45841 |
2024-07-07 18:48
|
qwerty.ps1 b099d0ec774fccc05b662d86eaba027a Hide_EXE Generic Malware Malicious Packer UPX Antivirus AntiDebug AntiVM PE File PE32 VirusTotal Malware powershell Buffer PE Code Injection Check memory buffers extracted heapspray Creates executable files RWX flags setting unpack itself powershell.exe wrote malicious URLs WriteConsoleW Windows crashed |
4
http://lastimaners.ug/zxcvb.exe - rule_id: 26228
http://lastimaners.ug/asdfg.exe - rule_id: 36174
http://lastimaners.ug/asdf.EXE
http://lastimaners.ug/zxcv.EXE
|
2
lastimaners.ug(91.215.85.223) - malware 91.215.85.223 - malware
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 14 ET POLICY PE EXE or DLL Windows file download HTTP
|
2
http://lastimaners.ug/zxcvb.exe http://lastimaners.ug/asdfg.exe
|
10.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45842 |
2024-07-07 18:50
|
offic%E8%A1%A8%E6%A0%BCluck.ex... 06592a8ca068935d98a5ada152e3393d UPX PE File PE64 VirusTotal Malware Remote Code Execution |
|
|
|
|
2.6 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45843 |
2024-07-07 18:53
|
UGcLEmRAhjNb.exe f2a5c7e8313862aca9b7a6314ca73f3a Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.4 |
|
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45844 |
2024-07-07 18:55
|
buildj.exe 7debc473f9ec83c3d000a57466eab9b2 Vidar Generic Malware Malicious Library Antivirus UPX AntiDebug AntiVM PE File PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram MachineGuid Code Injection Malicious Traffic Check memory WMI unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
3
https://steamcommunity.com/profiles/76561199730044335 - rule_id: 40948
https://steamcommunity.com/profiles/76561199730044335
https://t.me/bu77un
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(23.59.200.146) - mailcious 149.154.167.99 - mailcious
95.217.241.48 - mailcious
184.85.112.102
|
3
ET INFO TLS Handshake Failure ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://steamcommunity.com/profiles/76561199730044335
|
11.0 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45845 |
2024-07-07 18:57
|
ghjkl.exe a2a9c309c5300a53d2c2fc41b71b174b Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.6 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45846 |
2024-07-07 18:59
|
SERVE.vbs 3c12d58060963c9a6190f3803d0bc6feVirusTotal Malware VBScript wscript.exe payload download DNS crashed Dropper |
1
http://91.92.254.29/Users_API/HURRICANE/file_hzmmmodl.2wb.txt
|
1
|
|
|
10.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45847 |
2024-07-07 19:03
|
2EU.file.exe f7ea17cd71f263659d0ee0b82a95fbaf Malicious Library UPX PE File PE64 ftp OS Processor Check VirusTotal Malware PDB |
|
|
|
|
0.6 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45848 |
2024-07-07 19:04
|
UNIQ.file.exe 16fcba4c603655fca5f10157dd6d360f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName |
|
|
|
|
6.4 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45849 |
2024-07-07 19:05
|
inte.exe cd0fd465ea4fd58cf58413dda8114989 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
2.4 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45850 |
2024-07-07 19:07
|
amadka.exe 29af55c68d51c9ef3c35850bec56664d Amadey Admin Tool (Sysinternals etc ...) Anti_VM PE File PE32 Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Checks debugger unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows DNS crashed |
3
http://77.91.77.82/Hun4Ko/index.php - rule_id: 40678
http://77.91.77.81/stealc/random.exe
http://77.91.77.81/cost/random.cmd
|
2
77.91.77.82 - malware
77.91.77.81 - mailcious
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 8 ET MALWARE Amadey Bot Activity (POST)
|
1
http://77.91.77.82/Hun4Ko/index.php
|
11.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45851 |
2024-07-07 19:11
|
go.exe d1a881d79ea584b074ae23f9279c5bd0 Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check MSOffice File VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
8
https://www.google.com/favicon.ico https://accounts.google.com/generate_204?w4ag3w https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AdF4I74pC9xrfzbndeH-N6NOflXq1MjzJIxNFee4-gZlSvToqsOXxF3zsbE0AhE66RpXdgwWsyVz&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1023031012%3A1720346845031034 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AdF4I76Y3NkKUEH3PqSbeNYT6o-AmZa8Isqhy7dbwEu3iufOXcI9DiOb9Rvo_KyAQWxTR7znvW1X-w
|
6
ssl.gstatic.com(142.251.222.35) accounts.google.com(74.125.203.84) www.google.com(142.250.206.228) 142.251.8.84 142.251.220.100 142.250.66.99
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.4 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45852 |
2024-07-07 19:11
|
63vN2.txt.vbs dc087d53594631d1aaa5a22d4b98029f Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://212.70.149.205:2020/c.jpg
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 8
|
|
6.8 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45853 |
2024-07-07 19:25
|
er.er.er.erererere.doC 0028cb11338cbdfd81985d00fa9bf282 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
1
http://23.95.235.16/55099/profilegoodforinvestreturns.gif
|
2
23.95.235.16 - mailcious 91.92.254.29 - mailcious
|
|
|
5.6 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45854 |
2024-07-07 19:26
|
EU.file.exe 84d89662f4329f2fa4a36cfd32974eef Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Remote Code Execution |
|
|
|
|
2.2 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
45855 |
2024-07-08 07:52
|
PACKAGE_DEMO.exe e450ca946d4bf6173ebe3f00c3d08d81 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Check memory Creates shortcut Collect installed applications sandbox evasion IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Browser Email ComputerName Trojan Banking DNS |
|
3
api.ipify.org(104.26.12.205) 79.137.197.154 104.26.12.205
|
8
ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped
|
|
11.8 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|