46561 |
2024-08-04 13:33
|
mimilib.dll ddbd4a6269c999e0e32a2b523495ca39 Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE64 OS Processor Check VirusTotal Malware Checks debugger unpack itself crashed |
|
|
|
|
2.0 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46562 |
2024-08-04 13:33
|
wereallyneedthisgirlbacktomypl... 0a052f8d7d1dd625c750fe579d2c610c MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://45.90.89.50/70/mycuteflowergirlsheisneedmetooget.gIF
|
3
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware
45.90.89.50 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46563 |
2024-08-04 13:33
|
.lnk ac9f282a9457797265cb5baf1dfafd54 Generic Malware UPX Antivirus AntiDebug AntiVM Lnk Format GIF Format PE File PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process AppData folder Interception Windows ComputerName DNS Cryptographic key |
1
http://149.51.230.198:5566/releaseform
|
1
|
3
ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Inline HTTP
|
|
8.8 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46564 |
2024-08-04 13:35
|
mimikatz.exe 640ff220dc517b6fda38e45fb575d47e Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory WriteConsoleW |
|
|
|
|
1.6 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46565 |
2024-08-04 13:35
|
conhost.exe f8c2769b1490e6eabeb8dd5faa8e6e70 Gen1 Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46566 |
2024-08-04 13:36
|
DR_Mod_200_2023.PDF.lnk 0d6f8a03885e85f384584cb2416f859e Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key |
1
https://21centuryart.com/arc/msncjsudh
|
1
21centuryart.com(127.0.0.1) - mailcious
|
|
|
7.2 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46567 |
2024-08-04 13:37
|
mimispool.dll 7185df3dbaa4049c26fe2d6962528577 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46568 |
2024-08-04 13:37
|
fremoney.pdf.lnk 815e6eb6a474f4fcde376762c0e69c37 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
https://motorsit.com/active2
|
|
|
|
4.2 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46569 |
2024-08-04 13:39
|
win.exe 67b035c3aac011e498d0e6685fde0c16 UPX PE File PE64 VirusTotal Malware suspicious privilege Windows utilities WriteConsoleW Windows DNS |
|
1
|
|
|
4.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46570 |
2024-08-04 13:41
|
JX2goame.exe 288f1d023c0446d190a28e5f1899667c EnigmaProtector UPX PE File PE32 VirusTotal Malware unpack itself Windows ComputerName crashed |
|
|
|
|
4.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46571 |
2024-08-04 13:42
|
jf.exe d161e13cf0731d0b55ad38d6a38cdc21 CoinMiner Generic Malware Downloader UPX Malicious Library Confuser .NET Malicious Packer Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence F VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW IP Check Tofsee Interception Windows ComputerName Amazon Alibaba DNS |
4
http://pcupd.com/tfsoft/xftd/v2/ctf/ http://124.223.105.161:8902/files/data/drss/drsx.zip https://mc.minibai.com/api/gv1/push https://checkip.amazonaws.com/
|
150
cm.bilibili.com(164.52.47.54) 7b42f7424e8c39d30019cf95ef41ef02.rdt.tfogc.com(175.4.55.179) ss0.baidu.com(185.10.104.109) vd6.l.qq.com(129.226.107.33) game.kde.qq.com(129.226.103.24) pcupd.com(139.196.217.38) hector.baidu.com(39.156.68.81) passport-plugin.hao184.com(61.170.80.232) accounts.google.com(64.233.188.84) search.sogoucdn.com(43.159.81.60) clientservices.googleapis.com(142.250.198.3) s3m6.mdvdns.com(104.192.108.23) m4.publicimg.browser.qq.com(43.152.15.45) dhrest.2345.com(180.163.196.140) t12.baidu.com(111.225.213.36) s3m6.fenxi.com(61.170.81.233) web.50bangzh.com(180.101.190.124) iwan.video.qq.com(124.156.190.80) eclick.baidu.com(111.206.208.190) i.news.qq.com(38.60.181.105) bd-js1.2345.com(112.25.90.131) data.ab.qq.com(43.154.254.142) dgss0.bdstatic.com(45.113.192.82) ckmap.mediav.com(180.163.247.134) www.baidu.com(119.63.197.139) www.2345.com(163.181.22.236) pcbrowser.dd.qq.com(111.3.90.95) daohang.qq.com(43.154.240.84) xy117x158x188x37xy.mcdn.bilivideo.cn(117.158.188.37) vfiles.gtimg.cn(211.152.132.216) data.bilibili.com(164.52.0.98) s1.mdvdns.com(112.65.69.52) ca8ac9a6f86c4d42a7e731d17aa125db.rdt.tfogc.com(113.141.160.228) dss2.bdstatic.com(185.10.104.109) gss0.bdstatic.com(45.113.192.82) pbaccess.video.qq.com(43.155.124.103) www.google.com(142.250.76.132) oth.str.beacon.qq.com(14.22.9.180) d9bfba694e0c428248140c78286d3793.rdt.tfogc.com(58.19.46.75) code.bdstatic.com(103.235.45.242) tv.puui.qpic.cn(38.60.181.35) r3---sn-j5o7dn7e.gvt1-cn.com(113.108.239.196) www-cdn.2345cdn.net(180.163.207.108) dhrest-static.2345.com(180.163.147.217) newtab.browser.qq.com(43.135.106.42) pb.sogou.com(36.155.166.212) 183ac55a26eb8ed3211e476f89a40d34.rdt.tfogc.com(111.4.66.14) static.res.qq.com(36.250.242.247) kde.qq.com(129.226.103.169) content-autofill.googleapis.com(142.250.206.202) hmcdn.baidu.com(124.239.243.48) checkip.amazonaws.com(52.221.143.66) b33fca1920f4832d8e3dfbf4c7432b50.rdt.tfogc.com(113.141.160.48) snowflake.qq.com(43.129.2.170) sofire.bdstatic.com(60.190.116.48) adsmind.gdtimg.com(211.152.132.216) api.bilibili.com(164.52.44.50) pss.bdstatic.com(103.235.45.242) apd-ugcvlive.apdcdn.tc.qq.com(211.152.132.216) st.tencent-cloud.com(211.152.132.216) hm.baidu.com(111.45.3.198) - mailcious 9d215ea2cab88371652c1ef094554b8f.rdt.tfogc.com(183.214.144.2) ss1.baidu.com(185.10.104.109) f7.baidu.com(103.235.45.243) xy120x209x212x19xy.mcdn.bilivideo.cn(120.209.212.19) zj-cn-live-comet.chat.bilibili.com(47.103.12.10) cdn.nfa.qq.com(42.177.83.82) b60ec859c86b068d2351ce983cebdb01.rdt.tfogc.com(175.4.55.182) as1.m.hao123.com(42.81.8.130) publiclog.zhiyan.tencent-cloud.net(121.14.77.149) p0.qhimg.com(54.192.175.113) imgcdn.toutiaoyule.com(111.47.229.228) bdb4e1d1d90392c080815d268dfe7f87.rdt.tfogc.com(183.214.52.52) pcwup.imtt.qq.com(14.22.9.100) b0218760c889395ec69a3305b7ab05fa.rdt.tfogc.com(183.214.52.58) pos.baidu.com(103.235.46.94) sapi-wzdh.2345.com(47.102.123.53) optimizationguide-pa.googleapis.com(172.217.161.234) otheve.beacon.qq.com(129.226.106.210) 6252cfceac8fd2546906f4522c07fff2.rdt.tfogc.com(219.144.77.71) jx.cdn.qhstatic.com(104.192.108.192) vr.gdt.qq.com(43.159.118.117) mbd.baidu.com(103.235.47.212) dhps.2345.com(180.163.203.99) s3m4.fenxi.com(175.6.254.74) passport.baidu.com(45.113.194.250) index-api.2345.com(180.101.190.124) www-stream.2345cdn.net(163.181.22.205) 6ad41852c351bbdf31590130781c1f5c.rdt.tfogc.com(175.153.180.110) v.gdt.qq.com(43.159.118.117) 0a0a389bc8b2293cdc7b734e9cf84e2f.rdt.tfogc.com(113.141.160.198) www.sogou.com(119.28.109.132) v.qq.com(23.7.212.166) rpt.gdt.qq.com(43.159.118.117) quickstart.imtt.qq.com(129.226.103.233) sc0.hao123img.com(58.254.180.65) lupic.cdn.bcebos.com(60.188.66.35) ipsad.l.qq.com(43.129.2.69) www.bilibili.com(164.52.44.50) daohang.browser.qq.com(43.154.240.84) 256c3d9bfaf9b50b26a3007eed50f82a.rdt.tfogc.com(111.4.66.8) hw-v2-web-player-tracker.biliapi.net(101.91.136.148) mc.minibai.com(118.24.85.16) live.bilibili.com(164.52.47.54) live-s3m.mediav.com(111.174.12.100) sfp.safe.baidu.com(36.110.219.204) www.591888.vip(38.147.189.238) ltscsy.qq.com(116.162.208.149) 430df5a0d910a183ce55ba9aa34a065f.rdt.tfogc.com(111.4.66.17) www.hao123.com(103.235.46.98) hotlist.imtt.qq.com(43.154.240.245) puui.qpic.cn(23.210.247.59) dns.google(8.8.4.4) b.bdstatic.com(117.68.52.48) ssxd.mediav.com(112.65.69.51) 35d956a39c11b2a14f588d401b8eb2ea.rdt.tfogc.com(183.95.181.108) api.live.bilibili.com(164.52.47.54) h.trace.qq.com(129.226.102.234) cpro.baidustatic.com(220.169.152.38) aegis.qq.com(43.137.221.145) www.hao774.com(61.170.79.225) 3924a2b0e8a2c4ef0b5b941a5d29f50f.rdt.tfogc.com(183.214.52.49) max-l.mediav.com(180.163.247.134) www.aliyunpay.shop(118.178.125.54) wup.imtt.qq.com(43.154.240.161) 46accc8a55ff111839e2072af218a509.rdt.tfogc.com(183.214.144.4) arms-retcode.aliyuncs.com(47.96.83.41) beacon.cdn.qq.com(211.152.132.208) wn.pos.baidu.com(182.61.200.11) qbuniplugin.html5.qq.com(43.135.106.117) topnews.imtt.qq.com(101.32.212.153) novel.html5.qq.com(129.226.107.80) webrtcpunch.video.qq.com(119.147.179.227) config.ab.qq.com(43.159.234.88) i2.hdslb.com(122.10.154.135) trpcpb.imtt.qq.com(129.226.107.205) cn-sccd-cu-01-09.bilivideo.com(101.206.209.10) sofire.baidu.com(36.110.192.107) hectorstatic.baidu.com(113.142.207.38) 118.24.85.16 47.96.87.99 38.147.189.238 124.223.105.161 47.97.204.105 139.196.217.38 - malware 118.178.125.54 116.62.214.53 47.98.133.194 60.12.184.62 18.138.132.100
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host ZIP Request ET INFO Observed External IP Lookup Domain (checkip .amazonaws .com) in TLS SNI ET INFO External IP Lookup Domain in DNS Lookup (checkip .amazonaws .com) ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
|
|
15.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46572 |
2024-08-04 13:43
|
uh.ee.uh.ee.uhuheee.doc 5b88a1a2c13384068ece808b50699d86 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
1
http://192.3.216.148/datingloverstartingAgain.vbs
|
2
192.3.216.148 - malware
91.92.254.29 - mailcious
|
1
ET INFO Dotted Quad Host VBS Request
|
|
6.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46573 |
2024-08-04 13:46
|
china.exe a95e09168ff4b517c1ffa385206543b5 Malicious Library ASPack PE File PE32 CAB MZP Format DLL VirusTotal Malware Check memory Checks debugger unpack itself AppData folder |
|
|
|
|
2.4 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46574 |
2024-08-04 13:48
|
ss.exe 61584ce40b3b4c6f5b9ac4fb4f8f0ec9 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS |
|
1
|
|
|
3.6 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46575 |
2024-08-04 13:50
|
select.exe d0e834aed727fe49a51b071c680a282c Downloader PE File PE32 MZP Format VirusTotal Malware AutoRuns Check memory Windows Trojan |
|
|
|
|
4.2 |
M |
70 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|