45211 |
2024-06-09 09:34
|
nc.exe ba1a8e79b0354e180c88350f2fd965fe PE File PE32 VirusTotal Malware WriteConsoleW |
|
|
|
|
2.4 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45212 |
2024-06-09 09:34
|
RunasCs_net2.exe 92e567d0590f2763960910e4bb85a871 Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45213 |
2024-06-09 09:36
|
chat.exe 4c0deb28ba6ff90d8dcd8113b494442b Malicious Library PE64 PE File VirusTotal Malware RWX flags setting DNS crashed |
|
1
|
|
|
4.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45214 |
2024-06-09 09:36
|
svchost.exe 2de9a9ecf306c424eab7ace09227090f Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
2.0 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45215 |
2024-06-09 09:38
|
SharpHound.ps1 310d06e1da8a16b5121ead4874f634fa Generic Malware Antivirus VirusTotal Malware Check memory unpack itself |
|
|
|
|
1.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45216 |
2024-06-09 09:39
|
work.exe fcd2251a8050b590a00cfe90dde9bd4c Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 VirusTotal Malware AutoRuns Creates executable files RWX flags setting unpack itself AppData folder Windows crashed |
|
|
|
|
4.0 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45217 |
2024-06-09 14:24
|
Satin06.exe 09ab6049a1abaac4ce2aef0dc60b6b6d Formbook Gen1 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume Cry FormBook Browser Info Stealer Malware download VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser DNS |
21
http://www.antonio-vivaldi.mobi/fo8o/?-g=PTl5gU/3CD/Xhg5KAVLGoeqWcilDUK5FTZuVmm6gfrwSjnBrSraU5xyBGUoA1k9xMbAGIU7PLJqf1PTsNd74L3d6+NgzbyGN2pTsiSyIeh1B8hC/nFfIu9UZrk9ku3J39HvVUu8=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39855 http://www.magmadokum.com/fo8o/ - rule_id: 39856 http://www.magmadokum.com/fo8o/?-g=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39856 http://www.3xfootball.com/fo8o/ - rule_id: 39852 http://www.donnavariedades.com/fo8o/ - rule_id: 39861 http://www.donnavariedades.com/fo8o/?-g=l+301ZvITCxaX9AA7VU8BaNl0giE4t3JgzctOQx29qSsrxX8kw490hU6vymbZWA2w8GmYCogcgx/MI4pNd8ITQiOXzox9fl9oCNBaJd4bIe7oyUKC5LhLVNYvjLZULJxgsfERiI=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39861 http://www.3xfootball.com/fo8o/?-g=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39852 http://www.rssnewscast.com/fo8o/ - rule_id: 39857 http://www.techchains.info/fo8o/ - rule_id: 39858 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip http://www.techchains.info/fo8o/?-g=vefd0teQh+kbruh+iKW53cdcsQD4oFyRDgCUoL90YCYLczV+Hcc/VZ2eVbboy/u5EgiS3CnxBclKZHyNJ/4ALr08/A/SWk5lVGufGp2P4fG4f3GonqE4cYuaa0/JNC0RZIlRWrU=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39858 http://www.elettrosistemista.zip/fo8o/ - rule_id: 39860 http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.kasegitai.tokyo/fo8o/ - rule_id: 39853 http://www.antonio-vivaldi.mobi/fo8o/ - rule_id: 39855 http://www.rssnewscast.com/fo8o/?-g=x3jV/ECx7FuzXOI+6CNaISj98UIEn47HyCIVaqWvGMMqpfz0YC5wNp/pxM1zEFNKv4nPeGfT8/lZrDaJmccs4488pD+gaHK32CxgTEs5a2vdBlM4hQBa8nlaMF5vesFSU19kJNk=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39857 http://www.kasegitai.tokyo/fo8o/?-g=0LNqIGaAWMhMIMLOr1FzuAu+QFTp+Isr9lFre+yu3/9GvRNYi1uHghhDsQ/pqDAQ+wkUrFUIurr7TLyDqzId9vCn3h40hICDSYZjejM1bTxHHnFMxARLyMCZMUhSp6GMEGHL0HI=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39853 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.elettrosistemista.zip/fo8o/?-g=bO1UBvtoHFNUmlWB73HniX/lRhcpQxU1qF418M7UHpKKa2cgLZsmK6mwaSCrivds7LXL3uoK+MTOMGhYNdwtdjBMQu6yx1bfgOYvdpbzJPd/eSD2kHjCkD+QxgbYBRdZBXmxn1k=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39860 http://www.goldenjade-travel.com/fo8o/?-g=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&ZaB=wt4TDEIUNob0tE3R - rule_id: 39854
|
20
www.elettrosistemista.zip(195.110.124.133) - mailcious www.liangyuen528.com() - mailcious www.magmadokum.com(85.159.66.93) - mailcious www.techchains.info(66.29.149.46) - mailcious www.donnavariedades.com(23.227.38.74) - mailcious www.kasegitai.tokyo(202.172.28.202) - mailcious www.3xfootball.com(154.215.72.110) - mailcious www.goldenjade-travel.com(116.50.37.244) - mailcious www.antonio-vivaldi.mobi(46.30.213.191) - mailcious www.rssnewscast.com(91.195.240.94) - mailcious 202.172.28.202 - mailcious 85.159.66.93 - mailcious 116.50.37.244 - mailcious 195.110.124.133 - mailcious 46.30.213.191 - mailcious 66.29.149.46 - mailcious 45.33.6.223 23.227.38.74 - mailcious 91.195.240.94 - phishing 154.215.72.110 - mailcious
|
3
ET INFO Observed DNS Query to .zip TLD ET INFO HTTP Request to a *.zip Domain ET MALWARE FormBook CnC Checkin (GET) M5
|
18
http://www.antonio-vivaldi.mobi/fo8o/ http://www.magmadokum.com/fo8o/ http://www.magmadokum.com/fo8o/ http://www.3xfootball.com/fo8o/ http://www.donnavariedades.com/fo8o/ http://www.donnavariedades.com/fo8o/ http://www.3xfootball.com/fo8o/ http://www.rssnewscast.com/fo8o/ http://www.techchains.info/fo8o/ http://www.techchains.info/fo8o/ http://www.elettrosistemista.zip/fo8o/ http://www.goldenjade-travel.com/fo8o/ http://www.kasegitai.tokyo/fo8o/ http://www.antonio-vivaldi.mobi/fo8o/ http://www.rssnewscast.com/fo8o/ http://www.kasegitai.tokyo/fo8o/ http://www.elettrosistemista.zip/fo8o/ http://www.goldenjade-travel.com/fo8o/
|
7.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45218 |
2024-06-09 15:57
|
8910.unp.exe f8d212919820b46438d8b921fd6e0857 UPX PE File PE32 OS Processor Check |
|
|
|
|
0.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45219 |
2024-06-10 10:01
|
update.exe 5d0fb9d3fcf1a559a5a346ce92cab568 Themida Packer PE64 PE File VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
3.0 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45220 |
2024-06-10 10:01
|
putty.exe 744f16da7768ed9f66393cb57f760746 PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency |
|
2
de-zephyr.miningocean.org(162.19.241.67) 162.19.241.67
|
1
ET POLICY Cryptocurrency Miner Checkin
|
|
1.4 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45221 |
2024-06-10 10:02
|
sapsan.exe 53099afa75043ea832b64db81231caff Generic Malware Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware Check memory crashed |
|
|
|
|
2.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45222 |
2024-06-10 10:04
|
loki.exe 94af29468388f69f7cb8332883e5e88e Generic Malware Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed |
1
http://tampabayllc.top/teamb/five/fre.php
|
3
tampabayllc.top(104.21.46.21) 172.67.222.157 - malware 162.19.241.67
|
6
ET DNS Query to a *.top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a *.top domain ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1
|
|
8.6 |
M |
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45223 |
2024-06-10 10:05
|
timeSync.exe 8f709d3db81945c2261c46827a83d33b Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45224 |
2024-06-10 10:06
|
Ucxnbz.exe 9399f672f1d34d17a26a1a6336cfdf6a .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows |
|
2
panel.xxxx.uz(46.226.160.88) 46.226.160.88
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45225 |
2024-06-10 10:08
|
Nngraprczwe.exe 9e57a1210d8f8c3be8e109e888eb1cc4 .NET framework(MSIL) PE File .NET EXE PE32 Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows |
|
2
panel.xxxx.uz(46.226.160.88) 46.226.160.88
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|