5521 |
2021-03-01 12:48
|
JavaUpdater.exe 7eeb11704dc3d69f33fd820b09507b32 Browser Info Stealer VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser ComputerName Cryptographic key |
1
|
2
api.ipify.org(54.243.164.148) 50.19.252.36
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5522 |
2021-03-01 12:48
|
Rat.exe 903ac3eed73df6826decd3b6ce6ca502 VirusTotal Malware DNS |
|
|
|
|
1.8 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5523 |
2021-03-01 12:59
|
setup.exe 1f2ab27fb656e03dc6f207250a1e77f1 VirusTotal Malware malicious URLs DNS |
|
|
|
|
3.0 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5524 |
2021-03-01 13:00
|
sadly.exe a95cf66276797b1e660a01873e3b905e VirusTotal Malware suspicious privilege Code Injection WMI Creates executable files Windows utilities suspicious process WriteConsoleW Windows ComputerName |
|
|
|
|
6.0 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5525 |
2021-03-01 21:04
|
ees.doc 9c3746d29340181380a7949676de5c23 Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Exploit DNS crashed Downloader |
1
http://5.39.217.221/wwww/vbc.exe
|
1
|
2
ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
|
|
5.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5526 |
2021-03-01 21:07
|
ss.exe b63f60dd1189f5e440f3948c03293780 Malware download VirusTotal Malware AutoRuns Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Ransomware Windows DNS Downloader |
|
1
103.212.180.246 - malware
|
7
ET USER_AGENTS Suspicious User-Agent (AutoHotkey) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging) ET SHELLCODE Common 0a0a0a0a Heap Spray String
|
|
8.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5527 |
2021-03-02 10:18
|
f23a9f864f3d526f9a10c1e88fa263... a5400b186385df2efee7bae644558098 Malware download GandCrab VirusTotal Malware AutoRuns Check memory unpack itself Windows utilities Check virtual network interfaces malicious URLs AntiVM_Disk suspicious TLD sandbox evasion anti-virtualization VM Disk Size Check Ransomware Windows ComputerName DNS Cryptographic key |
|
7
dns1.soprodns.ru() nomoreransom.bit() - mailcious nomoreransom.coin() - mailcious dns2.soprodns.ru() ipv4bot.whatismyipaddress.com(66.171.248.178) gandcrab.bit() - mailcious 66.171.248.178
|
4
ET INFO DNS Query Domain .bit ET MALWARE Observed GandCrab Domain (gandcrab .bit) ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M2 ET HUNTING Observed DNS Query for EmerDNS TLD (.coin)
|
|
6.6 |
M |
60 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5528 |
2021-03-02 14:20
|
911.exe d0b722d21dcdfd21031bac8da6f6c5bd VirusTotal Malware Tofsee DNS |
4
http://www.mancity.com/base/jcZhgLCyNonwarUOxBRNLecqjpzsKVuGATnNvdgRzlqhzBGsozucTvrVfPCmYuDsbtRbGastuZozNURIh.html http://www.chelseafc.com/ http://www.manutd.com/ https://www.manutd.com/
|
7
www.mancity.com(104.22.7.79) osndjdjjjdjshgaggdkf.com() www.manutd.com(104.74.195.93) www.chelseafc.com(151.101.194.133) 172.67.24.199 184.28.152.211 151.101.78.133
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.4 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5529 |
2021-03-02 14:20
|
8.counter.exe 5e3ac60f9af6bd3b89111fc54fb64293 Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed |
1
https://36.94.202.131/rob20/TEST22-PC_W617601.C7DBFAFBB5E8D15A9FF74E39F382BB7C/5/kps/
|
7
190.152.71.230 103.73.101.98 187.190.116.59 36.94.202.131 200.6.169.124 80.78.77.116 108.170.20.72
|
3
ET CNC Feodo Tracker Reported CnC Server group 2 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.4 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5530 |
2021-03-02 14:37
|
aka.exe 1b3a986cfde032941fc4523f8c7f7563 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
|
|
|
12.4 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5531 |
2021-03-02 14:39
|
2021invoice.jar b46ae0983e8411d4178d19ad0b44cc07 VirusTotal Malware Check memory heapspray unpack itself Java |
|
|
|
|
2.2 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5532 |
2021-03-02 14:46
|
Benz.exe 9171e46288689456ec72d135aee36acb VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox malicious URLs VMware anti-virtualization Windows ComputerName Software crashed |
|
|
|
|
12.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5533 |
2021-03-02 14:47
|
bbuid.jpg.exe 1f8c325cf83ce8aacf96088670947a5e VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs Tofsee Windows ComputerName DNS Cryptographic key |
4
http://www.chelseafc.com/ http://www.manutd.com/ http://www.mancity.com/base/LtmuVuzrUgbvwZAkchWeAimDbLbSPhJumYSrOIQXWNHn.html https://www.manutd.com/
|
7
www.mancity.com(104.22.7.79) osndjdjjjdjshgaggdkf.com() - mailcious www.manutd.com(184.28.152.211) www.chelseafc.com(151.101.2.133) 184.28.152.211 104.22.7.79 151.101.78.133
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5534 |
2021-03-02 15:10
|
document_s.doc fa37f56a399379f102873e3fd8229237 Malware download Vulnerability VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit crashed Downloader |
1
http://consultant-res.ro/bin/six.exe
|
2
consultant-res.ro(89.42.218.141) - mailcious 89.42.218.141 - mailcious
|
2
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP
|
|
5.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5535 |
2021-03-02 15:10
|
document.doc ba7e3f53f66ea62261a14e23c95662ff VirusTotal Malware exploit crash unpack itself malicious URLs Tofsee Exploit DNS crashed |
|
2
beatyamerican.com(192.185.101.126) - malware 192.185.101.126 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|