5251 |
2024-02-18 13:19
|
a300b665543b8909c.exe 642bbf552dc8a71fc044ecee09db0847 Generic Malware Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
5.0 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5252 |
2024-02-18 13:17
|
virus.exe d7963dc144158429102bda49bc79e89b Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
|
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5253 |
2024-02-18 13:17
|
7c364f41396994a4a.exe 7f70eec56d05cf2eb2f88b765bb3f01c Generic Malware Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed |
|
|
|
|
4.4 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5254 |
2024-02-18 10:58
|
reals.exe ff6be3e826728411d90a58ffe4834ca3 Client SW User Data Stealer browser info stealer Generic Malware EnigmaProtector Google Chrome User Data Downloader Obsidium protector UPX Malicious Library Malicious Packer Code injection Http API PWS Create Service Socket DGA ScreenShot Escalate pr Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Update Exploit Browser RisePro Email ComputerName DNS Software crashed Downloader |
14
http://185.215.113.46/cost/fu.exe - rule_id: 39367 http://185.215.113.46/cost/ladas.exe - rule_id: 39368 http://185.215.113.46/mine/plaza.exe - rule_id: 39369 http://185.215.113.46/mine/amert.exe - rule_id: 39370 http://185.215.113.46/cost/niks.exe - rule_id: 39371 https://www.google.com/favicon.ico https://db-ip.com/demo/home.php?s=175.208.134.152 https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/ https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ATuJsjwZDFIam6L22WTWI-kQASX9bbFhlY8Qfpn45PMVfMK-s8Kyidgcfo81UwYYYE3hoi8cxOYr https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwFn3TVCNRzJMcCHLiAbyOatgCfg9GZ0yxkBGaodHQIa13Oi7C4nekCckwkC7E_8TSu1Gl5&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-2029714484%3A1708220637104788 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/generate_204?9CAOBw
|
12
ipinfo.io(34.117.186.192) ssl.gstatic.com(172.217.161.195) db-ip.com(104.26.4.15) accounts.google.com(64.233.188.84) www.google.com(142.250.207.100) 172.67.75.166 34.117.186.192 172.217.25.4 - suspicious 64.233.188.84 185.215.113.46 - malware 193.233.132.62 - mailcious 142.250.199.67
|
13
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET INFO Packed Executable Download
|
5
http://185.215.113.46/cost/fu.exe http://185.215.113.46/cost/ladas.exe http://185.215.113.46/mine/plaza.exe http://185.215.113.46/mine/amert.exe http://185.215.113.46/cost/niks.exe
|
28.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5255 |
2024-02-18 10:54
|
Hero.RANK.exe 1e4069ed0d620ba12e648697f21e43f0 Gen1 Emotet Generic Malware Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check DLL ZIP Format DllRegisterServer dll VirusTotal Malware Check memory Creates executable files Ransomware |
|
|
|
|
2.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5256 |
2024-02-18 10:48
|
dromicrotechnologytodevelopnew... 77951d0b6350cdc0cc163b6348fa6db8 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Exploit DNS crashed |
5
http://ip-api.com/line/?fields=hosting http://apps.identrust.com/roots/dstrootcax3.p7c http://172.245.214.91/droidtuesday.vbs http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg - rule_id: 39456 https://pastebin.com/raw/DQTRPs3M
|
11
ftp.elquijotebanquetes.com(143.95.79.226) - mailcious ip-api.com(208.95.112.1) pastebin.com(172.67.34.170) - mailcious uploaddeimagens.com.br(172.67.215.45) - malware 172.67.215.45 - malware 143.95.79.226 - mailcious 172.245.214.91 - mailcious 45.74.19.84 - malware 208.95.112.1 23.50.121.137 172.67.34.170 - mailcious
|
7
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host VBS Request ET MALWARE Base64 Encoded MZ In Image ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1 SURICATA Applayer Detect protocol only one direction ET MALWARE Malicious Base64 Encoded Payload In Image ET POLICY External IP Lookup ip-api.com
|
1
http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5257 |
2024-02-18 10:48
|
Factory.exe 73f514cfa76c8488e1535442e683e5d4 Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5258 |
2024-02-18 10:46
|
build1702_2024-02-17_20-28.exe 03e350c52d08a9664b18bd53cf99d65a Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5259 |
2024-02-18 10:44
|
onemicrosoftdecentballonupdati... 0821ae7fe90717804b8923fac2008d6b MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Exploit DNS crashed |
5
http://ip-api.com/line/?fields=hosting http://apps.identrust.com/roots/dstrootcax3.p7c http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg - rule_id: 39456 http://198.12.81.134/extrafiledroid1.vbs https://pastebin.com/raw/xBjQv7gd
|
10
ip-api.com(208.95.112.1) pastebin.com(104.20.68.143) - mailcious uploaddeimagens.com.br(172.67.215.45) - malware 61.111.58.35 - malware 198.12.81.134 172.245.214.91 - mailcious 45.74.19.84 - malware 208.95.112.1 104.21.45.138 - malware 172.67.34.170 - mailcious
|
6
ET INFO Dotted Quad Host VBS Request SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Base64 Encoded MZ In Image ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 1 M1 ET POLICY External IP Lookup ip-api.com ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://45.74.19.84/xampp/bkp/vbs_novo_new_image.jpg
|
5.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5260 |
2024-02-18 10:43
|
1.exe 534f62da9cdc06f201a960ccf9bd7724 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5261 |
2024-02-16 16:41
|
reader_update.exe a74ae422391a22b5469135ae7f0cbf7d Malicious Library UPX PE File PE64 OS Processor Check Malware download VirusTotal Malware Malicious Traffic Checks debugger Creates executable files unpack itself Windows Update DNS |
2
http://64.52.80.82/test.txt http://64.52.80.82/script.a3x
|
1
|
4
ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
3.4 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5262 |
2024-02-16 09:53
|
msword.com 4ceeda451c97ab9a9f299cbd8d60cb0f Generic Malware Downloader task schedule Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP SMTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE Fil powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key keylogger |
|
|
|
|
9.8 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5263 |
2024-02-16 09:49
|
baitedupdate.exe 5502b4463a62be41ece9a4557453fd4d .NET framework(MSIL) UPX PE File PE64 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5264 |
2024-02-16 09:39
|
W2.pdf c2fa5bce418008580cffa180fb8448ef PDF VirusTotal Malware |
|
|
|
|
0.6 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5265 |
2024-02-16 09:35
|
VNCViewer.exe e9425a265fd265e6abbea5ae82cff5b3 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware MachineGuid Checks debugger Creates shortcut unpack itself Tofsee Advertising ComputerName Remote Code Execution |
|
2
franksweeklycall.com(74.208.236.199) 74.208.236.199
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|