5386 |
2021-02-23 18:40
|
cosz.exe 21df0116d8ad9a6f26775ab3db23b061 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
12.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5387 |
2021-02-23 18:43
|
ff.exe ed6841cbc5206942dd2e812f7855b156 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key crashed |
|
|
|
|
9.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5388 |
2021-02-23 18:46
|
EGH.exe 0d53754a43a9bd57c3d9478690ae6a60 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key crashed keylogger |
|
4
ghdyuienah123.freedynamicdns.org(46.243.239.78) coroloboxorozor.com(104.21.71.230) - mailcious 172.67.172.17 46.243.239.78
|
1
ET POLICY DNS Query to DynDNS Domain *.freedynamicdns .org
|
|
17.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5389 |
2021-02-24 09:04
|
MAY.exe 532e58083cf5638b05f617fcbbb5d63b VirusTotal Malware |
|
|
|
|
0.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5390 |
2021-02-24 09:04
|
JYG.exe 869eae0220a293dcabf4051dd323bbd8 VirusTotal Malware DNS |
|
|
|
|
1.4 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5391 |
2021-02-24 09:11
|
Foto Comparendo.vbs 92ecceffcb7616bef7f9963287df4593 Malware VBScript powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS Dropper |
3
http://elvbs.store/vbs/74242401674.txt https://paste.ee/r/bXy8G/0 https://paste.ee/r/WbDha/0
|
7
paste.ee(104.21.45.223) - mailcious elvbs.store(31.170.166.149) - malware negamerproteiper87.duckdns.org(46.246.14.81) 172.67.219.133 - mailcious 104.21.45.223 - mailcious 46.246.14.81 31.170.166.149 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5392 |
2021-02-24 09:11
|
Foto Comparendo.vbs 92ecceffcb7616bef7f9963287df4593 Malware VBScript powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS Dropper |
3
http://elvbs.store/vbs/74242401674.txt https://paste.ee/r/bXy8G/0 https://paste.ee/r/WbDha/0
|
7
paste.ee(172.67.219.133) - mailcious elvbs.store(31.170.166.149) - malware negamerproteiper87.duckdns.org(46.246.14.81) 104.21.45.223 - mailcious 46.246.14.81 172.67.219.133 - mailcious 31.170.166.149 - malware
|
2
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5393 |
2021-02-24 09:24
|
Hora, Lugar, y Fecha.vbs 71eaec32a2865bd0818e8c3d48adcb61 Malware VBScript powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process malicious URLs Tofsee Windows ComputerName DNS Cryptographic key DDNS Dropper |
3
http://elvbs.store/vbs/8289492697.txt https://paste.ee/r/bXy8G/0 https://paste.ee/r/WbDha/0
|
6
paste.ee(104.21.45.223) - mailcious elvbs.store(31.170.166.149) - malware negamerproteiper87.duckdns.org(46.246.14.81) 172.67.219.133 - mailcious 46.246.14.81 31.170.166.149 - malware
|
2
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5394 |
2021-02-24 09:25
|
Hora, Lugar, y Fecha.vbs 71eaec32a2865bd0818e8c3d48adcb61 Malware VBScript powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process malicious URLs Tofsee Windows ComputerName DNS Cryptographic key DDNS Dropper |
3
http://elvbs.store/vbs/8289492697.txt https://paste.ee/r/bXy8G/0 https://paste.ee/r/WbDha/0
|
6
paste.ee(104.21.45.223) - mailcious elvbs.store(31.170.166.149) - malware negamerproteiper87.duckdns.org(46.246.14.81) 172.67.219.133 - mailcious 46.246.14.81 31.170.166.149 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5395 |
2021-02-24 09:38
|
Hora, Lugar, y Fecha.vbs 71eaec32a2865bd0818e8c3d48adcb61 Malware VBScript powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process malicious URLs Tofsee Windows ComputerName DNS Cryptographic key DDNS Dropper |
1
http://elvbs.store/vbs/8289492697.txt
|
6
paste.ee(172.67.219.133) - mailcious elvbs.store(31.170.166.149) - malware negamerproteiper87.duckdns.org(46.246.14.81) - mailcious 172.67.219.133 - mailcious 46.246.14.81 - mailcious 31.170.166.149 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
10.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5396 |
2021-02-24 09:43
|
DETALLE DE PAGO EXITOSO.exe 2e1ab7a92bf02f918c58fe2c7dc309cd Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Kovter Windows ComputerName DNS Cryptographic key DDNS crashed |
|
4
coroloboxorozor.com(172.67.172.17) - mailcious bolilau456.duckdns.org(201.219.204.73) 104.21.71.230 - mailcious 201.219.204.73
|
3
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
|
|
16.6 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5397 |
2021-02-24 09:51
|
COMPANY PROFILE.exe b8027754ae8d22c340977e3c57688916 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS DDNS |
|
2
newtechublil.ddns.net(79.134.225.103) 79.134.225.103 - mailcious
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
14.8 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5398 |
2021-02-24 09:51
|
URGENT REQUEST FOR QUOTATION.e... fb177955b925ab10b1cdbe4f5692c1c0 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key |
|
|
|
|
10.0 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5399 |
2021-02-24 09:55
|
zEEl8ZaJiLUcWf3.exe ba081799b83d5d27e62103d4c6e7ae19 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox suspicious process AppData folder malicious URLs WriteConsoleW VMware anti-virtualization human activity check Windows ComputerName DNS DDNS Software |
|
2
strongodss.ddns.net(87.237.165.78) 87.237.165.78
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
19.8 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5400 |
2021-02-24 09:55
|
MKW.exe 8eb163c0d46881f620662958e37ae6ed VirusTotal Malware DNS |
|
|
|
|
1.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|