| 5521 |
2021-03-01 12:48
|
JavaUpdater.exe 7eeb11704dc3d69f33fd820b09507b32
Browser Info Stealer VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser ComputerName Cryptographic key |
1
|
2
api.ipify.org(54.243.164.148)
50.19.252.36
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5522 |
2021-03-01 12:48
|
Rat.exe 903ac3eed73df6826decd3b6ce6ca502
VirusTotal Malware DNS |
|
|
|
|
1.8 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5523 |
2021-03-01 12:59
|
setup.exe 1f2ab27fb656e03dc6f207250a1e77f1
VirusTotal Malware malicious URLs DNS |
|
|
|
|
3.0 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5524 |
2021-03-01 13:00
|
sadly.exe a95cf66276797b1e660a01873e3b905e
VirusTotal Malware suspicious privilege Code Injection WMI Creates executable files Windows utilities suspicious process WriteConsoleW Windows ComputerName |
|
|
|
|
6.0 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5525 |
2021-03-01 21:04
|
ees.doc 9c3746d29340181380a7949676de5c23
Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself malicious URLs Exploit DNS crashed Downloader |
1
http://5.39.217.221/wwww/vbc.exe
|
1
|
2
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
|
|
5.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5526 |
2021-03-01 21:07
|
ss.exe b63f60dd1189f5e440f3948c03293780
Malware download VirusTotal Malware AutoRuns Malicious Traffic Check memory Creates executable files unpack itself malicious URLs Ransomware Windows DNS Downloader |
|
1
103.212.180.246 - malware
|
7
ET USER_AGENTS Suspicious User-Agent (AutoHotkey)
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging)
ET SHELLCODE Common 0a0a0a0a Heap Spray String
|
|
8.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5527 |
2021-03-02 10:18
|
f23a9f864f3d526f9a10c1e88fa263... a5400b186385df2efee7bae644558098
Malware download GandCrab VirusTotal Malware AutoRuns Check memory unpack itself Windows utilities Check virtual network interfaces malicious URLs AntiVM_Disk suspicious TLD sandbox evasion anti-virtualization VM Disk Size Check Ransomware Windows ComputerName DNS Cryptographic key |
|
7
dns1.soprodns.ru()
nomoreransom.bit() - mailcious
nomoreransom.coin() - mailcious
dns2.soprodns.ru()
ipv4bot.whatismyipaddress.com(66.171.248.178)
gandcrab.bit() - mailcious
66.171.248.178
|
4
ET INFO DNS Query Domain .bit
ET MALWARE Observed GandCrab Domain (gandcrab .bit)
ET MALWARE Likely GandCrab Ransomware Domain in HTTP Host M2
ET HUNTING Observed DNS Query for EmerDNS TLD (.coin)
|
|
6.6 |
M |
60 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5528 |
2021-03-02 14:20
|
911.exe d0b722d21dcdfd21031bac8da6f6c5bd
VirusTotal Malware Tofsee DNS |
4
http://www.mancity.com/base/jcZhgLCyNonwarUOxBRNLecqjpzsKVuGATnNvdgRzlqhzBGsozucTvrVfPCmYuDsbtRbGastuZozNURIh.html
http://www.chelseafc.com/
http://www.manutd.com/
https://www.manutd.com/
|
7
www.mancity.com(104.22.7.79)
osndjdjjjdjshgaggdkf.com()
www.manutd.com(104.74.195.93)
www.chelseafc.com(151.101.194.133)
172.67.24.199
184.28.152.211
151.101.78.133
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.4 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5529 |
2021-03-02 14:20
|
8.counter.exe 5e3ac60f9af6bd3b89111fc54fb64293
Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName DNS crashed |
1
https://36.94.202.131/rob20/TEST22-PC_W617601.C7DBFAFBB5E8D15A9FF74E39F382BB7C/5/kps/
|
7
190.152.71.230
103.73.101.98
187.190.116.59
36.94.202.131
200.6.169.124
80.78.77.116
108.170.20.72
|
3
ET CNC Feodo Tracker Reported CnC Server group 2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
5.4 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5530 |
2021-03-02 14:37
|
aka.exe 1b3a986cfde032941fc4523f8c7f7563
Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
|
|
|
12.4 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5531 |
2021-03-02 14:39
|
2021invoice.jar b46ae0983e8411d4178d19ad0b44cc07
VirusTotal Malware Check memory heapspray unpack itself Java |
|
|
|
|
2.2 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5532 |
2021-03-02 14:46
|
Benz.exe 9171e46288689456ec72d135aee36acb
VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VirtualBox malicious URLs VMware anti-virtualization Windows ComputerName Software crashed |
|
|
|
|
12.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5533 |
2021-03-02 14:47
|
bbuid.jpg.exe 1f8c325cf83ce8aacf96088670947a5e
VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs Tofsee Windows ComputerName DNS Cryptographic key |
4
http://www.chelseafc.com/
http://www.manutd.com/
http://www.mancity.com/base/LtmuVuzrUgbvwZAkchWeAimDbLbSPhJumYSrOIQXWNHn.html
https://www.manutd.com/
|
7
www.mancity.com(104.22.7.79)
osndjdjjjdjshgaggdkf.com() - mailcious
www.manutd.com(184.28.152.211)
www.chelseafc.com(151.101.2.133)
184.28.152.211
104.22.7.79
151.101.78.133
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5534 |
2021-03-02 15:10
|
document_s.doc fa37f56a399379f102873e3fd8229237
Malware download Vulnerability VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit crashed Downloader |
1
http://consultant-res.ro/bin/six.exe
|
2
consultant-res.ro(89.42.218.141) - mailcious
89.42.218.141 - mailcious
|
2
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
5.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5535 |
2021-03-02 15:10
|
document.doc ba7e3f53f66ea62261a14e23c95662ff
VirusTotal Malware exploit crash unpack itself malicious URLs Tofsee Exploit DNS crashed |
|
2
beatyamerican.com(192.185.101.126) - malware
192.185.101.126 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|