| 45766 |
2024-07-04 09:44
|
fress.vbs eadbe0d07dc98f935224d3ccea5c6b96
VirusTotal Malware VBScript wscript.exe payload download Dropper |
1
|
2
paste.ee(185.26.104.247) - mailcious
185.26.104.247 - mailcious
|
|
|
10.0 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45767 |
2024-07-04 09:45
|
MOVE.vbs 17a1424e8ac08659157d2d0f0d143de9
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware VBScript powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName DNS Cryptographic key Dropper |
3
http://91.92.254.29/Users_API/HURRICANE/file_2n4kbwex.dbr.txt
http://airstreamsa.in.net/ajai/wave.txt
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
|
3
ia803405.us.archive.org(207.241.232.195) - mailcious
91.92.254.29 - mailcious
207.241.232.195 - mailcious
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45768 |
2024-07-04 09:46
|
file_iet2mvl3.idw.txt.vbs 35fc934c763040e9f35474eacffe3e34unpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45769 |
2024-07-04 09:46
|
ggrace.vbs 82e15bfd5d0ba8fb1f211f4b04c3e404VirusTotal Malware VBScript wscript.exe payload download crashed Dropper |
1
|
2
paste.ee(185.26.104.247) - mailcious
185.26.104.247 - mailcious
|
|
|
10.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45770 |
2024-07-04 09:47
|
 crypted.exe efb9f7b4e6703ad5d5b179992a6c44f8
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45771 |
2024-07-04 09:49
|
 ORES.txt.exe aec77fe6b8457d2c380dd5c4bfb025a2
RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45772 |
2024-07-04 09:50
|
file_xmomibuj.x4j.txt.ps1 af7ad8b719740c60af95b7f13a382d97
Generic Malware Antivirus Malware download Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://172.232.56.138/44033/CNO.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45773 |
2024-07-04 09:52
|
 new-image_v.jpg.exe 9152c6d4256e91955c25bcdfa97fb9e0
PE File DLL PE32 .NET DLL VirusTotal Malware PDB |
|
|
|
|
1.0 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45774 |
2024-07-04 09:53
|
file_01ntx0mv.bfk.txt.ps1 fdd6b3b4eafee0cdace6be04340d721d
Generic Malware Antivirus Malware download Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://198.46.178.144/madamwebbbbbbbas6444.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45775 |
2024-07-04 09:55
|
file_iet2mvl3.idw.txt.ps1 35fc934c763040e9f35474eacffe3e34
Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45776 |
2024-07-04 09:58
|
file_5jjhn5s1.zo4.txt.ps1 0bb85daee10c39c2eb3a05ebc874a585
Generic Malware Antivirus Malware download Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://23.95.235.16/55099/UGH.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45777 |
2024-07-04 10:03
|
file_2n4kbwex.dbr.txt.ps1 8c1b03a6197614eeeb38e25f24e910b7
Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45778 |
2024-07-04 10:05
|
 streamer.exe 2502f2fb88c1ea569c0b4287ae0613f3
Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45779 |
2024-07-04 10:06
|
 okeydookietrational.txt.exe 2788f9c24efc9877a9c58d751d4f73f7
AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Browser Email ComputerName crashed |
1
http://ip-api.com/line/?fields=hosting
|
4
ftp.horeca-bucuresti.ro(89.39.83.184)
ip-api.com(208.95.112.1)
89.39.83.184
208.95.112.1
|
2
ET POLICY External IP Lookup ip-api.com
SURICATA Applayer Detect protocol only one direction
|
|
6.0 |
|
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45780 |
2024-07-04 10:08
|
 moon.txt.exe 076a4a72c5285c9d30401f1c3f7d0c45
Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory buffers extracted unpack itself human activity check Windows DNS keylogger |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50)
178.237.33.50
191.101.130.177
|
1
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
5.8 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|