45226 |
2024-06-10 10:10
|
loader-1001.exe 58ca6d5068fa4fed981cf5ef8a04e4d5 NSIS Generic Malware Downloader Malicious Library UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 Pow VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder Tofsee Windows ComputerName Cryptographic key crashed |
5
http://apps.identrust.com/roots/dstrootcax3.p7c https://cdn-edge-node.com/online_security_mkl.exe - rule_id: 39716 https://d22hce23hy1ej9.cloudfront.net/load/th.php?a=2836&c=1001 - rule_id: 39690 https://d2lvl7wmj7b91p.cloudfront.net/load/load.php?c=1001 https://d22hce23hy1ej9.cloudfront.net/load/dl.php?id=458&c=1001 - rule_id: 39689
|
9
d2lvl7wmj7b91p.cloudfront.net(54.230.169.96) d22hce23hy1ej9.cloudfront.net(13.225.110.70) - mailcious adblock2024.shop(104.21.43.83) - mailcious cdn-edge-node.com(104.21.11.117) - mailcious 54.230.169.11 172.67.165.254 - mailcious 121.254.136.18 13.225.110.102 172.67.176.247
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
3
https://cdn-edge-node.com/online_security_mkl.exe https://d22hce23hy1ej9.cloudfront.net/load/th.php https://d22hce23hy1ej9.cloudfront.net/load/dl.php
|
10.2 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45227 |
2024-06-10 10:37
|
DUU.exe e26a8ce5b2f2b9730cc15713a4b1d4a1 Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(104.26.13.205) 104.26.12.205
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45228 |
2024-06-11 07:36
|
dmshell.exe a62abdeb777a8c23ca724e7a2af2dbaa Metasploit Meterpreter Generic Malware PE64 PE File VirusTotal Malware DNS crashed |
|
1
|
|
|
3.6 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45229 |
2024-06-11 07:36
|
meta0906.exe 05a1e80be42d093214516f6862c84ad9 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45230 |
2024-06-11 07:39
|
conhost.exe 8378455f7c8a30d74b355adaf576a10b XMRig Miner Emotet Cryptocurrency Miner Suspicious_Script_Bin Generic Malware CoinHive Cryptocurrency task schedule Downloader Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate pri VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key |
4
http://147.45.47.81/xmrig.exe http://147.45.47.81/WatchDog.exe http://147.45.47.81/WinRing0x64.sys https://pastebin.com/raw/2qX4CwaY
|
3
pastebin.com(172.67.19.24) - mailcious 147.45.47.81 - malware 172.67.19.24 - mailcious
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 23 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
13.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45231 |
2024-06-11 07:43
|
License_counter.exe 25eef633906e50e331cbb6a2ab4e14a2 Generic Malware Malicious Library UPX PE File ftp PE32 OS Processor Check VirusTotal Malware Malicious Traffic ICMP traffic DNS |
1
http://silver-koala-77053.zap.cloud/cuko/pesk.php
|
3
silver-koala-77053.zap.cloud(109.230.238.72) 163.181.22.243 109.230.238.72
|
|
|
4.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45232 |
2024-06-11 08:14
|
Update.exe 99f4956e54717c033294558697b73fc6 Generic Malware Hide_EXE PDF Suspicious Link Malicious Library Malicious Packer UPX PE File ftp PE32 OS Processor Check DLL Emotet VirusTotal Malware AppData folder Ransomware Windows |
263
http://update.cg100iii.com/cg70/data3/128.bin http://update.cg100iii.com/cg70/api-ms-win-core-synch-l1-1-0.dll http://update.cg100iii.com/cg70/api-ms-win-crt-multibyte-l1-1-0.dll http://update.cg100iii.com/cg70/data3/112.bin http://update.cg100iii.com/cg70/cg70_submit.exe http://update.cg100iii.com/cg70/data3/156.bin http://update.cg100iii.com/cg70/data3/186.bin http://update.cg100iii.com/cg70/data3/234.bin http://update.cg100iii.com/cg70/data3/203.bin http://update.cg100iii.com/cg70/data3/168.bin http://update.cg100iii.com/cg70/data3/208.bin http://update.cg100iii.com/cg70/api-ms-win-core-processthreads-l1-1-0.dll http://update.cg100iii.com/cg70/data3/227.bin http://update.cg100iii.com/cg70/data3/246.bin http://update.cg100iii.com/cg70/data3/253.bin http://update.cg100iii.com/cg70/data3/193.bin http://update.cg100iii.com/cg70/api-ms-win-crt-heap-l1-1-0.dll http://update.cg100iii.com/cg70/data3/2.bin http://update.cg100iii.com/cg70/data3/102.bin http://update.cg100iii.com/cg70/data3/260.bin http://update.cg100iii.com/cg70/data3/184.bin http://update.cg100iii.com/cg70/data3/22.bin http://update.cg100iii.com/cg70/data3/242.bin http://update.cg100iii.com/cg70/data3/164.bin http://update.cg100iii.com/cg70/data3/257.bin http://update.cg100iii.com/cg70/data3/170.bin http://update.cg100iii.com/cg70/data3/279.bin http://update.cg100iii.com/cg70/data3/126.bin http://update.cg100iii.com/cg70/data3/212.bin http://update.cg100iii.com/cg70/data3/171.bin http://update.cg100iii.com/cg70/data3/202.bin http://update.cg100iii.com/cg70/data3/280.bin http://update.cg100iii.com/cg70/data3/24.bin http://update.cg100iii.com/cg70/data3/133.bin http://update.cg100iii.com/cg70/data3/258.bin http://update.cg100iii.com/cg70/Qt5Sql.dll http://update.cg100iii.com/cg70/data3/182.bin http://update.cg100iii.com/cg70/data3/268.bin http://update.cg100iii.com/cg70/data3/122.bin http://update.cg100iii.com/cg70/data3/141.bin http://update.cg100iii.com/cg70/data3/270.bin http://update.cg100iii.com/cg70/data3/110.bin http://update.cg100iii.com/cg70/data3/214.bin http://update.cg100iii.com/cg70/data3/181.bin http://update.cg100iii.com/cg70/data3/151.bin http://update.cg100iii.com/cg70/api-ms-win-core-string-l1-1-0.dll http://update.cg100iii.com/cg70/data3/272.bin http://update.cg100iii.com/cg70/data3/211.bin http://update.cg100iii.com/cg70/api-ms-win-core-namedpipe-l1-1-0.dll http://update.cg100iii.com/cg70/data3/259.bin http://update.cg100iii.com/cg70/data3/183.bin http://update.cg100iii.com/cg70/data3/269.bin http://update.cg100iii.com/cg70/data3/105.bin http://update.cg100iii.com/cg70/data3/231.bin http://update.cg100iii.com/cg70/data3/18.bin http://update.cg100iii.com/cg70/data3/12.bin http://update.cg100iii.com/cg70/data3/273.bin http://update.cg100iii.com/cg70/data3/160.bin http://update.cg100iii.com/cg70/data3/188.bin http://update.cg100iii.com/cg70/data3/111.bin http://update.cg100iii.com/cg70/data3/262.bin http://update.cg100iii.com/cg70/data3/163.bin http://update.cg100iii.com/cg70/data3/19.bin http://update.cg100iii.com/cg70/data3/119.bin http://update.cg100iii.com/cg70/data3/281.bin http://update.cg100iii.com/cg70/data3/152.bin http://update.cg100iii.com/cg70/Qt5Widgets.dll http://update.cg100iii.com/cg70/data3/153.bin http://update.cg100iii.com/cg70/data3/215.bin http://update.cg100iii.com/cg70/data3/150.bin http://update.cg100iii.com/cg70/data3/174.bin http://update.cg100iii.com/cg70/data3/120.bin http://update.cg100iii.com/cg70/api-ms-win-core-synch-l1-2-0.dll http://update.cg100iii.com/cg70/data3/274.bin http://update.cg100iii.com/cg70/data3/200.bin http://update.cg100iii.com/cg70/data3/109.bin http://update.cg100iii.com/cg70/api-ms-win-crt-environment-l1-1-0.dll http://update.cg100iii.com/cg70/data3/277.bin http://update.cg100iii.com/cg70/data3/146.bin http://update.cg100iii.com/cg100/update.ini http://update.cg100iii.com/cg70/data3/284.bin http://update.cg100iii.com/cg70/data3/220.bin http://update.cg100iii.com/cg70/cryptopp.dll http://update.cg100iii.com/cg70/data3/239.bin http://update.cg100iii.com/cg70/data3/130.bin http://update.cg100iii.com/cg70/data3/204.bin http://update.cg100iii.com/cg70/api-ms-win-core-interlocked-l1-1-0.dll http://update.cg100iii.com/cg70/data3/209.bin http://update.cg100iii.com/cg70/data3/244.bin http://update.cg100iii.com/cg70/data3/14.bin http://update.cg100iii.com/cg70/data3/25.bin http://update.cg100iii.com/cg70/data3/132.bin http://update.cg100iii.com/cg70/api-ms-win-core-profile-l1-1-0.dll http://update.cg100iii.com/cg70/data3/115.bin http://update.cg100iii.com/cg70/data3/224.bin http://update.cg100iii.com/cg70/data3/13.bin http://update.cg100iii.com/cg70/Qt5Network.dll http://update.cg100iii.com/cg70/CG70.exe http://update.cg100iii.com/cg70/api-ms-win-crt-string-l1-1-0.dll http://update.cg100iii.com/cg70/data3/100.bin http://update.cg100iii.com/cg70/api-ms-win-crt-private-l1-1-0.dll http://update.cg100iii.com/cg70/data3/114.bin http://update.cg100iii.com/cg70/data3/11.bin http://update.cg100iii.com/cg70/data3/26.bin http://update.cg100iii.com/cg70/Qt5Core.dll http://update.cg100iii.com/cg70/data3/147.bin http://update.cg100iii.com/cg70/data3/139.bin http://update.cg100iii.com/cg70/data3/232.bin http://update.cg100iii.com/cg70/data3/217.bin http://update.cg100iii.com/cg70/data3/104.bin http://update.cg100iii.com/cg70/data3/256.bin http://update.cg100iii.com/cg70/data3/176.bin http://update.cg100iii.com/cg70/data3/254.bin http://update.cg100iii.com/cg70/data3/240.bin http://update.cg100iii.com/cg70/data3/191.bin http://update.cg100iii.com/cg70/data3/118.bin http://update.cg100iii.com/cg70/data3/233.bin http://update.cg100iii.com/cg70/data3/243.bin http://update.cg100iii.com/cg70/data3/222.bin http://update.cg100iii.com/cg70/data3/213.bin http://update.cg100iii.com/cg70/data3/265.bin http://update.cg100iii.com/cg70/Qt5SerialPort.dll http://update.cg100iii.com/cg70/data3/194.bin http://update.cg100iii.com/cg70/api-ms-win-core-sysinfo-l1-1-0.dll http://update.cg100iii.com/cg70/data3/255.bin http://update.cg100iii.com/cg70/data3/121.bin http://update.cg100iii.com/cg70/data3/179.bin http://update.cg100iii.com/cg70/data3/237.bin http://update.cg100iii.com/cg70/data3/177.bin http://update.cg100iii.com/cg70/data3/248.bin http://update.cg100iii.com/cg70/api-ms-win-core-processenvironment-l1-1-0.dll http://update.cg100iii.com/cg70/data3/226.bin http://update.cg100iii.com/cg70/data3/201.bin http://update.cg100iii.com/cg70/Qt5Gui.dll http://update.cg100iii.com/cg70/data3/140.bin http://update.cg100iii.com/cg70/data3/205.bin http://update.cg100iii.com/cg70/data3/16.bin http://update.cg100iii.com/cg70/data3/207.bin http://update.cg100iii.com/cg70/data3/106.bin http://update.cg100iii.com/cg70/data3/247.bin http://update.cg100iii.com/cg70/data3/124.bin http://update.cg100iii.com/cg70/data3/252.bin http://update.cg100iii.com/cg70/data3/131.bin http://update.cg100iii.com/cg70/api-ms-win-crt-convert-l1-1-0.dll http://update.cg100iii.com/cg70/data3/263.bin http://update.cg100iii.com/cg70/data3/165.bin http://update.cg100iii.com/cg70/data3/251.bin http://update.cg100iii.com/cg70/data3/125.bin http://update.cg100iii.com/cg70/data3/261.bin http://update.cg100iii.com/cg70/api-ms-win-core-file-l1-2-0.dll http://update.cg100iii.com/cg70/data3/143.bin http://update.cg100iii.com/cg70/api-ms-win-core-debug-l1-1-0.dll http://update.cg100iii.com/cg70/data3/283.bin http://update.cg100iii.com/cg70/data3/23.bin http://update.cg100iii.com/cg70/data3/219.bin http://update.cg100iii.com/cg70/data3/276.bin http://update.cg100iii.com/cg70/api-ms-win-core-heap-l1-1-0.dll http://update.cg100iii.com/cg70/api-ms-win-core-timezone-l1-1-0.dll http://update.cg100iii.com/cg70/data3/185.bin http://update.cg100iii.com/cg70/api-ms-win-crt-conio-l1-1-0.dll http://update.cg100iii.com/cg70/data3/173.bin http://update.cg100iii.com/cg70/data3/198.bin http://update.cg100iii.com/cg70/data3/21.bin http://update.cg100iii.com/cg70/data3/230.bin http://update.cg100iii.com/cg70/data3/166.bin http://update.cg100iii.com/cg70/data3/285.bin http://update.cg100iii.com/cg70/data3/235.bin http://update.cg100iii.com/cg70/data3/282.bin http://update.cg100iii.com/cg70/data3/216.bin http://update.cg100iii.com/cg70/data3/172.bin http://update.cg100iii.com/cg70/data3/210.bin http://update.cg100iii.com/cg70/data3/1.bin http://update.cg100iii.com/cg70/data3/197.bin http://update.cg100iii.com/cg70/data3/267.bin http://update.cg100iii.com/cg70/data3/180.bin http://update.cg100iii.com/cg70/api-ms-win-core-rtlsupport-l1-1-0.dll http://update.cg100iii.com/cg70/data3/264.bin http://update.cg100iii.com/cg70/data3/129.bin http://update.cg100iii.com/cg70/api-ms-win-crt-locale-l1-1-0.dll http://update.cg100iii.com/cg70/data3/278.bin http://update.cg100iii.com/cg70/data3/10.bin http://update.cg100iii.com/cg70/data3/196.bin http://update.cg100iii.com/cg70/data3/266.bin http://update.cg100iii.com/cg70/data3/225.bin http://update.cg100iii.com/cg70/data3/20.bin http://update.cg100iii.com/cg70/api-ms-win-core-memory-l1-1-0.dll http://update.cg100iii.com/cg70/data3/137.bin http://update.cg100iii.com/cg70/api-ms-win-crt-math-l1-1-0.dll http://update.cg100iii.com/cg70/data3/107.bin http://update.cg100iii.com/cg70/api-ms-win-core-util-l1-1-0.dll http://update.cg100iii.com/cg70/api-ms-win-crt-filesystem-l1-1-0.dll http://update.cg100iii.com/cg70/data3/192.bin http://update.cg100iii.com/cg70/data3/187.bin http://update.cg100iii.com/cg70/data3/245.bin http://update.cg100iii.com/cg70/data3/113.bin http://update.cg100iii.com/cg70/data3/155.bin http://update.cg100iii.com/cg70/api-ms-win-crt-process-l1-1-0.dll http://update.cg100iii.com/cg70/update.ini http://update.cg100iii.com/cg70/api-ms-win-core-libraryloader-l1-1-0.dll http://update.cg100iii.com/cg70/data3/161.bin http://update.cg100iii.com/cg70/api-ms-win-core-console-l1-1-0.dll http://update.cg100iii.com/cg70/data3/206.bin http://update.cg100iii.com/cg70/data3/162.bin http://update.cg100iii.com/cg70/data3/221.bin http://update.cg100iii.com/cg70/data3/134.bin http://update.cg100iii.com/cg70/data3/238.bin http://update.cg100iii.com/cg70/data3/218.bin http://update.cg100iii.com/cg70/data3/249.bin http://update.cg100iii.com/cg70/data3/108.bin http://update.cg100iii.com/cg70/api-ms-win-core-datetime-l1-1-0.dll http://update.cg100iii.com/cg70/data3/103.bin http://update.cg100iii.com/cg70/data3/241.bin http://update.cg100iii.com/cg70/data3/275.bin http://update.cg100iii.com/cg70/data3/236.bin http://update.cg100iii.com/cg70/data3/169.bin http://update.cg100iii.com/cg70/data3/27.bin http://update.cg100iii.com/cg70/api-ms-win-core-errorhandling-l1-1-0.dll http://update.cg100iii.com/cg70/data3/189.bin http://update.cg100iii.com/cg70/api-ms-win-crt-utility-l1-1-0.dll http://update.cg100iii.com/cg70/data3/28.bin http://update.cg100iii.com/cg70/data3/15.bin http://update.cg100iii.com/cg70/data3/149.bin http://update.cg100iii.com/cg70/data3/159.bin http://update.cg100iii.com/cg70/Qt5Xml.dll http://update.cg100iii.com/cg70/api-ms-win-crt-runtime-l1-1-0.dll http://update.cg100iii.com/cg70/data3/271.bin http://update.cg100iii.com/cg70/data3/116.bin http://update.cg100iii.com/cg70/data3/195.bin http://update.cg100iii.com/cg70/api-ms-win-core-handle-l1-1-0.dll http://update.cg100iii.com/cg70/data3/148.bin http://update.cg100iii.com/cg70/data3/142.bin http://update.cg100iii.com/cg70/data3/190.bin http://update.cg100iii.com/cg70/data3/145.bin http://update.cg100iii.com/cg70/data3/158.bin http://update.cg100iii.com/cg70/data3/157.bin http://update.cg100iii.com/cg70/api-ms-win-core-file-l1-1-0.dll http://update.cg100iii.com/cg70/data3/117.bin http://update.cg100iii.com/cg70/data3/101.bin http://update.cg100iii.com/cg70/VMProtectSDK32.dll http://update.cg100iii.com/cg70/data3/167.bin http://update.cg100iii.com/cg70/data3/127.bin http://update.cg100iii.com/cg70/Update.exe http://update.cg100iii.com/cg70/data3/250.bin http://update.cg100iii.com/cg70/api-ms-win-core-file-l2-1-0.dll http://update.cg100iii.com/cg70/data3/199.bin http://update.cg100iii.com/cg70/api-ms-win-crt-time-l1-1-0.dll http://update.cg100iii.com/cg70/api-ms-win-core-processthreads-l1-1-1.dll http://update.cg100iii.com/cg70/data3/136.bin http://update.cg100iii.com/cg70/data3/138.bin http://update.cg100iii.com/cg70/data3/154.bin http://update.cg100iii.com/cg70/data3/17.bin http://update.cg100iii.com/cg70/data3/123.bin http://update.cg100iii.com/cg70/api-ms-win-core-localization-l1-2-0.dll http://update.cg100iii.com/cg70/data3/229.bin http://update.cg100iii.com/cg70/api-ms-win-crt-stdio-l1-1-0.dll http://update.cg100iii.com/cg70/data3/228.bin http://update.cg100iii.com/cg70/data3/223.bin http://update.cg100iii.com/cg70/Qt5Svg.dll http://update.cg100iii.com/cg70/data3/175.bin http://update.cg100iii.com/cg70/data3/135.bin http://update.cg100iii.com/cg70/data3/178.bin http://update.cg100iii.com/cg70/data3/144.bin http://update.cg100iii.com/cg70/cg100xcon.dll
|
4
update.cg100iii.com(163.181.22.248) - malware 163.181.22.243 163.181.22.241 - mailcious 163.181.22.250
|
4
ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET HUNTING Suspicious Windows Executable CreateRemoteThread ET HUNTING Suspicious Windows Executable WriteProcessMemory
|
|
4.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45233 |
2024-06-11 09:19
|
payload.dll 43296c4ac197f6feae234bb99e90ad57 PE File DLL PE32 VirusTotal Malware |
|
|
|
|
1.2 |
|
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45234 |
2024-06-11 09:22
|
alpha.doc 4447ab2143a08d8b67f131c4cbd9c316 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash suspicious TLD Tofsee Exploit DNS crashed |
1
https://dukeenergyltd.top/alpha.scr
|
2
dukeenergyltd.top(104.21.25.202) - malware 104.21.25.202 - malware
|
2
ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45235 |
2024-06-11 10:45
|
Update.exe 41ba5678a81003f4f12cfda4c800f61f Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45236 |
2024-06-11 10:50
|
payload.dll 43296c4ac197f6feae234bb99e90ad57 Swrort DLL PE32 PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
61 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45237 |
2024-06-11 13:20
|
lionsisthekingofjunglewhosuffe... b308dd4cfaa85d4a22260a2ce88e1995 MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself suspicious TLD Windows Exploit DNS crashed |
10
http://www.okbharat.best/976u/ http://www.zonenail.info/kscn/ http://www.ndhockeyprospects.com/nce6/ http://www.qmancha.com/3in6/?bpJV1=Beo4F/wq8RdFDjebenLVh1oh+SsijMMrNdTrW7vwt6cBBJ1fMwEG0WxeA2f1nEETpN0HaKEkhCdRxKMYT9GVIb1Qk4T9/iqI4C7vv4jwJXrQCG5wm9ARkKUWCiZrxjNW2BHClOI=&g3=qedanjXf http://www.sqlite.org/2016/sqlite-dll-win32-x86-3150000.zip http://192.210.150.27/70900/igcc.exe http://www.okbharat.best/976u/?bpJV1=LcbIMBKHrUlu6g36gJU23TxUSIJAA5AqBqn1SkrzjOBWV2IrUom/tsrs3RyqUrSaLemFBOJ7TmllXwKY80NR6NzS+gvYpvUSBVMnPSE4hVLeR8H3LdJOpDvLkImWKIGeyON+i8w=&g3=qedanjXf http://www.qmancha.com/3in6/ http://www.ndhockeyprospects.com/nce6/?bpJV1=Ed8kY/rwObA0p5m52hiI4RbFb4piSGCiAjj4r6cZewWhLhgYO7hQxr4Ktdnsbj/KbLEakTji3+PsoJkJr+OK9dvqH1O4J4rEJBexZAekH82LW43vkmO60QjQK3A42tDYMesvjS4=&g3=qedanjXf http://www.zonenail.info/kscn/?bpJV1=CaZls2vsCC5SEDZOsv4l4zf4+k7XWESK018fdyQAavLwN8o4xbvF+/9MEkivzCRJJ+i0yoaeSD7JhY7LWyyoD9eXusj8bKuymVSjXPAPasGwAQwm2megv9Qi6ADKkKSZzY0Zxl8=&g3=qedanjXf
|
12
www.12315fc.top() www.cloud-force.club() www.zonenail.info(66.29.145.248) www.okbharat.best(172.67.167.212) www.qmancha.com(202.95.21.152) www.ndhockeyprospects.com(162.241.253.174) 202.95.21.152 162.241.253.174 192.210.150.27 - malware 66.29.145.248 104.21.41.248 - malware 45.33.6.223
|
7
ET MALWARE FormBook CnC Checkin (GET) M5 ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a *.top domain - Likely Hostile
|
|
5.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45238 |
2024-06-11 13:27
|
c45d209f666f77d70bed61e6fca48b... c45d209f666f77d70bed61e6fca48bc2 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
2
https://dl.dropboxusercontent.com/scl/fi/lpoo2f42y7x5uy6druxa0/SoJYong.html?rlkey=ckv37q02rh9j1qsw7ed28bimv&st=64zsdvba&dl=0
https://dl.dropboxusercontent.com/scl/fi/gswgcmbktt1hthntozgep/SoJYong-F.txt?rlkey=n9xglo02xfnf14b9btgtw8aqi&st=w9zt1es5&dl=0
|
|
|
|
7.6 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45239 |
2024-06-11 13:34
|
cmdline.exe ca005ebe9454f30c2cedd73080677f56 Malicious Library Malicious Packer .NET framework(MSIL) .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.2 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45240 |
2024-06-11 13:37
|
강연의뢰서_ 엄구호 교수님 .docx.lnk... 52d073c181531c7f0b8b3aa764c6551d Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.4 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|