44836 |
2024-06-04 07:26
|
legendainstalls.exe da85889e565ecc8279c0d3b12ea0b40b Generic Malware UPX Malicious Library Malicious Packer PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder WriteConsoleW crashed |
|
|
|
|
3.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44837 |
2024-06-04 07:29
|
win.exe f74e8a071b955f39231c4c209e30f1a3 Malicious Library Malicious Packer Antivirus UPX PE64 PE File OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44838 |
2024-06-04 07:31
|
kano.exe 439dafb5ed95e1036a120948e7996ea0 Malicious Packer Anti_VM PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
5
ipinfo.io(34.117.186.192) db-ip.com(104.26.4.15) 172.67.75.166 147.45.47.126 - mailcious 34.117.186.192
|
8
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity)
|
|
12.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44839 |
2024-06-04 07:33
|
amm.exe 66d2e8e0fbc5b35bb09587834841f50e Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44840 |
2024-06-04 07:35
|
0603.exe d4bed9420bd66fbf3c483e1dacabb726 Gen1 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB RWX flags setting unpack itself Remote Code Execution DNS |
|
1
204.137.14.135 - mailcious
|
|
|
3.4 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44841 |
2024-06-04 07:37
|
igcc.exe cfaef1fbcfc3a09ccc8baf621b681025 AgentTesla Malicious Library .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed |
1
|
4
api.ipify.org(172.67.74.152) 172.67.75.166 204.137.14.135 - mailcious 172.67.74.152
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44842 |
2024-06-04 09:13
|
ATHM.txt.exe 4cadcfbc01966e7247d9baa9c39ad5bf Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS keylogger |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50) 107.172.31.6 - mailcious 178.237.33.50
|
2
ET MALWARE Remcos 3.x Unencrypted Checkin ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
11.8 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44843 |
2024-06-04 09:25
|
lionsareinternationallykingoft... 99e65c433745f1db70b929bf97d855c7 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
3
http://103.182.19.148/700911/lionandtigetpictureinhighqualities.bmp
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/mCWhT
|
6
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware 103.182.19.148 - malware
172.67.187.200 - mailcious
61.111.58.35 - malware
172.67.215.45 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
|
|
4.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44844 |
2024-06-04 09:25
|
ocean.scr fe4ebc62a5498c4d43699abe554febb0 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) UPX ScreenShot Create Service Socket Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebug An Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) oceansss.duckdns.org(103.186.117.142) 178.237.33.50 103.186.117.142
|
4
ET MALWARE Remcos 3.x Unencrypted Checkin ET MALWARE Remcos 3.x Unencrypted Server Response ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
14.0 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44845 |
2024-06-04 09:27
|
X.vbs d5313cc18e38615e3a8eb94ea331cf1d Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://pastebin.com/raw/BjDYewiY
https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634
|
5
pastebin.com(104.20.3.235) - mailcious
uploaddeimagens.com.br(104.21.45.138) - malware 104.20.3.235 - malware
114.108.166.96
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44846 |
2024-06-04 09:33
|
avg_secure_browser_setup.exe 60feb08011db31607cee2a5bc1f2206f HermeticWiper NSIS Generic Malware PhysicalDrive Malicious Library UPX Malicious Packer PE File PE32 DLL DllRegisterServer dll OS Processor Check PE64 MSOffice File CAB Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications Auto service Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion anti-virtualization VM Disk Size Check installed browsers check Tofsee Ransomware Fortinet Windows Browser ComputerName Firmware DNS |
5
http://update.avgbrowser.com/service/update2 http://apps.identrust.com/roots/dstrootcax3.p7c http://update.avgbrowser.com/service/update2?cup2key=9:283269675&cup2hreq=aa761c4c78c12df5c3450c172e959808e6ee2cca746d691e17a93b16d42cf812 http://browser-update.avg.com/browser-avg/win/x64/109.0.24111.121/AVGBrowserInstaller.exe https://stats.securebrowser.com/?_=1717476269278&retry_tracking_count=0&last_request_error_code=0&last_request_error_message=&last_request_status=0&last_request_system_error=0&request_proxy=0
|
8
update.avgbrowser.com(104.22.63.125) stats.securebrowser.com(104.20.86.8) browser-update.avg.com(104.100.168.72) 104.22.62.125 104.20.87.8 114.108.166.82 103.186.117.142 23.52.128.157
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP
|
|
21.0 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44847 |
2024-06-04 09:57
|
StatRKZU.msi b896c2b2ae51f7100a342c73f5062896 MSOffice File CAB VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check ComputerName |
|
|
|
|
3.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44848 |
2024-06-04 10:14
|
StatRKZU.msi b896c2b2ae51f7100a342c73f5062896 ScreenShot AntiDebug AntiVM MSOffice File CAB Lnk Format GIF Format Malware download NetWireRC VirusTotal Email Client Info Stealer Malware Campaign suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Konni Browser RAT Email ComputerName |
3
http://victory-2024.mywebcommunity.org/dn.php?name=TEST22-PC&prefix=tt http://victory-2024.mywebcommunity.org/up.php?name=TEST22-PC http://victory-2024.mywebcommunity.org/dn.php?name=TEST22-PC&prefix=cc%20(0)
|
2
victory-2024.mywebcommunity.org(185.176.43.110) 185.176.43.110 - mailcious
|
3
ET MALWARE Konni RAT Querying CnC for Commands ET MALWARE TA406 Win32/Updog CnC Checkin ET MALWARE MalDoc/Konni APT CnC Activity (GET) M1
|
|
6.8 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44849 |
2024-06-04 10:19
|
temp1.zip 25d2fe0a75b2e677c1ce76e732c5b59c ZIP Format VirusTotal Malware IP Check Tofsee DNS |
|
4
ipinfo.io(34.117.186.192) grupotecnosege.likescandy.com(92.205.226.128) 92.205.226.128 34.117.186.192
|
6
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO DYNAMIC_DNS Query to a *.likescandy .com Domain ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io) SURICATA Applayer Wrong direction first Data
|
|
2.0 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44850 |
2024-06-04 11:06
|
BjDYewiY.vbs 7b5b8d04475bc1ebbb77601f57e3e625 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634
https://paste.ee/d/mtmOb/0
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 61.111.58.34 - malware
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|