5611 |
2021-03-04 11:17
|
lv.exe 7fb4bc02c317b69c178833f4af693b75 VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW IP Check VM Disk Size Check Windows ComputerName Firmware DNS crashed |
1
|
4
iLzeDyTgvR.iLzeDyTgvR() rgRZxLIUbSUAgHDjT.rgRZxLIUbSUAgHDjT() ip-api.com(208.95.112.1) 208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
|
10.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5612 |
2021-03-04 11:28
|
march nano.exe d65086abfcdcfdc72716384337768c2e VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted unpack itself human activity check Windows ComputerName DNS DDNS |
|
2
fire4fire123.ddns.net(194.5.98.250) 194.5.98.250
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
9.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5613 |
2021-03-04 11:29
|
march OG.exe b75b990ac5990f1b6b0127540de4ec30 VirusTotal Malware Check memory RWX flags setting unpack itself DNS |
|
|
|
|
2.4 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5614 |
2021-03-04 11:30
|
mon102.dll 75378e60ba4f150d6adb5468edef655b VirusTotal Malware Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs Remote Code Execution |
|
|
|
|
4.4 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5615 |
2021-03-04 11:32
|
march.exe 82986909978d11fa5896a8f530278510 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Check memory malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
|
1
51.195.53.221 - mailcious
|
|
|
9.2 |
M |
67 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5616 |
2021-03-04 12:20
|
mon103.dll 0b7e2ae69ce9b9577ee7ca17926fd654 VirusTotal Malware Checks debugger buffers extracted RWX flags setting unpack itself Remote Code Execution |
|
|
|
|
4.0 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5617 |
2021-03-04 12:23
|
scr.dll ff01369d27e69d473384573d0cbf2328 VirusTotal Malware Malicious Traffic Checks debugger buffers extracted unpack itself DNS |
1
http://176.111.174.66//Hq13Vdsv2W/index.php?scr=up
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 22
|
|
4.4 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5618 |
2021-03-04 12:25
|
remote.dotm e2b322ed2a62e9bd4c1bfcdb2b37b9b7 VirusTotal Malware Code Injection unpack itself malicious URLs |
2
http://resources.healthmade.org/__utm.gif?utmac=UA-2202604-2&utmcn=1&utmcs=ISO-8859-1&utmsr=1280x1024&utmsc=32-bit&utmul=en-US&utmcc=__utmaemchbckchajmimkfgjmkiodhbnebecldgplbnnajkpikeidinpmgneokglknceiafchfgobjafjeilfdjldocljdldgimpfolfbdaigcmpjilckmmofniadejiljpdladmkpebidjjichkpnkpammbehmljiagmgafjahopmpagoklkmladeepeokojfkmldkejpjmeinmhhnamkohehnnnpfoklmbcilkfdjpboikegnjppipiblcfpdplpkeaj http://resources.healthmade.org/thumb/preview.gif
|
2
resources.healthmade.org(18.188.224.193) 18.188.224.193
|
|
|
5.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5619 |
2021-03-04 13:32
|
svchost.exe 472c92a28c05f2d13031a7ab406fe562 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs Windows ComputerName Cryptographic key |
|
|
|
|
10.6 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5620 |
2021-03-04 15:31
|
cs_obfuscated_vba.xlsm e4b23adf2b3e3edfe8a979ee5d49be20 VirusTotal Malware Code Injection unpack itself malicious URLs |
2
http://resources.healthmade.org/__utm.gif?utmac=UA-2202604-2&utmcn=1&utmcs=ISO-8859-1&utmsr=1280x1024&utmsc=32-bit&utmul=en-US&utmcc=__utmabakpokeaokolgedoheiijogbfkpccfokbgmiblgamaiojojmojeofefdkjfafnngpnfoknkkpbjkldkcommoabpbpnelaahhlgjcojajpelgmaedibieheplhbfcamcogjbednocphfedcangdlbchhbhelakmjmeaaagaobacmhjegpcoacbdpafbmhjhkkgnlomcibilmkcnfbnocnjjgabfpdjfnfoddmklgcjmjeikpafeajfjdepoejalcp - rule_id: 338 http://resources.healthmade.org/thumb/preview.gif - rule_id: 339
|
2
resources.healthmade.org(18.188.224.193) - mailcious 18.188.224.193 - mailcious
|
|
2
http://resources.healthmade.org/__utm.gif http://resources.healthmade.org/thumb/preview.gif
|
5.8 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5621 |
2021-03-04 15:32
|
msbuild_vba.xlsm d68eb2a0c4ef9306e93e7f993544bbfe VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder malicious URLs WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://resources.healthmade.org/thumb/preview.gif - rule_id: 339 http://resources.healthmade.org/__utm.gif?utmac=UA-2202604-2&utmcn=1&utmcs=ISO-8859-1&utmsr=1280x1024&utmsc=32-bit&utmul=en-US&utmcc=__utmablbifpemjdifjfeidelijmdbgidjonojmicmdogbnljhajmodigfhbokkkoppllimjipoajnjlidljeggojlodmihfbpkablonpnppdeigcggpeeckidiabebefemniakjbgghdecpgkankkfdmiobncfofgpehkkdkbpbikghmijpdhdleepnhggacbfgkgihgohlghifffmacodhpdepdkmeacobbmmkheomfgnhbcpcodmdmabfimlplmpenp - rule_id: 338
|
2
resources.healthmade.org(18.188.224.193) - mailcious 18.188.224.193 - mailcious
|
|
2
http://resources.healthmade.org/thumb/preview.gif http://resources.healthmade.org/__utm.gif
|
11.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5622 |
2021-03-04 15:45
|
regasm.exe 9eb475cef6f36f96f8e2457885f39dea VirusTotal Malware unpack itself malicious URLs Remote Code Execution DNS |
|
|
|
|
3.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5623 |
2021-03-04 15:46
|
remote.docx 888dd860394853462c38d92f76af0b05 VirusTotal Malware Code Injection unpack itself malicious URLs |
2
http://resources.healthmade.org/__utm.gif?utmac=UA-2202604-2&utmcn=1&utmcs=ISO-8859-1&utmsr=1280x1024&utmsc=32-bit&utmul=en-US&utmcc=__utmackcdabgcokcobonmijbljdcbailhmfbpihnhpdjgjcbddoakoeholacalnbcfffmnkclddedegegmhbcnbmfmaofhbibniolbihmjjddhebegcgllnoihnjihfiajknilfoacajdidlcccknnelhnapplcfiohbnaajnknpapilaalgnhokifgjeijoemihmdpmcfaaegckbebabcidbgkepfkobpkmlpdjolgikkiceeodliampkgohkkejapmh - rule_id: 338 http://resources.healthmade.org/thumb/preview.gif - rule_id: 339
|
4
resources.healthmade.org(18.188.224.193) - mailcious docs.healthmade.org(18.221.177.35) - malware 18.221.177.35 - malware 18.188.224.193 - mailcious
|
|
2
http://resources.healthmade.org/__utm.gif http://resources.healthmade.org/thumb/preview.gif
|
5.2 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5624 |
2021-03-05 02:09
|
dontTouch.exe 818a64d619f6bbdbc4d68ff7411b6418 VirusTotal Malware Check memory malicious URLs DNS |
|
1
|
|
|
2.8 |
|
55 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5625 |
2021-03-05 09:11
|
E210115-Order.ace aa826867067439b67dea5a232f442a64 VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName |
|
|
|
|
4.6 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|