| 48766 |
2021-02-17 17:26
|
svchost.exe 19dbe94b766de8c0d6d2fddb3583a8a5
VirusTotal Malware Malicious Traffic Check memory RWX flags setting unpack itself Tofsee DNS |
3
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
https://update.googleapis.com/service/update2?cup2key=10:1254756231&cup2hreq=248a39b78b469512b1431d43c396ee274f15e61eb6e07bbd3373ca3b3c01ab37
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.36.32&applang=&machine=1&version=1.3.36.32&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
3
edgedl.gvt1.com(142.250.34.2)
142.250.34.2
142.250.199.67
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48767 |
2021-02-17 17:21
|
vbc.exe 8ff88d4f8b70eee8fc6c69c669074cb4
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
8.0 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48768 |
2021-02-17 16:08
|
6hyuyj.exe 77be0dd6570301acac3634801676b5d7
Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Check memory Collect installed applications malicious URLs sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Stealer Browser ComputerName DNS Software |
1
http://api.ipify.org/?format=xml
|
4
sweyblidian.com(185.100.65.29) - mailcious
api.ipify.org(23.21.252.4)
54.225.66.103
185.100.65.29 - mailcious
|
3
ET MALWARE Win32/Ficker Stealer Activity
ET MALWARE Win32/Ficker Stealer Activity M3
ET POLICY External IP Lookup (ipify .org)
|
|
10.0 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48769 |
2021-02-17 16:07
|
44243988062.dat.exe 2c2307bb3cacbca7f7ba9d7d76bb88ff
VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName crashed |
|
|
|
|
9.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48770 |
2021-02-17 15:50
|
index2.html 40c22934b91c83d2e5ae756b274bc7a3
Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
|
2
www.minpic.de(104.21.12.184) - mailcious
104.21.12.184 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48771 |
2021-02-17 15:50
|
index.html 58e447a1fd12dd439df31af90061b777
VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs Tofsee Windows ComputerName Cryptographic key |
|
6
google.com(172.217.175.46)
raw.githubusercontent.com(185.199.108.133) - malware
www.minpic.de(104.21.12.184) - mailcious
172.217.24.46 - mailcious
185.199.110.133
104.21.12.184 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.8 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48772 |
2021-02-17 15:44
|
10.crtf.exe ac75d6634acbce0bc12d83e68658e7ef
Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces Kovter ComputerName DNS crashed |
1
https://45.155.173.242/rob57/TEST22-PC_W617601.9BB33B119198DF7F807990DBB5A5FF27/5/file/
|
6
200.52.147.93 - mailcious
142.202.191.164 - mailcious
194.5.249.156 - phishing
45.155.173.242 - mailcious
108.170.20.75 - mailcious
186.250.157.116
|
7
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 16
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 9
|
|
8.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48773 |
2021-02-17 15:44
|
bre-m.pdf.exe 0d7df2c6da6eb477449e7af2dc0ced59
Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs IP Check Tofsee Windows Browser Cryptographic key |
2
http://ip-api.com/xml
https://www.google.com/
|
5
www.google.com(172.217.175.4)
bremerrapidest.xyz()
ip-api.com(208.95.112.1)
172.217.24.196 - suspicious
208.95.112.1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup ip-api.com
|
|
11.4 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48774 |
2021-02-17 15:40
|
rv.exe 6a9ff2133c36e8ccda6a61a13460f938
VirusTotal Malware suspicious process malicious URLs crashed |
|
|
|
|
2.6 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48775 |
2021-02-17 15:26
|
work.exe b896f63a3a842e2ca679f8f85c182a56
Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces malicious URLs WriteConsoleW Tofsee Windows DNS Cryptographic key |
1
|
4
www.google.com(172.217.25.100)
211.216.46.24
216.58.220.196
172.217.24.68
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48776 |
2021-02-17 15:25
|
xmr32.exe 97d89d25e9589f995d374cb7d89b4433
VirusTotal Malware malicious URLs WriteConsoleW |
|
|
|
|
3.0 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48777 |
2021-02-17 15:05
|
https://www.minpic.de/k/big0/1... b02a2796a8a518cb042081c31f4da3f5
VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities malicious URLs Windows |
|
1
www.minpic.de(172.67.132.56) - mailcious
|
|
|
3.0 |
|
|
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48778 |
2021-02-17 14:01
|
Invoke.lnk a94b65e89b5f35ff434fc2d34c919f7c
VirusTotal Malware Code Injection Check memory Creates shortcut RWX flags setting unpack itself suspicious process Interception |
|
1
www.minpic.de(172.67.132.56) - mailcious
|
|
|
4.0 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48779 |
2021-02-17 13:55
|
8.oprt.exe 8fe3bd4d5898f1fd59347f9db14373f8
VirusTotal Malware Report PDB suspicious privilege Checks debugger buffers extracted unpack itself Check virtual network interfaces ComputerName DNS |
|
5
142.202.191.164 - mailcious
194.5.249.156 - phishing
45.155.173.242
108.170.20.75
185.163.45.138
|
4
ET CNC Feodo Tracker Reported CnC Server group 16
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 8
|
|
6.4 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48780 |
2021-02-17 13:51
|
attach_421987_2011782973.xls 3cba8951a4f7d01b0a4c36a05dd5bd54
VirusTotal Malware unpack itself malicious URLs DNS |
|
2
detectportal.firefox.com(34.107.221.82)
mozilla.org(44.236.48.31)
|
|
|
2.6 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|