| 47446 |
2024-08-22 15:48
|
 crypted8888.exe 031836b5b4c2fc0ba30f29e8a936b24e
Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.8 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47447 |
2024-08-22 15:50
|
butteryummycakechocolatebunrea... 7d3b215b98532e8570e22f353da4223e
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
1
http://82.197.64.93/112/niceworkofyummybutterbun.tIF
|
3
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
82.197.64.93 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47448 |
2024-08-22 15:51
|
 ioqjWeKazzLuiTHfd.exe 06ef63fcb30cb75b38e13a0a12764097
Generic Malware Malicious Library Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/
https://reallyfreegeoip.org/xml/175.208.134.152
|
6
api.telegram.org(149.154.167.220) - mailcious
reallyfreegeoip.org(104.21.67.152)
checkip.dyndns.org(132.226.8.169)
193.122.6.168
104.21.67.152
149.154.167.220 - mailcious
|
9
ET HUNTING Telegram API Domain in DNS Lookup
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)
ET INFO TLS Handshake Failure
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
|
|
15.2 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47449 |
2024-08-22 15:53
|
coupecakebutterbuncakecreamyyu... 471dd33f5e7c5a9dffd327bf5ab4a52e
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47450 |
2024-08-22 15:54
|
 icreamnet.hta 126e60b91cfe9668d55982489a68d58a
Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows Exploit ComputerName DNS Cryptographic key crashed |
1
http://45.66.231.209/350/sihost.exe
|
1
45.66.231.209 - mailcious
|
3
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
12.2 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47451 |
2024-08-22 15:54
|
 file.cmd 2d52690f8f97f525409e6e2ffb0b8199
Generic Malware Downloader Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI heapspray RWX flags setting exploit crash unpack itself Windows utilities malicious URLs WriteConsoleW installed browsers check Tofsee Ransomware Windows Exploit Firefox Browser ComputerName crashed |
|
2
crash-reports.mozilla.com(34.49.45.138)
34.49.45.138
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.8 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47452 |
2024-08-22 15:55
|
 inetcloud.hta 80c3a4c5c220adce769d0e8c2dff063d
Generic Malware Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
1
http://192.3.193.155/M1908T/csrss.exe
|
1
192.3.193.155 - mailcious
|
4
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Executable Download from dotted-quad Host
ET HUNTING Suspicious csrss.exe in URI
|
|
12.0 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47453 |
2024-08-22 16:07
|
mugcackecholocatebutterburnmix... f5f4974a1897bc2d46696e9cfb83ac43
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47454 |
2024-08-22 16:08
|
weknowsmoothbuttersmoothbun.tI... 313f41a7e8c49e0d8a800be8f5363d3a
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47455 |
2024-08-22 16:08
|
yummybutterbuneatingsweetnessg... c994f36be9228faccc886825b56e5a64
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47456 |
2024-08-22 16:09
|
yummysweetbutterbunlipsonher.t... 5dfe754cec96b83b86cd4cbc339bc30e
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47457 |
2024-08-22 16:36
|
 sihost.exe cf7c1cb71ad11a8c4ab07ffc3afa2f67
Suspicious_Script_Bin UPX PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Windows ComputerName DNS Cryptographic key DDNS keylogger |
1
http://checkip.dyndns.org/
|
2
checkip.dyndns.org(193.122.130.0)
132.226.8.169
|
3
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO 404/Snake/Matiex Keylogger Style External IP Check
|
|
5.4 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47458 |
2024-08-22 16:36
|
 vbs.jpg.exe d783b01173fc303ec28a741b88fe1a3d
Malicious Library Malicious Packer UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.4 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47459 |
2024-08-22 16:43
|
integration.pdf.lnk ffde299028d48cb2258d274f44d56766
Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://2.58.56.124/API481f.zip
|
|
|
|
6.8 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47460 |
2024-08-22 16:48
|
 API481f.zip 7eef93fde222e77a58d38870e177cda1
ZIP Format Remcos VirusTotal Malware Malicious Traffic DNS |
1
http://geoplugin.net/json.gp
|
5
geoplugin.net(178.237.33.50)
p13n.adobe.io(23.22.254.206)
52.5.13.197
178.237.33.50
195.26.87.40
|
1
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
1.8 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|