45766 |
2024-07-04 09:44
|
fress.vbs eadbe0d07dc98f935224d3ccea5c6b96 VirusTotal Malware VBScript wscript.exe payload download Dropper |
1
|
2
paste.ee(185.26.104.247) - mailcious 185.26.104.247 - mailcious
|
|
|
10.0 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45767 |
2024-07-04 09:45
|
MOVE.vbs 17a1424e8ac08659157d2d0f0d143de9 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware VBScript powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName DNS Cryptographic key Dropper |
3
http://91.92.254.29/Users_API/HURRICANE/file_2n4kbwex.dbr.txt
http://airstreamsa.in.net/ajai/wave.txt
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
|
3
ia803405.us.archive.org(207.241.232.195) - mailcious 91.92.254.29 - mailcious
207.241.232.195 - mailcious
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45768 |
2024-07-04 09:46
|
file_iet2mvl3.idw.txt.vbs 35fc934c763040e9f35474eacffe3e34unpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45769 |
2024-07-04 09:46
|
ggrace.vbs 82e15bfd5d0ba8fb1f211f4b04c3e404VirusTotal Malware VBScript wscript.exe payload download crashed Dropper |
1
|
2
paste.ee(185.26.104.247) - mailcious 185.26.104.247 - mailcious
|
|
|
10.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45770 |
2024-07-04 09:47
|
crypted.exe efb9f7b4e6703ad5d5b179992a6c44f8 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45771 |
2024-07-04 09:49
|
ORES.txt.exe aec77fe6b8457d2c380dd5c4bfb025a2 RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45772 |
2024-07-04 09:50
|
file_xmomibuj.x4j.txt.ps1 af7ad8b719740c60af95b7f13a382d97 Generic Malware Antivirus Malware download Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://172.232.56.138/44033/CNO.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45773 |
2024-07-04 09:52
|
new-image_v.jpg.exe 9152c6d4256e91955c25bcdfa97fb9e0 PE File DLL PE32 .NET DLL VirusTotal Malware PDB |
|
|
|
|
1.0 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45774 |
2024-07-04 09:53
|
file_01ntx0mv.bfk.txt.ps1 fdd6b3b4eafee0cdace6be04340d721d Generic Malware Antivirus Malware download Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://198.46.178.144/madamwebbbbbbbas6444.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45775 |
2024-07-04 09:55
|
file_iet2mvl3.idw.txt.ps1 35fc934c763040e9f35474eacffe3e34 Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45776 |
2024-07-04 09:58
|
file_5jjhn5s1.zo4.txt.ps1 0bb85daee10c39c2eb3a05ebc874a585 Generic Malware Antivirus Malware download Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://23.95.235.16/55099/UGH.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45777 |
2024-07-04 10:03
|
file_2n4kbwex.dbr.txt.ps1 8c1b03a6197614eeeb38e25f24e910b7 Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45778 |
2024-07-04 10:05
|
streamer.exe 2502f2fb88c1ea569c0b4287ae0613f3 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45779 |
2024-07-04 10:06
|
okeydookietrational.txt.exe 2788f9c24efc9877a9c58d751d4f73f7 AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Browser Email ComputerName crashed |
1
http://ip-api.com/line/?fields=hosting
|
4
ftp.horeca-bucuresti.ro(89.39.83.184) ip-api.com(208.95.112.1) 89.39.83.184 208.95.112.1
|
2
ET POLICY External IP Lookup ip-api.com SURICATA Applayer Detect protocol only one direction
|
|
6.0 |
|
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45780 |
2024-07-04 10:08
|
moon.txt.exe 076a4a72c5285c9d30401f1c3f7d0c45 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory buffers extracted unpack itself human activity check Windows DNS keylogger |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50) 178.237.33.50 191.101.130.177
|
1
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
5.8 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|