44701 |
2020-12-08 10:02
|
EGO.exe f084742f15cd553f5628cfd035c5ca7c VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName crashed |
|
|
|
|
9.8 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44702 |
2020-12-08 09:45
|
euremen.exe b076d449c2fa8d8f1d8b8b07254df976 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces malicious URLs suspicious TLD IP Check installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
4
http://checkip.amazonaws.com/ http://94.177.123.237:35200/IRemotePanel https://1ls32sh.worwokr.ru/RdeSWHLHdlCi https://api.ip.sb/geoip
|
11
WHOIS.APNIC.NET(172.104.77.201) checkip.amazonaws.com(34.193.115.2) whois.iana.org(192.0.32.59) 1ls32sh.worwokr.ru(81.177.165.230) api.ip.sb(172.67.75.172) 34.192.7.28 172.104.77.201 192.0.32.59 104.26.13.31 94.177.123.237 81.177.165.230 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request
|
|
15.6 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44703 |
2020-12-08 09:45
|
EGO.exe f084742f15cd553f5628cfd035c5ca7c Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed |
2
http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://api.ipify.org/
|
4
api.ipify.org(184.73.247.141) crt.comodoca.com(91.199.212.52) 91.199.212.52 54.235.142.93
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44704 |
2020-12-08 09:34
|
btc.exe 31d61cabf5e6f744076483baf9ac109c VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee ComputerName |
1
https://hastebin.com/raw/texisoweni
|
2
hastebin.com(172.67.143.180) - mailcious 172.67.143.180 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44705 |
2020-12-08 09:34
|
CleanAV.exe 9d2c4275faf224f74ff5dd4c7c22aab3 VirusTotal Malware MachineGuid Malicious Traffic Checks debugger malicious URLs Tofsee Advertising Google |
1
https://drive.google.com/uc?export=download&id=132Sn_Vz6FSHGfTnQuID81Nd8J9_UQev-
|
2
drive.google.com(172.217.26.46) - mailcious 216.58.199.14 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44706 |
2020-12-08 08:01
|
http://shgshgsndynationalobjin... 9971aba6d9eca7e79d711b0b59e1edef Dridex VirusTotal Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed Downloader |
1
http://shgshgsndynationalobjindustrialatsngpx.ydns.eu/shengdoc/vbc.exe
|
2
shgshgsndynationalobjindustrialatsngpx.ydns.eu(103.125.191.187) 103.125.191.187 - malware
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP
|
|
5.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44707 |
2020-12-07 18:33
|
FLActivator v.3.6.exe 439fe5699fa97546a36332a9480904ad Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs IP Check installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key crashed |
3
http://checkip.amazonaws.com/ http://176.31.198.8:35200/IRemotePanel https://api.ip.sb/geoip
|
10
WHOIS.APNIC.NET(172.104.77.201) checkip.amazonaws.com(52.20.197.7) whois.iana.org(192.0.32.59) api.ip.sb(104.26.13.31) 176.31.198.8 192.0.32.59 20.43.94.199 104.26.13.31 34.193.115.2 172.104.79.63
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.8 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44708 |
2020-12-07 18:27
|
Ableton Activator v.3.1.exe 26eae8f979649f0e1cb7de1c01562697 Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs IP Check installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key crashed |
3
http://checkip.amazonaws.com/ http://176.31.198.8:35200/IRemotePanel https://api.ip.sb/geoip
|
9
WHOIS.APNIC.NET(172.104.77.201) checkip.amazonaws.com(52.20.197.7) whois.iana.org(192.0.32.59) api.ip.sb(172.67.75.172) 172.104.77.201 176.31.198.8 192.0.32.59 18.209.89.50 104.26.13.31
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
16.4 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44709 |
2020-12-07 17:43
|
GIG.exe f3a6f885c0c3e7853e44dd9e013897ff VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName DNS Cryptographic key crashed |
|
|
|
|
12.2 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44710 |
2020-12-07 17:41
|
1_4_3.xls 890522e2846bc9ae0ee808db164ccdb5 Dridex VirusTotal Malware Creates executable files unpack itself malicious URLs Tofsee |
|
2
berlitzalahsa.sa(45.60.98.219) - malware 45.60.98.219
|
3
ET INFO TLS Handshake Failure ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
25 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44711 |
2020-12-07 14:20
|
xpertwar.exe 85063571eccad2a81103ea6603ba1e08 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory buffers extracted WMI Creates executable files unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Interception Windows Browser Email ComputerName DNS crashed |
|
4
google.ru(172.217.175.227) 195.140.214.82 - mailcious 172.217.25.3 192.3.194.245 - malware
|
5
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
12.4 |
M |
50 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44712 |
2020-12-07 14:07
|
xpertwar.exe 85063571eccad2a81103ea6603ba1e08 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory buffers extracted WMI Creates executable files unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Interception Windows Browser Email ComputerName DNS crashed |
|
4
google.ru(172.217.175.227) 216.58.220.195 195.140.214.82 - mailcious 192.3.194.245 - malware
|
5
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
12.4 |
M |
50 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44713 |
2020-12-07 13:38
|
xpertwar.exe 85063571eccad2a81103ea6603ba1e08 Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory buffers extracted WMI Creates executable files unpack itself malicious URLs AntiVM_Disk VM Disk Size Check human activity check installed browsers check Interception Windows Browser Email ComputerName DNS crashed |
|
4
google.ru(172.217.175.227) 195.140.214.82 - mailcious 172.217.24.35 192.3.194.245 - malware
|
5
ET INFO Executable Download from dotted-quad Host ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
12.4 |
M |
47 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44714 |
2020-12-07 11:45
|
conhost.exe a9e34ef1f1dd7f773bc6941d9b9e3ad9 VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files Windows utilities malicious URLs WriteConsoleW Windows keylogger |
|
2
cloudhost.myfirewall.org(79.134.225.105) - mailcious 79.134.225.105 - mailcious
|
|
|
8.6 |
M |
58 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44715 |
2020-12-07 11:24
|
xzx.exe aed69bded2c5920724549a7112b9fecb VirusTotal Malware Check memory Checks debugger unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
5.6 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|