796a4c17a8e082e5a4
VirusTotal Malware Check memory RWX flags setting unpack itself DNS |
|
|
|
|
3.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44509 |
2020-12-18 15:40
|
jEgLNI40Ro9O775.exe 7f267b65bf69ce79699d4893158df1ce
VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs |
6
http://www.whereinthezooareyou.com/e66m/?7n=DIL8tOhcg9HP3GwfV7qlioXlfu61iezVxIewch9gOr11yg86URjwoHMDV8tdy2sPgTSrBSzm&SZ=Y4C0ilYp7ZstNr7
http://www.helpwithutilitypaymentsnow.info/e66m/
http://www.helpwithutilitypaymentsnow.info/e66m/?7n=FEBAs7i0n4z6X0AiZh/5DZVdGmu7EkYB9YilD3B809caGLX74ShuCT+CLCnCyqApewF4Hhwd&SZ=Y4C0ilYp7ZstNr7
http://www.whereinthezooareyou.com/e66m/
http://www.momos-fast.com/e66m/
http://www.momos-fast.com/e66m/?7n=mxB+TmBlf/svbcyv5zfKBRhZ9+bTIZrwDTYgjpnV+ollFfetE9VJXIqqR6fiqHo7v3thMxx/&SZ=Y4C0ilYp7ZstNr7
|
10
www.galentherapeutics.com()
www.helpwithutilitypaymentsnow.info(18.218.104.7)
www.newsong.services()
www.lavenderholdingsgroup.com()
www.whereinthezooareyou.com(185.230.61.211)
www.momos-fast.com(34.102.136.180)
www.gazr.technology()
185.230.61.96
34.102.136.180 - mailcious
18.218.104.7
|
|
|
9.2 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44510 |
2020-12-18 12:16
|
CKC.exe 5fa29b2a0a86144477ff75ad70fe603d
Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows Cryptographic key crashed |
8
http://api.ipify.org/
https://hastebin.com/raw/anapozaxem
https://hastebin.com/raw/ohabiqahos
https://hastebin.com/raw/litakejowi
https://hastebin.com/raw/sosoreqiqe
https://hastebin.com/raw/jolekimoso
https://hastebin.com/raw/boyebaxako
https://hastebin.com/raw/ejemahopop
|
4
api.ipify.org(54.225.220.115)
hastebin.com(104.24.126.89) - mailcious
172.67.143.180 - mailcious
54.225.66.103
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup api.ipify.org
|
|
10.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44511 |
2020-12-18 12:13
|
Flash_Player_TW_v12.7.6.exe 68f1a2dc02dd729077427ff09c884eac
VirusTotal Malware unpack itself malicious URLs crashed |
|
|
|
|
4.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44512 |
2020-12-18 11:21
|
boi.exe e339abb742db28e895091e1a4b97a521
VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed |
|
|
|
|
9.8 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44513 |
2020-12-18 11:10
|
boi.exe e339abb742db28e895091e1a4b97a521
VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName crashed |
|
|
|
|
11.0 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44514 |
2020-12-18 11:09
|
bear.jpg.exe 1d9dcacc61aaacca64e3776e9bb06e94
VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://paste.ee/r/5DfGL
https://paste.ee/r/nCYHY
|
2
paste.ee(172.67.219.133) - mailcious
172.67.219.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44515 |
2020-12-18 09:32
|
EIC.exe 8ee16e0b7c3b1121b4a2bc974de12a13
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt
https://api.ipify.org/
|
4
api.ipify.org(54.225.66.103)
crt.comodoca.com(91.199.212.52)
91.199.212.52
54.225.169.28
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.8 |
M |
8 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44516 |
2020-12-18 09:26
|
AQW.exe 3a6ac6822e16f878b966cac3365e12a0
VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process malicious URLs Windows ComputerName Cryptographic key crashed keylogger |
|
2
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.143) - mailcious
192.253.246.143
|
|
|
14.0 |
M |
38 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44517 |
2020-12-18 08:03
|
http://54.169.136.76/win/docum...
Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
54.169.136.76 - mailcious
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44518 |
2020-12-17 17:57
|
http://mute-saga-0240.lovesick... 7aa5769c35ee7fc6bf69d344890a95f1
Dridex Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://mute-saga-0240.lovesick.jp/WAH.exe
|
2
mute-saga-0240.lovesick.jp(163.44.185.199) - malware
163.44.185.199 - malware
|
4
ET POLICY PE EXE or DLL Windows file download HTTP
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
12 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44519 |
2020-12-17 17:42
|
631ec884e194a04ac89ae7db34ee2c... 631ec884e194a04ac89ae7db34ee2cdc
Vulnerability VirusTotal Malware wscript.exe payload download unpack itself malicious URLs |
|
2
www.hahae.co.kr(211.233.50.229) - mailcious
211.233.50.229 - malware
|
|
|
6.8 |
M |
20 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44520 |
2020-12-17 17:12
|
regasm.exe 8ffafa832e6e9a941c2b87a7c75d6d27
VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS crashed |
1
http://paratuseventos.cl/doc/nov16/index.php - rule_id: 152
|
3
paratuseventos.cl(162.214.123.251) - mailcious
162.214.123.251
20.43.94.199
|
|
1
http://paratuseventos.cl/doc/nov16/index.php
|
14.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|