5686 |
2021-03-07 21:50
|
cred.dll c041d665d945d635300af02e97eb9cff FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Malicious Traffic Check memory Checks debugger unpack itself Email DNS Software |
2
http://190.115.18.211//fO0r5se3dW/index.php http://185.215.113.14//fO0r5se3dW/index.php
|
2
190.115.18.211 - malware 185.215.113.14
|
|
|
6.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5687 |
2021-03-07 21:51
|
clipper.exe 4b932f40941f6db7383af06d84d21ce1 VirusTotal Malware AutoRuns Check memory Windows utilities suspicious process WriteConsoleW Windows ComputerName Remote Code Execution |
|
|
|
|
5.8 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5688 |
2021-03-07 21:54
|
local28.exe de84d306ca9d35321f98a6d26fc35275 VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed |
|
|
|
|
3.6 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5689 |
2021-03-07 21:55
|
kitkatrootbot.exe d082b3a44d7a40cf843b7a7a476a7d41 VirusTotal Malware PDB |
|
|
|
|
2.2 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5690 |
2021-03-07 21:57
|
scr.dll 6551b9cf0ee7bc283476c82afe8efc85 VirusTotal Malware Checks debugger buffers extracted unpack itself DNS |
1
http://190.115.18.211//fO0r5se3dW/index.php?scr=up - rule_id: 350
|
1
|
|
1
|
3.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5691 |
2021-03-07 21:57
|
micro.exe 36cabdb6675e5bebf48dc3924e043f9a Browser Info Stealer Malware download FTP Client Info Stealer Pony VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Creates executable files Windows utilities Collect installed applications AppData folder malicious URLs WriteConsoleW installed browsers check Zeus Windows Update Browser Email Trojan Software Downloader |
2
http://www.sharpn.com/Panel/micro%20(2).exe http://sharpn.com/Panel/micro%20(2).exe
|
3
www.sharpn.com(192.185.95.74) sharpn.com(192.185.95.74) - malware 192.185.95.74 - phishing
|
8
ET MALWARE Fareit/Pony Downloader Checkin 3 ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98 ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5. ET MALWARE Fareit/Pony Downloader Checkin 2 ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative) ET MALWARE Pony Downloader check-in response STATUS-IMPORT-OK
|
|
9.8 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5692 |
2021-03-07 22:01
|
x86.dll 1ba871c1a93cabf46febf30fdb4cad1e VirusTotal Malware PDB |
|
|
|
|
1.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5693 |
2021-03-08 09:03
|
A4ge7vE97nKzwZk.exe 4bf1d28524782e3de6d241c2bb625b5e Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://159.69.119.114:3214/ https://api.ip.sb/geoip
|
3
api.ip.sb(172.67.75.172) 104.26.12.31 159.69.119.114
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5694 |
2021-03-08 09:04
|
conhost.exe 0a31ae5882697455a071f73191ed661c VirusTotal Open Directory Cryptocurrency Miner Malware Cryptocurrency Malicious Traffic Check memory Checks debugger Creates executable files unpack itself malicious URLs sandbox evasion Windows Exploit Browser ComputerName Firmware DNS |
2
http://154.91.1.27/WinRing0x64.sys http://154.91.1.27/SqlTools.exe
|
3
xmr.f2pool.com(203.107.32.162) - mailcious 203.107.32.162 - mailcious 154.91.1.27
|
6
ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET POLICY Cryptocurrency Miner Checkin ET INFO Executable Download from dotted-quad Host ET EXPLOIT_KIT DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK)
|
|
9.2 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5695 |
2021-03-08 09:11
|
A4ge7vE97nKzwZk.exe 4bf1d28524782e3de6d241c2bb625b5e Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://159.69.119.114:3214/ https://api.ip.sb/geoip
|
3
api.ip.sb(104.26.12.31) 159.69.119.114 172.67.75.172
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5696 |
2021-03-08 09:12
|
inst_all.exe 7ae05cc2d2a31d9dfa7edbf6beef674e Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5697 |
2021-03-08 09:16
|
Rq9UwX3Sxdm9bAfW.exe 7f8a15aca0965d3ef7f5e36245ee20fa Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
3
http://159.69.119.114:3214/ https://www.bing.com/ https://api.ip.sb/geoip
|
6
www.google.com(172.217.161.68) api.ip.sb(104.26.13.31) 104.26.12.31 159.69.119.114 13.107.21.200 172.217.174.196
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5698 |
2021-03-08 09:16
|
Tester.exe 3ca0d5a355b972927a2398440d58a001 VirusTotal Malware PDB Check memory Checks debugger unpack itself malicious URLs DNS |
|
|
|
|
2.8 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5699 |
2021-03-08 10:59
|
regasm.exe 0a8ff8379ea5957d89a01ea84130c372 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files AppData folder malicious URLs sandbox evasion installed browsers check Browser Email ComputerName Software |
1
http://becharnise.ir/fb6/fre.php - rule_id: 279
|
2
becharnise.ir(185.208.180.121) - mailcious 185.208.180.121 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://becharnise.ir/fb6/fre.php
|
9.6 |
M |
48 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5700 |
2021-03-08 11:09
|
regasm.exe 0a8ff8379ea5957d89a01ea84130c372 Loki Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files AppData folder malicious URLs sandbox evasion installed browsers check Browser Email ComputerName Software |
1
http://becharnise.ir/fb6/fre.php - rule_id: 279
|
2
becharnise.ir(185.208.180.121) - mailcious 185.208.180.121 - mailcious
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
1
http://becharnise.ir/fb6/fre.php
|
9.6 |
M |
48 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|