| 49846 |
2020-12-15 18:19
|
kingtroupx.scr d16ccfd5f5e6cd6a6324c79c9a66a90a
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows DNS Cryptographic key |
|
|
|
|
6.6 |
M |
40 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49847 |
2020-12-15 18:19
|
kdotx.scr 4ddf98cd8e5a012c02850f0a988adf2c
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
5.8 |
M |
34 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49848 |
2020-12-15 18:11
|
JFjolfjed_.exe 61ae277818f7f258b41cee010f3914d2
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs Interception DNS crashed |
1
http://nilemixitupd.biz.pl/ouKHkjnjfdjnsjsnolwprjyndxhanzbtjxzqutjcmnyjcIkdi/Fqkzjny
|
4
discord.com(162.159.128.233)
nilemixitupd.biz.pl(104.223.143.21) - malware
104.223.143.21 - mailcious
162.159.135.232
|
|
|
6.4 |
M |
39 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49849 |
2020-12-15 18:11
|
hktestfile.scr 7da4f5e17791a774131c3c97538a2495
VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed |
|
|
|
|
7.8 |
M |
20 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49850 |
2020-12-15 16:18
|
heavy.exe d3858ef6f7ab89450aaab1690885da3b
VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key |
2
https://hastebin.com/raw/tazuboxupu
https://hastebin.com/raw/enilehetew
|
3
hastebin.com(104.24.126.89) - mailcious
104.24.126.89 - mailcious
101.99.91.227
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
M |
37 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49851 |
2020-12-15 15:39
|
heavy.exe d3858ef6f7ab89450aaab1690885da3b
VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
2
https://hastebin.com/raw/tazuboxupu
https://hastebin.com/raw/enilehetew
|
4
hastebin.com(104.24.127.89) - mailcious
172.67.143.180 - mailcious
104.24.126.89 - mailcious
101.99.91.227
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
16.2 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49852 |
2020-12-15 15:38
|
fortyseven.scr ffb62e258c1d595d7de22792aef45cca
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
5.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49853 |
2020-12-15 15:22
|
fortyseven.scr ffb62e258c1d595d7de22792aef45cca
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
5.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49854 |
2020-12-15 15:02
|
DIEN CT AP001-2020-DEC15.scr cdb5263c2d9c614ff624decc25c2d15b
Browser Info Stealer Email Client Info Stealer Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check Windows Browser Email ComputerName DNS |
|
1
79.134.225.72 - mailcious
|
|
|
16.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49855 |
2020-12-15 14:44
|
DOC_69061004.doc ce9a45e819d63dfea62902796a33a307
Vulnerability VirusTotal Malware Malicious Traffic unpack itself malicious URLs Tofsee |
1
http://albasisgroup.com/2020/12/08/habit-being-created-100-100-free-online-present/
|
15
datvietquan.com(103.97.125.60) - malware
ypddf.org(172.96.189.174) - malware
daisyboots.co.uk(31.220.16.209) - mailcious
albasisgroup.com(205.144.171.109) - mailcious
asmaraloka.com(139.162.2.200) - mailcious
www.asmaraloka.com(139.162.2.200) - mailcious
subramanyatemple.org(103.212.121.63) - mailcious
thanhthatbadinh.com(150.95.110.87) - malware
103.212.121.63 - mailcious
205.144.171.109 - mailcious
139.162.2.200 - mailcious
103.97.125.60 - malware
150.95.110.87 - malware
172.96.189.174 - malware
31.220.16.209 - mailcious
|
3
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49856 |
2020-12-15 14:41
|
binl.exe 963f555140e20e291c2fac67a5186c15
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key |
12
http://www.mrcabinetkitchenandbath.com/bw82/
http://www.xn--oi2b190cymc.com/bw82/
http://www.xn--oi2b190cymc.com/bw82/?7ntl9Tfh=u3mIEO7S2jpcCNzGap3V7GnWoZ6byXdDGQc9TZtHwlHE0/S/m+Ek+z3BS3DZiW4dRqN2gVn1&Ppd=Hb04qRX8xpNdMl
http://www.exlineinsurance.com/bw82/?7ntl9Tfh=BmIsBEloLc/PpxxxkqeO/+wp1eRqaF5UDtwx0wOakOw3DMvjZvU2EPbm5c7g7p6k7NfDBGcL&Ppd=Hb04qRX8xpNdMl
http://www.sedaskincare.com/bw82/
http://www.wmarquezy.com/bw82/
http://www.okcpp.com/bw82/?7ntl9Tfh=Mfpkxl91HSlRqF4UwnoLlCSItQE/DRVdVWsqLGW7UZi4jMe9Kfon6cyi45I/1E+fR8PCPduN&Ppd=Hb04qRX8xpNdMl
http://www.okcpp.com/bw82/
http://www.wmarquezy.com/bw82/?7ntl9Tfh=/EPqbtSARGzilFdTRYE1urAc3bDaNMBRSm6tJpb+ckA41wFrw7Re59/hr+veajPbLei9XJ0s&Ppd=Hb04qRX8xpNdMl
http://www.sedaskincare.com/bw82/?7ntl9Tfh=Tct1hGrTsO4wXuX+7y4OUHCQTPZT/SHKJbEPAo1kRuxvuV11m4iT8otUrtDadXdmrqCWO0Rp&Ppd=Hb04qRX8xpNdMl
http://www.exlineinsurance.com/bw82/
http://www.mrcabinetkitchenandbath.com/bw82/?7ntl9Tfh=DoywHH0WXa0EuUiczFl753h8vUVk6pV7PwGnyHKpGozX/qYK04L54TieHAYPaGFoh+Tr5rtG&Ppd=Hb04qRX8xpNdMl
|
13
www.okcpp.com(3.134.22.63)
www.xn--oi2b190cymc.com(112.175.185.27)
www.sedaskincare.com(208.91.197.27)
www.wmarquezy.com(192.0.78.24)
www.exlineinsurance.com(182.50.132.242)
www.mrcabinetkitchenandbath.com(108.167.156.42)
www.joeisono.com()
3.134.22.63
208.91.197.27 - mailcious
112.175.185.27 - mailcious
182.50.132.242 - mailcious
192.0.78.25 - mailcious
108.167.156.42
|
|
|
9.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49857 |
2020-12-15 14:40
|
DEKK.scr 96415c7cc22dc59c3c112c02b3fecf2e
VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
4
https://hastebin.com/raw/labayapayo
https://hastebin.com/raw/unazawofan
https://hastebin.com/raw/jexudiyepe
https://hastebin.com/raw/wihucigulu
|
2
hastebin.com(172.67.143.180) - mailcious
172.67.143.180 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49858 |
2020-12-15 14:33
|
cax.exe a88c0408e7888f549e40940279758fa6
VirusTotal Malware Malicious Traffic RWX flags setting unpack itself malicious URLs Tofsee Interception DNS crashed |
1
https://cdn.discordapp.com/attachments/782733351802109984/787928105523609610/Ijpc888
|
4
discord.com(162.159.137.232)
cdn.discordapp.com(162.159.135.233) - malware
162.159.138.232
162.159.135.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.4 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49859 |
2020-12-15 14:33
|
binl.exe 963f555140e20e291c2fac67a5186c15
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
8.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49860 |
2020-12-15 13:06
|
bin2.exe 4c512f97ee6ca51c5e68d7b3d107bc61
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows DNS Cryptographic key |
9
http://www.woodlandpizzahartford.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=EgjYCCjbkfVj9ehGxTuHAhcpQboFBLSXtFcJRUu6FmW11AJT4F0+EqeE2EWzm0j+z/EHekc6
http://www.rizrvd.com/bw82/?KzrtE=AJ+QNFfrOFbXfaBH3oQHABBFVni950JEMBOKAlzmtW9JOrHkbqbPArp20lyvTn0sGIZMgptI&p0G=kJEPdT4h62WlCf
http://www.cbrealvitalize.com/bw82/
http://www.mgg360.com/bw82/
http://www.mgg360.com/bw82/?KzrtE=92sn3P3ud1gtdOyYdsZEcwqQjW3QIGzSMGjo0scjbpzKmVTSJHG7E0muqhXj4oy7XUlzx9IG&p0G=kJEPdT4h62WlCf
http://www.cbrealvitalize.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=QMz1n+xx2KiD30AmT9IbdZVffunkwaB1v+iSpZgJgwTVZu6PNQxJOIJjV5QBJp9Es7YbcplQ
http://www.woodlandpizzahartford.com/bw82/
http://www.gdsjgf.com/bw82/
http://www.gdsjgf.com/bw82/?p0G=kJEPdT4h62WlCf&KzrtE=7KG5rMnLNS/F00cUwyvwq06b8xrmRTVdiDQe9ch18oMrwrVTJ7b27kzNH/2ON0tx/WWBZXRB
|
10
www.gmobilet.com()
www.cbrealvitalize.com(34.102.136.180)
www.rizrvd.com(34.102.136.180) - mailcious
www.woodlandpizzahartford.com(104.31.81.238)
www.mgg360.com(66.152.187.17)
www.joeisono.com()
www.gdsjgf.com(34.102.136.180)
104.31.81.238
66.152.187.17
34.102.136.180 - mailcious
|
|
|
10.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|