44506 |
2020-12-18 16:18
|
net.exe a5965a9592a240bcaaaaafdcfaef13d2 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself malicious URLs anti-virtualization installed browsers check Windows Browser ComputerName Cryptographic key |
|
|
|
|
6.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44507 |
2020-12-18 16:18
|
loader.hta eb55d80407a08dbfa854c7e6ebc7178a VirusTotal Malware malicious URLs |
|
|
|
|
1.8 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44508 |
2020-12-18 15:40
|
Jormungandr4.exe 13b9ee8bc19bde796a4c17a8e082e5a4 VirusTotal Malware Check memory RWX flags setting unpack itself DNS |
|
|
|
|
3.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44509 |
2020-12-18 15:40
|
jEgLNI40Ro9O775.exe 7f267b65bf69ce79699d4893158df1ce VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs |
6
http://www.whereinthezooareyou.com/e66m/?7n=DIL8tOhcg9HP3GwfV7qlioXlfu61iezVxIewch9gOr11yg86URjwoHMDV8tdy2sPgTSrBSzm&SZ=Y4C0ilYp7ZstNr7 http://www.helpwithutilitypaymentsnow.info/e66m/ http://www.helpwithutilitypaymentsnow.info/e66m/?7n=FEBAs7i0n4z6X0AiZh/5DZVdGmu7EkYB9YilD3B809caGLX74ShuCT+CLCnCyqApewF4Hhwd&SZ=Y4C0ilYp7ZstNr7 http://www.whereinthezooareyou.com/e66m/ http://www.momos-fast.com/e66m/ http://www.momos-fast.com/e66m/?7n=mxB+TmBlf/svbcyv5zfKBRhZ9+bTIZrwDTYgjpnV+ollFfetE9VJXIqqR6fiqHo7v3thMxx/&SZ=Y4C0ilYp7ZstNr7
|
10
www.galentherapeutics.com() www.helpwithutilitypaymentsnow.info(18.218.104.7) www.newsong.services() www.lavenderholdingsgroup.com() www.whereinthezooareyou.com(185.230.61.211) www.momos-fast.com(34.102.136.180) www.gazr.technology() 185.230.61.96 34.102.136.180 - mailcious 18.218.104.7
|
|
|
9.2 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44510 |
2020-12-18 12:16
|
CKC.exe 5fa29b2a0a86144477ff75ad70fe603d Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows Cryptographic key crashed |
8
http://api.ipify.org/ https://hastebin.com/raw/anapozaxem https://hastebin.com/raw/ohabiqahos https://hastebin.com/raw/litakejowi https://hastebin.com/raw/sosoreqiqe https://hastebin.com/raw/jolekimoso https://hastebin.com/raw/boyebaxako https://hastebin.com/raw/ejemahopop
|
4
api.ipify.org(54.225.220.115) hastebin.com(104.24.126.89) - mailcious 172.67.143.180 - mailcious 54.225.66.103
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup api.ipify.org
|
|
10.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44511 |
2020-12-18 12:13
|
Flash_Player_TW_v12.7.6.exe 68f1a2dc02dd729077427ff09c884eac VirusTotal Malware unpack itself malicious URLs crashed |
|
|
|
|
4.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44512 |
2020-12-18 11:21
|
boi.exe e339abb742db28e895091e1a4b97a521 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed |
|
|
|
|
9.8 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44513 |
2020-12-18 11:10
|
boi.exe e339abb742db28e895091e1a4b97a521 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName crashed |
|
|
|
|
11.0 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44514 |
2020-12-18 11:09
|
bear.jpg.exe 1d9dcacc61aaacca64e3776e9bb06e94 VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://paste.ee/r/5DfGL https://paste.ee/r/nCYHY
|
2
paste.ee(172.67.219.133) - mailcious 172.67.219.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44515 |
2020-12-18 09:32
|
EIC.exe 8ee16e0b7c3b1121b4a2bc974de12a13 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
4
api.ipify.org(54.225.66.103) crt.comodoca.com(91.199.212.52) 91.199.212.52 54.225.169.28
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.8 |
M |
8 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44516 |
2020-12-18 09:26
|
AQW.exe 3a6ac6822e16f878b966cac3365e12a0 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process malicious URLs Windows ComputerName Cryptographic key crashed keylogger |
|
2
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.143) - mailcious 192.253.246.143
|
|
|
14.0 |
M |
38 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44517 |
2020-12-18 08:03
|
http://54.169.136.76/win/docum... Dridex VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
1
54.169.136.76 - mailcious
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44518 |
2020-12-17 17:57
|
http://mute-saga-0240.lovesick... 7aa5769c35ee7fc6bf69d344890a95f1 Dridex Malware Code Injection Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://mute-saga-0240.lovesick.jp/WAH.exe
|
2
mute-saga-0240.lovesick.jp(163.44.185.199) - malware 163.44.185.199 - malware
|
4
ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
|
|
4.6 |
|
12 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44519 |
2020-12-17 17:42
|
631ec884e194a04ac89ae7db34ee2c... 631ec884e194a04ac89ae7db34ee2cdc Vulnerability VirusTotal Malware wscript.exe payload download unpack itself malicious URLs |
|
2
www.hahae.co.kr(211.233.50.229) - mailcious 211.233.50.229 - malware
|
|
|
6.8 |
M |
20 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44520 |
2020-12-17 17:12
|
regasm.exe 8ffafa832e6e9a941c2b87a7c75d6d27 VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS crashed |
1
http://paratuseventos.cl/doc/nov16/index.php - rule_id: 152
|
3
paratuseventos.cl(162.214.123.251) - mailcious 162.214.123.251 20.43.94.199
|
|
1
http://paratuseventos.cl/doc/nov16/index.php
|
14.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|