48241 |
2024-09-22 15:17
|
svchost.exe d2b9d12a630cf96b6d4da31de2af0e35 Malicious Library UPX AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory ICMP traffic unpack itself Windows utilities suspicious process AppData folder Windows DNS |
|
3
ref.tbfull.com(47.76.175.95) - mailcious 150.158.102.191 47.76.175.95
|
|
|
8.4 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48242 |
2024-09-22 15:19
|
game.exe 49a4df6234a85f29ff15b8d58dcb995b Generic Malware Malicious Library ASPack UPX Anti_VM PE File PE32 OS Processor Check VirusTotal Malware PDB DNS |
|
1
|
|
|
1.8 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48243 |
2024-09-22 15:22
|
config.exe 1734e1fd7e4ca651b03421c5a75441e9 Emotet Generic Malware Malicious Library Malicious Packer ASPack UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory unpack itself Remote Code Execution |
|
|
|
|
2.0 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48244 |
2024-09-22 17:19
|
wecreatednewthingsinthisworldt... 16e108820a6288c25887dbc7f7dff60a Formbook MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed |
8
http://www.magmadokum.com/fo8o/ - rule_id: 39856 http://www.goldenjade-travel.com/fo8o/?6tE9=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&9p=CzyK2TzevP2p - rule_id: 39854 http://www.3xfootball.com/fo8o/ - rule_id: 39852 http://104.243.38.54/600/audiodg.exe http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854 http://www.magmadokum.com/fo8o/?6tE9=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&9p=CzyK2TzevP2p - rule_id: 39856 http://www.3xfootball.com/fo8o/?6tE9=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&9p=CzyK2TzevP2p - rule_id: 39852 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
|
10
www.magmadokum.com(85.159.66.93) - mailcious www.kasegitai.tokyo() - mailcious www.3xfootball.com(154.215.72.110) - mailcious www.goldenjade-travel.com(116.50.37.244) - mailcious www.antonio-vivaldi.mobi() - mailcious 85.159.66.93 - mailcious 116.50.37.244 - mailcious 45.33.6.223 104.243.38.54 - mailcious 154.215.72.110 - mailcious
|
6
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET) M5
|
6
http://www.magmadokum.com/fo8o/ http://www.goldenjade-travel.com/fo8o/ http://www.3xfootball.com/fo8o/ http://www.goldenjade-travel.com/fo8o/ http://www.magmadokum.com/fo8o/ http://www.3xfootball.com/fo8o/
|
5.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48245 |
2024-09-22 17:20
|
seethepicturetogetmebacktheupd... 8ba173734c1a8532e0b2ebcb3b6602ab MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
|
3
ia601706.us.archive.org(207.241.227.96) - malware 172.236.19.62 - mailcious 207.241.227.96 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48246 |
2024-09-22 17:21
|
66eef0d509347_vfdshg16.exe 4ae2d1685d2732cfcd128560424c53cc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
1
https://steamcommunity.com/profiles/76561199780418869
|
6
t.me(149.154.167.99) - mailcious steamcommunity.com(104.74.170.104) - mailcious 149.154.167.99 - mailcious 116.203.165.127 104.76.74.15 85.159.66.93 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO Observed Telegram Domain (t .me in TLS SNI)
|
|
16.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48247 |
2024-09-22 17:23
|
66ecb454d2b4a_lgfdsjgds.exe 384a847ad2833788fa253433fd2eea8d Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS |
|
1
|
|
|
8.6 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48248 |
2024-09-22 17:23
|
audiodg.exe 8b016746ea349838ed337927770248eb Formbook Gen1 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL FormBook Browser Info Stealer Malware download VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser |
8
http://www.magmadokum.com/fo8o/?01Rq=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&G0g-=NkDPf - rule_id: 39856 http://www.magmadokum.com/fo8o/ - rule_id: 39856 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.3xfootball.com/fo8o/ - rule_id: 39852 http://www.goldenjade-travel.com/fo8o/?01Rq=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&G0g-=NkDPf - rule_id: 39854 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854 http://www.3xfootball.com/fo8o/?01Rq=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&G0g-=NkDPf - rule_id: 39852
|
9
www.magmadokum.com(85.159.66.93) - mailcious www.kasegitai.tokyo() - mailcious www.3xfootball.com(154.215.72.110) - mailcious www.goldenjade-travel.com(116.50.37.244) - mailcious www.antonio-vivaldi.mobi() - mailcious 45.33.6.223 85.159.66.93 - mailcious 116.50.37.244 - mailcious 154.215.72.110 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET) M5
|
6
http://www.magmadokum.com/fo8o/ http://www.magmadokum.com/fo8o/ http://www.3xfootball.com/fo8o/ http://www.goldenjade-travel.com/fo8o/ http://www.goldenjade-travel.com/fo8o/ http://www.3xfootball.com/fo8o/
|
6.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48249 |
2024-09-22 17:24
|
66e579d0cbf2d_win.exe 049d2f0e9e03c057d906287c2003331b UPX PE File PE32 VirusTotal Malware AutoRuns Creates executable files Check virtual network interfaces Windows DNS |
|
4
win.ust.cx(154.91.34.235) www.google.com(142.250.207.100) 154.91.34.235 85.159.66.93 - mailcious
|
|
|
6.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48250 |
2024-09-22 17:25
|
Traxx1.exe 937239c0053f3daec25ca7984676696a ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader |
|
1
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48251 |
2024-09-22 17:26
|
ypqhgl.exe 990ddf57779c6d17b6885dab3f5c3494 UPX PE File PE32 VirusTotal Malware DNS |
|
1
|
|
|
1.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48252 |
2024-09-22 17:27
|
weskineverythingtobeperfectwit... c496e9e3167af07c0c305a267d462140 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
|
3
ia600100.us.archive.org(207.241.227.240) 207.241.227.240 45.90.89.123 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48253 |
2024-09-22 17:29
|
66eea6336b153_app1654040698346... e8e6cd9ec48fafccc174f7bf07d045e2 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
193.233.255.84 - mailcious
|
|
|
10.8 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48254 |
2024-09-22 17:29
|
66e8772555389_lsndfsg.exe a5098dee7d78acfb0294523855906aad Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName |
|
|
|
|
3.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48255 |
2024-09-22 17:31
|
66ef2d38305f6_crypted.exe#1 c61cc62b59b5959951d1158887b20b7b RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 37 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
12.8 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|