| 5491 |
2021-02-27 12:00
|
5.exe b447b44c38f8958a0185f46756488f41
VirusTotal Malware unpack itself |
|
|
|
|
2.2 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5492 |
2021-02-27 12:02
|
Document_88856.xlsb 35daad13970c241669bcf83c3f8a231e
VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Tofsee DNS crashed |
2
http://195.123.220.220/campo/t/t
https://www.yahoo.com/
|
5
yahoo.com(74.6.231.21)
www.yahoo.com(202.165.107.49)
74.6.143.26
195.123.220.220 - malware
202.165.107.49
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5493 |
2021-02-27 12:03
|
Document_88899.xlsb 10360f4838885037c303c5d1e54a40c1
VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Tofsee DNS crashed |
2
http://195.123.220.220/campo/t2/t2
https://www.yahoo.com/
|
5
yahoo.com(74.6.231.21)
www.yahoo.com(202.165.107.50)
74.6.231.20
202.165.107.49
195.123.220.220 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5494 |
2021-02-27 12:05
|
Document_88926.xlsb 10360f4838885037c303c5d1e54a40c1
VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Tofsee DNS crashed |
3
http://195.123.220.220/campo/t2/t2 - rule_id: 304
http://195.123.220.220/campo/t2/t2
https://www.yahoo.com/
|
5
yahoo.com(74.6.231.21)
www.yahoo.com(202.165.107.49)
74.6.231.20
195.123.220.220 - malware
202.165.107.50
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
http://195.123.220.220/campo/t2/t2
|
6.0 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5495 |
2021-02-27 12:06
|
Document_89658.xlsb 35daad13970c241669bcf83c3f8a231e
VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Tofsee DNS crashed |
2
http://195.123.220.220/campo/t/t - rule_id: 302
https://www.yahoo.com/
|
5
yahoo.com(74.6.231.21)
www.yahoo.com(202.165.107.49)
74.6.143.25
202.165.107.49
195.123.220.220 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
http://195.123.220.220/campo/t/t
|
6.6 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5496 |
2021-02-27 12:08
|
iblGozHrAyPEMKc.exe d0946249b861c18765875f25655f19ed
VirusTotal Malware AutoRuns Creates executable files RWX flags setting unpack itself AppData folder Windows crashed |
|
|
|
|
3.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5497 |
2021-02-27 12:09
|
joex.exe 9decf18e822a2b03210185facccba692
VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs DNS |
1
http://coroloboxorozor.com/base/900F6FCD75D87B754B81096BC90C3A57.html - rule_id: 288
|
2
coroloboxorozor.com(172.67.172.17) - mailcious
104.21.71.230 - mailcious
|
|
1
http://coroloboxorozor.com/base/
|
3.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5498 |
2021-02-27 12:11
|
911.exe 5984589fdb8024bbce6a2a9cdae0a08b
unpack itself |
|
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5499 |
2021-02-27 12:12
|
load.exe e4f88c1aa49a3b0810e1b48a2ba6a6e8
VirusTotal Malware unpack itself DNS |
|
1
104.21.71.230 - mailcious
|
|
|
2.6 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5500 |
2021-02-27 14:51
|
m87.dll d48404abfb5c8a7bac7f9f619da899e9
Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed |
1
https://182.253.107.34/mon87/TEST22-PC_W617601.BB18991383FF803937CDB33EE9F7C707/5/file/
|
5
142.112.79.223
182.253.107.34
45.155.173.242 - mailcious
154.126.176.30
131.255.106.152 - mailcious
|
4
ET CNC Feodo Tracker Reported CnC Server group 16
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 8
|
|
7.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5501 |
2021-02-27 14:51
|
m88.dll 833298fdcdf7b634c734d88adbb6517f
Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed |
1
https://45.155.173.242/mon88/TEST22-PC_W617601.5DFAA37BF2B73935BB3F3095D7733F89/5/file/ - rule_id: 282
|
4
41.77.134.250 - mailcious
45.155.173.242 - mailcious
103.225.138.94
177.85.133.118 - mailcious
|
3
ET CNC Feodo Tracker Reported CnC Server group 16
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
1
|
7.2 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5502 |
2021-03-01 10:54
|
mon81.dll b01f4d6e58860cbfbad674024ae98af0
VirusTotal Malware PDB Check memory unpack itself crashed |
|
|
|
|
3.0 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5503 |
2021-03-01 10:54
|
mon80.dll 3cee87ebc7068a187eb004eb95f98bcd
VirusTotal Malware PDB Check memory unpack itself DNS crashed |
|
|
|
|
3.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5504 |
2021-03-01 11:00
|
mon82.dll c6e8053b71cc7a923f038d41ee8a5784
VirusTotal Malware PDB unpack itself |
|
|
|
|
2.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5505 |
2021-03-01 11:02
|
mon89.dll cc840b676f30f145c6f9083561beaea4
Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName Remote Code Execution DNS crashed |
1
https://182.253.107.34/mon89/TEST22-PC_W617601.F7A2351F03BB7699BFDC33DB1FF95A33/5/file/ - rule_id: 305
|
5
45.230.244.20 - mailcious
182.253.107.34 - mailcious
154.126.176.30 - mailcious
41.77.134.250 - mailcious
103.225.138.94
|
4
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 17
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
1
|
8.0 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|