| 49261 |
2021-01-20 15:59
|
vbc.exe 80c7f8dde5eef2dd1866d5af37512bd4
VirusTotal Malware Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName |
|
|
|
|
7.6 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49262 |
2021-01-20 15:58
|
IMG_06635.pdf 1eea31c7530595a01a054ad9f86b9dc3
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
9.2 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49263 |
2021-01-20 15:57
|
IMG_010357.pdf 23a53bec3e0bf43ec47af722a6aac7cb
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
9.2 |
M |
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49264 |
2021-01-20 14:23
|
dira2.exe 9d706a2b53e06d2d9a6fbada380f26e0
suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
7.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49265 |
2021-01-20 14:07
|
dira1.exe 966bd3909e4a80e50fee52f34ccc5123
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
8.4 |
|
15 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49266 |
2021-01-20 14:01
|
5555555555_3.jpg.exe 5a7124b7931574592d1f64b4fb5e1b26 |
|
|
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49267 |
2021-01-20 14:01
|
5555555555_2.jpg.exe 5a7124b7931574592d1f64b4fb5e1b26 |
|
|
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49268 |
2021-01-20 13:31
|
vbc.exe 06904ee5e04abada43cb86d7a0457b5e
Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows ComputerName DNS Software |
1
http://al-ifah.com/PL341/index.php
|
2
al-ifah.com(104.237.63.179)
104.237.63.179
|
|
|
14.6 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49269 |
2021-01-20 13:31
|
mykc.exe 0f04beb334b2a2f38f8c9f9c7ad73a42
Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software |
1
http://becharnise.ir/fox/fre.php
|
2
becharnise.ir(104.237.252.85) - mailcious
104.237.252.85 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
12.6 |
M |
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49270 |
2021-01-20 12:23
|
msg.exe 5064de995195186fe9388b8c0501e921
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself Tofsee Windows ComputerName RCE DNS |
5
http://redirector.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe
http://r7---sn-3u-bh2lz.gvt1.com/edgedl/release2/update2/cvA_S5Xpe1gieHmJ_saL_Q_1.3.36.52/GoogleUpdateSetup.exe?cms_redirect=yes&mh=Sd&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lz&ms=nvh&mt=1611112577&mv=m&mvi=7&pl=18&shardbypass=yes
https://code.jquery.com/jquery-3.3.1.min.js
https://update.googleapis.com/service/update2?cup2key=10:1487032191&cup2hreq=09fbd78a9dfeb5f2064cece5178eb0344c74773d40cc784d8b9b84f4a5c1845b
https://update.googleapis.com/service/update2
|
4
videotalk.us(134.122.40.38)
r7---sn-3u-bh2lz.gvt1.com(59.18.45.210)
59.18.45.210
134.122.40.38
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
4.2 |
M |
19 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49271 |
2021-01-20 12:23
|
IMG_80137.pdf.exe 581632a12c1a592209d0601ed1636e81
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200)
checkip.dyndns.org(216.146.43.71)
162.88.193.70
172.67.188.154
|
4
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.4 |
M |
28 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49272 |
2021-01-20 11:36
|
IMG_010357.pdf.exe 23a53bec3e0bf43ec47af722a6aac7cb
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key |
3
http://www.superpuzzlegames.com/irux/?svXtHJ=2iapA2hgNxbkqB+V3u0+Xd2V1shViYkFrtCLp+QMfnnR5qOnJ92QZtuvpJQvSgF7++1rGUml&2dz=o8bda
http://www.brandceowd.com/irux/?svXtHJ=0j08RdxtSpDHU9TkerM5ZOvUTqlAPm16yNUa+g09cIUfHbvYECcPfZRc8Hm786neoGWYBKsx&2dz=o8bda
http://www.vitajwb.com/irux/?svXtHJ=aBotwqjg2eiYH47IGGoy+MUHm1L4CQH2ldwuphkct0CNUc4k50Kxap/IYnC7QwCwjRlLOhwZ&2dz=o8bda
|
7
www.qacpilotacademy.com()
www.brandceowd.com(136.243.255.73)
www.vitajwb.com(87.254.25.82)
www.superpuzzlegames.com(54.175.199.77)
136.243.255.73
87.254.25.82
54.175.199.77
|
|
|
10.6 |
M |
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49273 |
2021-01-20 11:35
|
dira2.exe f3d7308ba02ae2418b7133bb54af2f2f
VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49274 |
2021-01-20 10:43
|
dira1.exe 24f9d7832d2ec8673c62aea51e58717e
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs |
8
http://www.gdsjgf.com/bw82/?DVldV=7KG5rMnLNS/F00cUwyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27kzNH/2ON0tx/WWBZXRB&mnSl=TjPx - rule_id: 173
http://www.fundamentaliemef.com/bw82/?DVldV=QkMkuxh2ucRr9ojg29qxLCumVyd+gOetBgu1JsTmwOgL/DJgKhnBU0B9lDpy4Ze2TSwBzgSC&mnSl=TjPx
http://www.primajayaintiperkasa.com/bw82/?DVldV=wrrAqmPMotLOmGS72WH0DKo+XC/be1kQGrF1UVobNasmDfIbiwM8Vd2XCaV73rqOjx2tl8Jj&mnSl=TjPx
http://www.acdfr.com/bw82/?DVldV=34+qQ3Lt3V5D9l8cKqrMS1QrJzDj13fhTkCMqePtkuCvgsCPLavUD8Zp6RlBnjfacsD8BAWJ&mnSl=TjPx
http://www.primajayaintiperkasa.com/bw82/
http://www.acdfr.com/bw82/
http://www.gdsjgf.com/bw82/ - rule_id: 173
http://www.fundamentaliemef.com/bw82/
|
15
www.gdsjgf.com(34.102.136.180) - mailcious
www.primajayaintiperkasa.com(103.253.212.114)
www.gmobilet.com()
www.fundamentaliemef.com(104.238.220.186)
www.medkomp.online(81.200.118.106) - mailcious
www.dealsonwheeeles.com(182.50.132.242) - mailcious
www.acdfr.com(199.34.228.73)
www.magnabeautystyle.com(184.168.131.241) - mailcious
199.34.228.73
184.168.131.241 - mailcious
103.253.212.114
34.102.136.180 - mailcious
81.200.118.106 - mailcious
104.238.220.186 - mailcious
182.50.132.242 - mailcious
|
|
2
http://www.gdsjgf.com/bw82/
http://www.gdsjgf.com/bw82/
|
8.8 |
M |
26 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49275 |
2021-01-20 10:40
|
5555555555.jpg.exe b84b493f1cd0bb9e6fda75d791189b9a |
|
|
|
|
0.2 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|