46771 |
2024-08-07 10:09
|
az.exe b9fcbae32e294854e2507179d4acef1c Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
1.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46772 |
2024-08-07 10:11
|
taskhostw3.exe 06a8e35022b76d751e396d1ab5bb9cf1 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
3.6 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46773 |
2024-08-07 10:11
|
wp.vbs 67d660ff76a9414cc62d4ddf7f3223f6VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName DNS DDNS Dropper |
1
http://chongmei33.publicvm.com:7045/is-ready
|
2
chongmei33.publicvm.com(46.246.6.6) - mailcious 46.246.6.6
|
1
ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com)
|
|
10.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46774 |
2024-08-07 10:13
|
3.dat 0c8848c11a91ab74f30abbef17792f8f Generic Malware UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.8 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46775 |
2024-08-07 10:18
|
ienetworks.hta 367299f3b78921590e30252fcc114cc7 Antivirus VirusTotal Malware unpack itself crashed |
|
|
|
|
1.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46776 |
2024-08-07 10:19
|
ienet.hta dde24099df982fc36dcbadf43a92ba46 Generic Malware Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key |
1
http://107.175.113.209/45/renewthejourneywithimagekitchenset.gIF
|
1
107.175.113.209 - mailcious
|
|
|
10.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46777 |
2024-08-07 10:19
|
INET.hta accdfe7a24bcb621a1dade4ab39eddb2 Generic Malware Downloader Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder Windows Exploit ComputerName DNS Cryptographic key crashed |
1
http://45.90.89.50/100/instantflowercaseneedbeautygirlsherealways.gIF
|
1
|
|
|
11.0 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46778 |
2024-08-07 10:33
|
instantflowercaseneedbeautygir... ccde7ef0e90a5a62394fafe77c7eff7e Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS |
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg - rule_id: 41854
|
2
servidorwindows.ddns.com.br(191.55.76.236) - malware 191.55.76.236
|
2
ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg
|
9.2 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46779 |
2024-08-07 10:34
|
install.exe 4bbcacdd78e864802197947104fca7cc Gen1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Anti_VM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.0 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46780 |
2024-08-07 13:25
|
kz.js e1e3b54f17e16c5e867a9e7ee6d196ba Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check AutoRuns Creates executable files AppData folder Windows DNS DDNS keylogger |
|
2
kizitodavina.duckdns.org(46.246.84.3) - mailcious 46.246.84.3
|
2
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
6.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46781 |
2024-08-07 13:25
|
kg.js 47b10cd883ecbb78172c5e38b33aa085 AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows Gmail Browser Email ComputerName crashed keylogger |
|
2
smtp.gmail.com(173.194.174.109) 173.194.174.108
|
2
SURICATA Applayer Detect protocol only one direction SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.6 |
|
13 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46782 |
2024-08-07 13:25
|
JoSetp.exe ed59308f9e2b59ec4195a99788cee8ee Confuser .NET PE File .NET EXE PE32 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Ransomware DNS |
2
https://iplogger.org/1vyFz7 https://iplogger.org/1p6br7
|
3
topnewsdesign.xyz() - mailcious iplogger.org(104.21.4.208) - mailcious 104.21.4.208
|
3
ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET POLICY IP Check Domain (iplogger .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.4 |
M |
57 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46783 |
2024-08-07 13:25
|
kiz.js 00bf8ae55020bb2533b3a4eb875c5e4c Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check human activity check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/ https://reallyfreegeoip.org/xml/175.208.134.152
|
6
checkip.dyndns.org(158.101.44.242) reallyfreegeoip.org(104.21.67.152) api.telegram.org(149.154.167.220) - mailcious 172.67.177.134 132.226.247.73 149.154.167.220 - mailcious
|
9
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO TLS Handshake Failure ET HUNTING Telegram API Domain in DNS Lookup ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
|
|
11.8 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46784 |
2024-08-07 13:31
|
ienetworks.hta 367299f3b78921590e30252fcc114cc7 Generic Malware Antivirus PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://107.173.192.135/88/kidsrosefacingimagestricking.gIF
|
1
107.173.192.135 - malware
|
|
|
9.4 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46785 |
2024-08-07 13:43
|
renewthejourneywithimagekitche... cb413715fe15be39831acd147e37bb0f Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS |
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg - rule_id: 41854
|
2
servidorwindows.ddns.com.br(191.55.76.236) - malware 191.55.76.236
|
2
ET MALWARE Base64 Encoded MZ In Image ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg
|
9.2 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|