| 46561 |
2024-08-04 13:33
|
 mimilib.dll ddbd4a6269c999e0e32a2b523495ca39
Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE64 OS Processor Check VirusTotal Malware Checks debugger unpack itself crashed |
|
|
|
|
2.0 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46562 |
2024-08-04 13:33
|
wereallyneedthisgirlbacktomypl... 0a052f8d7d1dd625c750fe579d2c610c
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://45.90.89.50/70/mycuteflowergirlsheisneedmetooget.gIF
|
3
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
45.90.89.50 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46563 |
2024-08-04 13:33
|
.lnk ac9f282a9457797265cb5baf1dfafd54
Generic Malware UPX Antivirus AntiDebug AntiVM Lnk Format GIF Format PE File PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process AppData folder Interception Windows ComputerName DNS Cryptographic key |
1
http://149.51.230.198:5566/releaseform
|
1
|
3
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Inline HTTP
|
|
8.8 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46564 |
2024-08-04 13:35
|
 mimikatz.exe 640ff220dc517b6fda38e45fb575d47e
Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory WriteConsoleW |
|
|
|
|
1.6 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46565 |
2024-08-04 13:35
|
 conhost.exe f8c2769b1490e6eabeb8dd5faa8e6e70
Gen1 Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46566 |
2024-08-04 13:36
|
 DR_Mod_200_2023.PDF.lnk 0d6f8a03885e85f384584cb2416f859e
Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key |
1
https://21centuryart.com/arc/msncjsudh
|
1
21centuryart.com(127.0.0.1) - mailcious
|
|
|
7.2 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46567 |
2024-08-04 13:37
|
 mimispool.dll 7185df3dbaa4049c26fe2d6962528577
Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46568 |
2024-08-04 13:37
|
fremoney.pdf.lnk 815e6eb6a474f4fcde376762c0e69c37
Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
https://motorsit.com/active2
|
|
|
|
4.2 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46569 |
2024-08-04 13:39
|
 win.exe 67b035c3aac011e498d0e6685fde0c16
UPX PE File PE64 VirusTotal Malware suspicious privilege Windows utilities WriteConsoleW Windows DNS |
|
1
|
|
|
4.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46570 |
2024-08-04 13:41
|
 JX2goame.exe 288f1d023c0446d190a28e5f1899667c
EnigmaProtector UPX PE File PE32 VirusTotal Malware unpack itself Windows ComputerName crashed |
|
|
|
|
4.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46571 |
2024-08-04 13:42
|
 jf.exe d161e13cf0731d0b55ad38d6a38cdc21
CoinMiner Generic Malware Downloader UPX Malicious Library Confuser .NET Malicious Packer Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence F VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW IP Check Tofsee Interception Windows ComputerName Amazon Alibaba DNS |
4
http://pcupd.com/tfsoft/xftd/v2/ctf/
http://124.223.105.161:8902/files/data/drss/drsx.zip
https://mc.minibai.com/api/gv1/push
https://checkip.amazonaws.com/
|
150
cm.bilibili.com(164.52.47.54)
7b42f7424e8c39d30019cf95ef41ef02.rdt.tfogc.com(175.4.55.179)
ss0.baidu.com(185.10.104.109)
vd6.l.qq.com(129.226.107.33)
game.kde.qq.com(129.226.103.24)
pcupd.com(139.196.217.38)
hector.baidu.com(39.156.68.81)
passport-plugin.hao184.com(61.170.80.232)
accounts.google.com(64.233.188.84)
search.sogoucdn.com(43.159.81.60)
clientservices.googleapis.com(142.250.198.3)
s3m6.mdvdns.com(104.192.108.23)
m4.publicimg.browser.qq.com(43.152.15.45)
dhrest.2345.com(180.163.196.140)
t12.baidu.com(111.225.213.36)
s3m6.fenxi.com(61.170.81.233)
web.50bangzh.com(180.101.190.124)
iwan.video.qq.com(124.156.190.80)
eclick.baidu.com(111.206.208.190)
i.news.qq.com(38.60.181.105)
bd-js1.2345.com(112.25.90.131)
data.ab.qq.com(43.154.254.142)
dgss0.bdstatic.com(45.113.192.82)
ckmap.mediav.com(180.163.247.134)
www.baidu.com(119.63.197.139)
www.2345.com(163.181.22.236)
pcbrowser.dd.qq.com(111.3.90.95)
daohang.qq.com(43.154.240.84)
xy117x158x188x37xy.mcdn.bilivideo.cn(117.158.188.37)
vfiles.gtimg.cn(211.152.132.216)
data.bilibili.com(164.52.0.98)
s1.mdvdns.com(112.65.69.52)
ca8ac9a6f86c4d42a7e731d17aa125db.rdt.tfogc.com(113.141.160.228)
dss2.bdstatic.com(185.10.104.109)
gss0.bdstatic.com(45.113.192.82)
pbaccess.video.qq.com(43.155.124.103)
www.google.com(142.250.76.132)
oth.str.beacon.qq.com(14.22.9.180)
d9bfba694e0c428248140c78286d3793.rdt.tfogc.com(58.19.46.75)
code.bdstatic.com(103.235.45.242)
tv.puui.qpic.cn(38.60.181.35)
r3---sn-j5o7dn7e.gvt1-cn.com(113.108.239.196)
www-cdn.2345cdn.net(180.163.207.108)
dhrest-static.2345.com(180.163.147.217)
newtab.browser.qq.com(43.135.106.42)
pb.sogou.com(36.155.166.212)
183ac55a26eb8ed3211e476f89a40d34.rdt.tfogc.com(111.4.66.14)
static.res.qq.com(36.250.242.247)
kde.qq.com(129.226.103.169)
content-autofill.googleapis.com(142.250.206.202)
hmcdn.baidu.com(124.239.243.48)
checkip.amazonaws.com(52.221.143.66)
b33fca1920f4832d8e3dfbf4c7432b50.rdt.tfogc.com(113.141.160.48)
snowflake.qq.com(43.129.2.170)
sofire.bdstatic.com(60.190.116.48)
adsmind.gdtimg.com(211.152.132.216)
api.bilibili.com(164.52.44.50)
pss.bdstatic.com(103.235.45.242)
apd-ugcvlive.apdcdn.tc.qq.com(211.152.132.216)
st.tencent-cloud.com(211.152.132.216)
hm.baidu.com(111.45.3.198) - mailcious
9d215ea2cab88371652c1ef094554b8f.rdt.tfogc.com(183.214.144.2)
ss1.baidu.com(185.10.104.109)
f7.baidu.com(103.235.45.243)
xy120x209x212x19xy.mcdn.bilivideo.cn(120.209.212.19)
zj-cn-live-comet.chat.bilibili.com(47.103.12.10)
cdn.nfa.qq.com(42.177.83.82)
b60ec859c86b068d2351ce983cebdb01.rdt.tfogc.com(175.4.55.182)
as1.m.hao123.com(42.81.8.130)
publiclog.zhiyan.tencent-cloud.net(121.14.77.149)
p0.qhimg.com(54.192.175.113)
imgcdn.toutiaoyule.com(111.47.229.228)
bdb4e1d1d90392c080815d268dfe7f87.rdt.tfogc.com(183.214.52.52)
pcwup.imtt.qq.com(14.22.9.100)
b0218760c889395ec69a3305b7ab05fa.rdt.tfogc.com(183.214.52.58)
pos.baidu.com(103.235.46.94)
sapi-wzdh.2345.com(47.102.123.53)
optimizationguide-pa.googleapis.com(172.217.161.234)
otheve.beacon.qq.com(129.226.106.210)
6252cfceac8fd2546906f4522c07fff2.rdt.tfogc.com(219.144.77.71)
jx.cdn.qhstatic.com(104.192.108.192)
vr.gdt.qq.com(43.159.118.117)
mbd.baidu.com(103.235.47.212)
dhps.2345.com(180.163.203.99)
s3m4.fenxi.com(175.6.254.74)
passport.baidu.com(45.113.194.250)
index-api.2345.com(180.101.190.124)
www-stream.2345cdn.net(163.181.22.205)
6ad41852c351bbdf31590130781c1f5c.rdt.tfogc.com(175.153.180.110)
v.gdt.qq.com(43.159.118.117)
0a0a389bc8b2293cdc7b734e9cf84e2f.rdt.tfogc.com(113.141.160.198)
www.sogou.com(119.28.109.132)
v.qq.com(23.7.212.166)
rpt.gdt.qq.com(43.159.118.117)
quickstart.imtt.qq.com(129.226.103.233)
sc0.hao123img.com(58.254.180.65)
lupic.cdn.bcebos.com(60.188.66.35)
ipsad.l.qq.com(43.129.2.69)
www.bilibili.com(164.52.44.50)
daohang.browser.qq.com(43.154.240.84)
256c3d9bfaf9b50b26a3007eed50f82a.rdt.tfogc.com(111.4.66.8)
hw-v2-web-player-tracker.biliapi.net(101.91.136.148)
mc.minibai.com(118.24.85.16)
live.bilibili.com(164.52.47.54)
live-s3m.mediav.com(111.174.12.100)
sfp.safe.baidu.com(36.110.219.204)
www.591888.vip(38.147.189.238)
ltscsy.qq.com(116.162.208.149)
430df5a0d910a183ce55ba9aa34a065f.rdt.tfogc.com(111.4.66.17)
www.hao123.com(103.235.46.98)
hotlist.imtt.qq.com(43.154.240.245)
puui.qpic.cn(23.210.247.59)
dns.google(8.8.4.4)
b.bdstatic.com(117.68.52.48)
ssxd.mediav.com(112.65.69.51)
35d956a39c11b2a14f588d401b8eb2ea.rdt.tfogc.com(183.95.181.108)
api.live.bilibili.com(164.52.47.54)
h.trace.qq.com(129.226.102.234)
cpro.baidustatic.com(220.169.152.38)
aegis.qq.com(43.137.221.145)
www.hao774.com(61.170.79.225)
3924a2b0e8a2c4ef0b5b941a5d29f50f.rdt.tfogc.com(183.214.52.49)
max-l.mediav.com(180.163.247.134)
www.aliyunpay.shop(118.178.125.54)
wup.imtt.qq.com(43.154.240.161)
46accc8a55ff111839e2072af218a509.rdt.tfogc.com(183.214.144.4)
arms-retcode.aliyuncs.com(47.96.83.41)
beacon.cdn.qq.com(211.152.132.208)
wn.pos.baidu.com(182.61.200.11)
qbuniplugin.html5.qq.com(43.135.106.117)
topnews.imtt.qq.com(101.32.212.153)
novel.html5.qq.com(129.226.107.80)
webrtcpunch.video.qq.com(119.147.179.227)
config.ab.qq.com(43.159.234.88)
i2.hdslb.com(122.10.154.135)
trpcpb.imtt.qq.com(129.226.107.205)
cn-sccd-cu-01-09.bilivideo.com(101.206.209.10)
sofire.baidu.com(36.110.192.107)
hectorstatic.baidu.com(113.142.207.38)
118.24.85.16
47.96.87.99
38.147.189.238
124.223.105.161
47.97.204.105
139.196.217.38 - malware
118.178.125.54
116.62.214.53
47.98.133.194
60.12.184.62
18.138.132.100
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host ZIP Request
ET INFO Observed External IP Lookup Domain (checkip .amazonaws .com) in TLS SNI
ET INFO External IP Lookup Domain in DNS Lookup (checkip .amazonaws .com)
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
|
|
15.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46572 |
2024-08-04 13:43
|
uh.ee.uh.ee.uhuheee.doc 5b88a1a2c13384068ece808b50699d86
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
1
http://192.3.216.148/datingloverstartingAgain.vbs
|
2
192.3.216.148 - malware
91.92.254.29 - mailcious
|
1
ET INFO Dotted Quad Host VBS Request
|
|
6.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46573 |
2024-08-04 13:46
|
 china.exe a95e09168ff4b517c1ffa385206543b5
Malicious Library ASPack PE File PE32 CAB MZP Format DLL VirusTotal Malware Check memory Checks debugger unpack itself AppData folder |
|
|
|
|
2.4 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46574 |
2024-08-04 13:48
|
 ss.exe 61584ce40b3b4c6f5b9ac4fb4f8f0ec9
Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
|
|
|
3.6 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46575 |
2024-08-04 13:50
|
 select.exe d0e834aed727fe49a51b071c680a282c
Downloader PE File PE32 MZP Format VirusTotal Malware AutoRuns Check memory Windows Trojan |
|
|
|
|
4.2 |
M |
70 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|