| 47116 |
2024-08-13 17:17
|
updatedequitosfridayyyyMPDW-co... 3443ed347a3f74c89d2deda980d47522
Generic Malware Antivirus Hide_URL PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
3
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
104.21.67.152
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47117 |
2024-08-13 17:17
|
buttersmoothkitchenapparealssi... 76326ac1e6d011a8ebcba393ae837027
Generic Malware Antivirus Hide_URL PowerShell Malware download Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key DDNS |
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg - rule_id: 41854
|
2
servidorwindows.ddns.com.br(177.106.217.75) - malware
177.106.217.75 - malware
|
2
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg
|
8.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47118 |
2024-08-13 17:17
|
 ieexplore.hta d44e3d03e9550e66fd5f14eeddbc4274
Generic Malware Antivirus Downloader AntiDebug AntiVM MSOffice File PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
1
http://192.3.176.138/32/sahost.exe
|
1
|
5
ET INFO Executable Download from dotted-quad Host
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
11.6 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47119 |
2024-08-13 17:18
|
gernicethingstobegreattounders... 36e32dbcca3f5c62542f9b67b7f3de77
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS DDNS crashed |
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg - rule_id: 41854
|
3
servidorwindows.ddns.com.br(177.106.217.75) - malware
192.3.109.147 - mailcious
177.106.217.75 - malware
|
2
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg
|
5.2 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47120 |
2024-08-13 17:19
|
 IEnetcat.hta 2a622f5181fb1e4f060735c94de8e1d0
Generic Malware Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware VBScript powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key |
1
http://23.94.239.112/119/sahost.vbs
|
1
|
1
ET INFO Dotted Quad Host VBS Request
|
|
11.4 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47121 |
2024-08-13 17:19
|
 IEntworking.hta 57c5c9da83dfc586745b571ccbe42e16
Generic Malware Antivirus AntiDebug AntiVM MSOffice File PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
1
http://192.3.243.147/33/sahost.exe
|
1
|
5
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
11.6 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47122 |
2024-08-13 17:20
|
greatthingstobegetmebackwithen... b668c0905c4ed7361782db27b29704fa
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS DDNS crashed |
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg - rule_id: 41854
|
3
servidorwindows.ddns.com.br(177.106.217.75) - malware
192.3.109.147 - mailcious
177.106.217.75 - malware
|
2
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://servidorwindows.ddns.com.br/Files/vbs.jpeg
|
5.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47123 |
2024-08-13 17:22
|
 sahost.vbs 6bc642359010ee4a5ba7fadb5dec835b
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process suspicious TLD WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
http://cpanel-adminhost.com/Bagsmkkens.chm
|
4
welcomsplus.ru(31.31.198.183) - mailcious
cpanel-adminhost.com(193.25.216.165) - mailcious
31.31.198.183 - mailcious
193.25.216.165 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DROP Spamhaus DROP Listed Traffic Inbound group 37
|
|
11.0 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47124 |
2024-08-13 17:22
|
beseethebuttersmoothchocolates... 3bbf1f4c12640ec01a5b55c5adff7fe9
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://192.3.193.155/xampp/gas/seethegreatkidmagicshowflowers.Tif
|
3
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
192.3.193.155 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47125 |
2024-08-13 17:24
|
3444433vedoMPDW-constraints.vb... fe1dc204b6709cdb5c617a28ec1f9f08
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47126 |
2024-08-14 10:52
|
 Mke%20Fallen.exe eaeb33cc12fd71532fb6156938f46854
Malicious Library UPX Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder Windows |
|
|
|
|
4.6 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47127 |
2024-08-14 10:54
|
 stub.exe a7ed4ba445aa61c4632dd6579c212bf5
AsyncRAT Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47128 |
2024-08-14 10:56
|
 keylogger.exe fbbc99e0b5c7a5f4b76886520f5a4f63
UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47129 |
2024-08-14 10:59
|
 backdoor.exe 698f5896ec35c84909344dc08b7cae67
UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47130 |
2024-08-14 11:02
|
 networks_profile.exe 7306abcf62c8ee10a1692a6a85af9297
Gen1 Generic Malware Malicious Library UPX Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files |
|
|
|
|
1.6 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|