5491 |
2021-02-27 12:00
|
5.exe b447b44c38f8958a0185f46756488f41 VirusTotal Malware unpack itself |
|
|
|
|
2.2 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5492 |
2021-02-27 12:02
|
Document_88856.xlsb 35daad13970c241669bcf83c3f8a231e VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Tofsee DNS crashed |
2
http://195.123.220.220/campo/t/t https://www.yahoo.com/
|
5
yahoo.com(74.6.231.21) www.yahoo.com(202.165.107.49) 74.6.143.26 195.123.220.220 - malware 202.165.107.49
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5493 |
2021-02-27 12:03
|
Document_88899.xlsb 10360f4838885037c303c5d1e54a40c1 VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Tofsee DNS crashed |
2
http://195.123.220.220/campo/t2/t2 https://www.yahoo.com/
|
5
yahoo.com(74.6.231.21) www.yahoo.com(202.165.107.50) 74.6.231.20 202.165.107.49 195.123.220.220 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5494 |
2021-02-27 12:05
|
Document_88926.xlsb 10360f4838885037c303c5d1e54a40c1 VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Tofsee DNS crashed |
3
http://195.123.220.220/campo/t2/t2 - rule_id: 304 http://195.123.220.220/campo/t2/t2 https://www.yahoo.com/
|
5
yahoo.com(74.6.231.21) www.yahoo.com(202.165.107.49) 74.6.231.20 195.123.220.220 - malware 202.165.107.50
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
http://195.123.220.220/campo/t2/t2
|
6.0 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5495 |
2021-02-27 12:06
|
Document_89658.xlsb 35daad13970c241669bcf83c3f8a231e VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Tofsee DNS crashed |
2
http://195.123.220.220/campo/t/t - rule_id: 302 https://www.yahoo.com/
|
5
yahoo.com(74.6.231.21) www.yahoo.com(202.165.107.49) 74.6.143.25 202.165.107.49 195.123.220.220 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
http://195.123.220.220/campo/t/t
|
6.6 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5496 |
2021-02-27 12:08
|
iblGozHrAyPEMKc.exe d0946249b861c18765875f25655f19ed VirusTotal Malware AutoRuns Creates executable files RWX flags setting unpack itself AppData folder Windows crashed |
|
|
|
|
3.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5497 |
2021-02-27 12:09
|
joex.exe 9decf18e822a2b03210185facccba692 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs DNS |
1
http://coroloboxorozor.com/base/900F6FCD75D87B754B81096BC90C3A57.html - rule_id: 288
|
2
coroloboxorozor.com(172.67.172.17) - mailcious 104.21.71.230 - mailcious
|
|
1
http://coroloboxorozor.com/base/
|
3.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5498 |
2021-02-27 12:11
|
911.exe 5984589fdb8024bbce6a2a9cdae0a08b unpack itself |
|
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5499 |
2021-02-27 12:12
|
load.exe e4f88c1aa49a3b0810e1b48a2ba6a6e8 VirusTotal Malware unpack itself DNS |
|
1
104.21.71.230 - mailcious
|
|
|
2.6 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5500 |
2021-02-27 14:51
|
m87.dll d48404abfb5c8a7bac7f9f619da899e9 Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed |
1
https://182.253.107.34/mon87/TEST22-PC_W617601.BB18991383FF803937CDB33EE9F7C707/5/file/
|
5
142.112.79.223 182.253.107.34 45.155.173.242 - mailcious 154.126.176.30 131.255.106.152 - mailcious
|
4
ET CNC Feodo Tracker Reported CnC Server group 16 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) ET CNC Feodo Tracker Reported CnC Server group 8
|
|
7.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5501 |
2021-02-27 14:51
|
m88.dll 833298fdcdf7b634c734d88adbb6517f Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed |
1
https://45.155.173.242/mon88/TEST22-PC_W617601.5DFAA37BF2B73935BB3F3095D7733F89/5/file/ - rule_id: 282
|
4
41.77.134.250 - mailcious 45.155.173.242 - mailcious 103.225.138.94 177.85.133.118 - mailcious
|
3
ET CNC Feodo Tracker Reported CnC Server group 16 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
1
|
7.2 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5502 |
2021-03-01 10:54
|
mon81.dll b01f4d6e58860cbfbad674024ae98af0 VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
3.0 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5503 |
2021-03-01 10:54
|
mon80.dll 3cee87ebc7068a187eb004eb95f98bcd VirusTotal Malware PDB Check memory unpack itself DNS crashed |
|
|
|
|
3.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5504 |
2021-03-01 11:00
|
mon82.dll c6e8053b71cc7a923f038d41ee8a5784 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5505 |
2021-03-01 11:02
|
mon89.dll cc840b676f30f145c6f9083561beaea4 Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName Remote Code Execution DNS crashed |
1
https://182.253.107.34/mon89/TEST22-PC_W617601.F7A2351F03BB7699BFDC33DB1FF95A33/5/file/ - rule_id: 305
|
5
45.230.244.20 - mailcious 182.253.107.34 - mailcious 154.126.176.30 - mailcious 41.77.134.250 - mailcious 103.225.138.94
|
4
ET CNC Feodo Tracker Reported CnC Server group 8 ET CNC Feodo Tracker Reported CnC Server group 17 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
1
|
8.0 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|