| 50026 |
2020-11-27 17:33
|
update.exe 75dd85a6d1389e53fb125ebd9d2711a3
VirusTotal Malware unpack itself malicious URLs DNS |
|
|
|
|
3.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50027 |
2020-11-27 17:22
|
svchost.exe 5dedc928f9f5e3a4c59490e79bcf0773
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs |
|
|
|
|
8.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50028 |
2020-11-27 17:21
|
9.exe a5b4252c8bac59ad90a543ec1f2e4a7a
VirusTotal Malware Check memory Checks debugger unpack itself malicious URLs |
|
|
|
|
2.8 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50029 |
2020-11-27 17:20
|
sunny.exe e8b400e9bb145f6cf0082982cfaeee60
VirusTotal Malware unpack itself RCE DNS crashed |
|
|
|
|
2.8 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50030 |
2020-11-27 17:18
|
Mvyfnzkjh1.exe 654cecf1ecadee45d5bfe723fadd3224
VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key crashed |
|
|
|
|
3.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50031 |
2020-11-27 15:07
|
알씨.lnk e4239bed4f59ce6fa4245ecd10a658bb
Creates shortcut unpack itself WriteConsoleW |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50032 |
2020-11-27 07:52
|
https://hotfixssearch.com/Font... 8b7586880fcaf6b52aa4512506924121
Dridex Malware Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
https://hotfixssearch.com/Font.dotm
|
2
hotfixssearch.com(89.38.225.198)
89.38.225.198
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50033 |
2020-11-26 13:48
|
Xrghtofaye8.exe c16ce47c6812e6d526909c4cfd3ef1bc
VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName |
1
|
2
www.google.com(172.217.175.4)
216.58.220.196
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50034 |
2020-11-26 13:34
|
xpertpancake.exe a46cbc94fc5553868d63469acad6747f
VirusTotal Malware Buffer PE Code Injection Malicious Traffic Check memory Checks debugger buffers extracted RWX flags setting unpack itself Disables Windows Security Check virtual network interfaces malicious URLs WriteConsoleW Tofsee Windows DNS Cryptographic key crashed |
5
https://hastebin.com/raw/yenedokine
https://hastebin.com/raw/oduqinaxac
https://hastebin.com/raw/ehopadawex
https://hastebin.com/raw/oyikehamem
https://hastebin.com/raw/obekiripub
|
3
hastebin.com(104.24.126.89) - mailcious
172.67.143.180 - suspicious
23.21.42.25
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.0 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50035 |
2020-11-26 13:33
|
tasksmgr.exe 7f9e3202a1d949772c5e5d003fc4e88c
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs WriteConsoleW IP Check Tofsee Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger |
6
http://crt.comodoca.com/COMODORSAAddTrustCA.crt
https://hastebin.com/raw/adilujotew
https://hastebin.com/raw/aqeqesovis
https://api.ipify.org/
https://hastebin.com/raw/qivebelice
https://hastebin.com/raw/ebegesefeg
|
6
api.ipify.org(23.21.252.4)
crt.comodoca.com(91.199.212.52)
hastebin.com(172.67.143.180) - mailcious
91.199.212.52
104.24.127.89 - suspicious
23.21.42.25
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50036 |
2020-11-26 13:31
|
Wzdgpx2.exe 9750537a76d3cd8981eb129559dd8e81
VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName |
1
|
2
www.google.com(172.217.31.132)
216.58.220.196
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.2 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50037 |
2020-11-26 13:28
|
svchost.exe 69513930e28e86aae5bcfa92f6b89262
VirusTotal Malware malicious URLs WriteConsoleW DNS |
|
1
154.202.3.44 - suspicious
|
|
|
4.4 |
M |
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50038 |
2020-11-26 13:26
|
run.exe 68cb8eb46036dee49f5dbcb95594660a
VirusTotal Malware PDB Check memory Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Browser |
|
2
ddos.dnsnb8.net(162.217.99.134) - mailcious
162.217.99.134
|
|
|
7.2 |
M |
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50039 |
2020-11-26 12:17
|
prowarzstepgodz.exe 4f9226e8dc633386bfb1e4a201b732ac
Malware download Malware PDB suspicious privilege Malicious Traffic Creates executable files AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - suspicious
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
8.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50040 |
2020-11-26 12:16
|
prowarzgalaxyz.exe aeb8c6e4bd873e955e0a4868ad38e540
Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic Creates executable files ICMP traffic AppData folder malicious URLs WriteConsoleW installed browsers check Windows Browser DNS Downloader |
|
3
ddos.dnsnb8.net(162.217.99.134) - mailcious
154.202.3.44 - suspicious
162.217.99.134
|
8
ET INFO Executable Download from dotted-quad Host
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET POLICY PE EXE or DLL Windows file download HTTP
ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.0 |
M |
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|