| 45661 |
2024-06-29 15:37
|
 loaded28062024.exe 3db7f780cfc50d086820b95947a61e59
Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key |
|
|
|
|
4.4 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45662 |
2024-06-29 15:39
|
 amadka.exe 7858fdd5d237ed2531bb9d0ac0a756bc
PE File PE32 Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Checks debugger unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows DNS crashed |
2
http://77.91.77.82/Hun4Ko/index.php
http://77.91.77.81/stealc/random.exe
|
2
77.91.77.82 - malware
77.91.77.81 - mailcious
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 8
ET MALWARE Amadey Bot Activity (POST)
|
|
10.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45663 |
2024-06-30 20:07
|
 space.php 67cef2b94174d0883a8e8b9ad9c217c7
Client SW User Data Stealer LokiBot RedLine stealer ftp Client info stealer Malicious Library Malicious Packer .NET framework(MSIL) UPX ASPack Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
2
https://steamcommunity.com/profiles/76561199707802586
https://t.me/g067n
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(23.59.200.146) - mailcious
149.154.167.99 - mailcious
65.109.243.105
23.1.179.144 - mailcious
|
3
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
16.4 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45664 |
2024-06-30 23:34
|
https://t.co/WRGTyuOptG 5d97f0c23481feb8b29ced43e5391035
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
t.co(117.18.232.195) - phishing
117.18.232.195 - phishing
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45665 |
2024-06-30 23:34
|
https://t.co/XCgLbVc0am b88f184324bab0b6c8aa74de052a7b34
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
2
t.co(117.18.232.195) - phishing
117.18.232.195 - phishing
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45666 |
2024-07-01 09:23
|
 wmi.jpg.exe 3d3aedfaeaf39544ff74fe6fe4541fc2
PE File PE32 Malware download VirusTotal Malware SMB Traffic Potential Scan AutoRuns Malicious Traffic Check memory Creates executable files ICMP traffic RWX flags setting Windows utilities suspicious TLD WriteConsoleW Firewall state off Windows DNS DDNS Downloader |
10
http://down.ftp21.cc/Update.txt
http://ssl.ftp21.cc/445.jpg
http://43.198.152.240:8080/api/node/ip_validate
http://118.184.169.48/dyndns/getip
http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe
http://hook.ftp21.cc/MpMgSvc.dll
http://45.113.194.127/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8
http://hook.ftp21.cc/MpMgSvc.jpg
http://hook.ftp21.cc/Hooks.jpg
http://hook.ftp21.cc/64.jpg
|
28
gtxvdqvuweqs.com(16.162.201.176)
members.3322.org(118.184.169.48)
ipv6-api.iproyal.com()
down.ftp21.cc(119.203.212.165) - malware
download.microsoft.com(23.199.6.55)
hook.ftp21.cc(211.108.60.155)
api6.my-ip.io()
unixtime.org(172.67.175.23)
www.362-com.com(1.226.84.135)
web.362-com.com(110.11.158.238)
opendata.baidu.com(45.113.194.127)
www.4i7i.com(1.226.84.135)
api.iproyal.com(93.189.62.83)
ssl.ftp21.cc(31.184.207.62) - malware
172.67.175.23
93.189.62.83
31.184.207.62 - malware
193.228.196.69
211.108.60.155
43.198.152.240
45.113.194.127
16.162.201.176
1.226.84.135
51.161.196.188
104.78.73.222
118.184.169.48
110.11.158.238
119.203.212.165 - malware
|
11
ET INFO Packed Executable Download
ET DNS Query for .cc TLD
ET HUNTING Suspicious EXE Download Content-Type image/jpeg
ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2
ET MALWARE JS/WSF Downloader Dec 08 2016 M4
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
ET INFO DYNAMIC_DNS Query to 3322.org Domain
ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
ET INFO SSH-2.0-Go version string Observed in Network Traffic
ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection
ET INFO External IP Lookup Domain DNS Lookup (my-ip .io)
|
|
11.2 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45667 |
2024-07-01 09:23
|
 TQ.jpg.exe f9f5342074462fa1048fea806eef535f
Emotet Generic Malware Malicious Library Downloader Malicious Packer Antivirus UPX PE File PE32 OS Processor Check DLL PE64 Malware download VirusTotal Malware SMB Traffic Potential Scan Malicious Traffic Creates executable files ICMP traffic Disables Windows Security AppData folder sandbox evasion Windows DNS DDNS Downloader |
8
http://118.184.169.48/dyndns/getip
http://45.113.194.189/api.php?query=175.208.134.152&co=&resource_id=6006&oe=utf8
http://ssl.ftp21.cc/MpMgDLL.jpg
http://ssl.ftp21.cc/MpMgSvc.jpg
http://down.ftp21.cc/64.jpg
http://ssl.ftp21.cc/Hooks.jpg
http://download.microsoft.com/download/E/4/1/E4173890-A24A-4936-9FC9-AF930FE3FA40/NDP461-KB3102436-x86-x64-AllOS-ENU.exe
http://down.ftp21.cc/Update.txt
|
22
gtxvdqvuweqs.com(16.162.201.176)
members.3322.org(118.184.169.48)
ipv6-api.iproyal.com()
down.ftp21.cc(119.203.212.165) - malware
download.microsoft.com(23.199.6.55)
www.362-com.com(1.226.84.135)
www.4i7i.com(1.226.84.135)
opendata.baidu.com(45.113.194.189)
web.362-com.com(110.11.158.238)
api.iproyal.com(193.228.196.69)
ssl.ftp21.cc(31.184.207.62) - malware
23.219.69.110
31.184.207.62 - malware
193.228.196.69
45.113.194.189
16.162.201.176
1.226.84.135
31.222.226.20
18.163.3.159
118.184.169.48
110.11.158.238
119.203.212.165 - malware
|
8
ET DNS Query for .cc TLD
ET HUNTING Suspicious EXE Download Content-Type image/jpeg
ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2
ET MALWARE JS/WSF Downloader Dec 08 2016 M4
ET INFO DYNAMIC_DNS Query to 3322.org Domain
ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection
ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection
|
|
9.4 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45668 |
2024-07-01 09:26
|
 1.exe 07c1efc472c5c8424d6a4e529abc63c5
UPX PE File PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45669 |
2024-07-01 09:38
|
 lumma2806.exe 0309dd0131150796ea99b30a62194fae
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45670 |
2024-07-01 09:38
|
 vidar2806.exe f88272ea7674d3acedd8adcf7643c598
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45671 |
2024-07-01 09:40
|
 meta2806.exe 2fcb3543d06f526e93c7276356f557b7
RedLine stealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
4.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45672 |
2024-07-01 09:42
|
 rise2806.exe 97768ab0a4837757b74de2ae892badab
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45673 |
2024-07-01 10:25
|
 pconsnap.dll.exe 8fb5e72a31680189d9a529b49962a0b1
Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.0 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45674 |
2024-07-01 10:46
|
 wmi.jpg.exe 3d3aedfaeaf39544ff74fe6fe4541fc2
UPX PE File PE32 VirusTotal Malware AutoRuns Check memory Creates executable files RWX flags setting Windows utilities WriteConsoleW Firewall state off Windows |
|
2
www.4i7i.com(1.226.84.135)
1.226.84.135
|
|
|
6.0 |
M |
60 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45675 |
2024-07-01 11:02
|
 64.jpg.exe 72762b7ac7c6dfdc7b1c3b3a5171103a
UPX PE File PE64 VirusTotal Malware Check memory unpack itself ComputerName Firmware |
|
3
xmr.330com.com(211.108.74.247)
211.108.74.247
62.48.34.99
|
|
|
3.4 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|