5911 |
2021-03-12 16:27
|
4.exe f43ab0f92340b89c74af85b624672dbe VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.6 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5912 |
2021-03-12 16:30
|
HDggVMlF.exe 6980f0a8333b9ebe6718c7142fc1b963 Gen Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Malicious Traffic Check memory Creates executable files Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Browser Email ComputerName Software |
1
http://validation.wootraining.certificacion.cl/BvCu/index.php
|
2
validation.wootraining.certificacion.cl(200.73.113.241) 200.73.113.241 - malware
|
1
ET MALWARE AZORult v3.3 Server Response M3
|
|
10.6 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5913 |
2021-03-12 17:50
|
7.iops.exe 1f0d7f3144ba0d50374f61c941f5a94e Emotet Trickbot Gen VirusTotal Malware Checks debugger buffers extracted RWX flags setting unpack itself malicious URLs Remote Code Execution |
|
|
|
|
4.0 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5914 |
2021-03-12 17:55
|
6.exe c7c186bd2ebb1d33853f9e7c4cb8f4a4 Malicious Library VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW IP Check VM Disk Size Check Windows ComputerName |
1
|
3
CriEEOqPAttEokzUTadoKVlIU.CriEEOqPAttEokzUTadoKVlIU() ip-api.com(208.95.112.1) 208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
|
8.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5915 |
2021-03-12 18:15
|
2041131341.exe 526489ddbfd0d84e845ccd132cae5555 UltraVNC VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs suspicious TLD Tofsee Windows DNS Cryptographic key crashed |
1
https://5uxm.itdenther.ru/SystemNetConfigurationConnectionManagementSectionInternalF
|
2
5uxm.itdenther.ru(81.177.139.41) 81.177.139.41 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5916 |
2021-03-12 18:16
|
1370132254.exe 8ca675896f6c9ad9fe8deb1cc63bf8f5 Azorult .NET framework UltraVNC AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder malicious URLs suspicious TLD installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
6
http://62.109.7.229/ https://sldov.ru/1090905469.exe https://5uxm.itdenther.ru/SystemNetConfigurationConnectionManagementSectionInternalF https://g.itdenther.ru/1986383539.exe https://www.bing.com/ https://api.ip.sb/geoip
|
11
g.itdenther.ru(81.177.139.41) www.google.com(172.217.31.164) api.ip.sb(172.67.75.172) 5uxm.itdenther.ru(81.177.139.41) 0cl.sldov.ru(81.177.139.41) - malware sldov.ru(81.177.139.41) - mailcious 62.109.7.229 104.26.12.31 81.177.139.41 - malware 13.107.21.200 172.217.174.196
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request
|
|
20.0 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5917 |
2021-03-12 18:23
|
eve.exe dc7faccd6a090e655cfa865903b7a70b Azorult .NET framework VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself malicious URLs Tofsee Windows DNS |
4
http://go.microsoft.com/fwlink?linkid=30219&locale=ko-KR&clientType=VISTA_GAMES&clientVersion=6.1.2 http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2 https://update.googleapis.com/service/update2?cup2key=10:3707086078&cup2hreq=592b5a7ff2243112c27bdf312679deb8995ad1805b60657c9d1c3fddf67a8fb2
|
5
movie.metaservices.microsoft.com(65.55.186.115) edgedl.gvt1.com(142.250.34.2) 65.55.186.115 142.250.34.2 104.74.217.16
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
5.8 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5918 |
2021-03-12 18:23
|
dxmanx.exe 01a67972d36112e1cc5b265e8606ddbd Azorult .NET framework ftp Client info stealer email stealer Win Trojan agentTesla browser Google Chrome User Data Download management Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed |
|
|
|
|
14.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5919 |
2021-03-12 18:34
|
invoice_34456.doc ae9c776e66bf63c33d3fcb228748eec3Malware download VirusTotal Malware exploit crash unpack itself malicious URLs Windows Exploit crashed |
1
|
4
bit.do(54.83.52.76) - mailcious wsdyrkkrsuccessmoven.dns.army(103.125.191.187) - mailcious 54.83.52.76 - suspicious 103.125.191.187 - malware
|
3
ET MALWARE Possible Malicious Macro DL EXE Feb 2016 ET MALWARE Possible Malicious Macro EXE DL AlphaNumL ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5920 |
2021-03-12 18:35
|
IMG_105-10_60_85.pdf b47dd39109575e7b48e55f3e8d402a55 Azorult .NET framework ftp Client info stealer email stealer Win Trojan agentTesla browser Antivirus Google Chrome User Data AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(172.67.188.154) checkip.dyndns.org(162.88.193.70) 162.88.193.70 104.21.19.200
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response
|
|
17.0 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5921 |
2021-03-12 18:40
|
m122.dll 8e3d3f90cb572121809d2945db6b02e6 Trickbot VirusTotal Malware Checks debugger unpack itself suspicious process Remote Code Execution |
|
|
|
|
3.4 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5922 |
2021-03-12 18:41
|
lurdx.exe 33f3a04aa01af912b83b4e82c6b9c12e ftp Client info stealer email stealer Win Trojan agentTesla browser Antivirus Google Chrome User Data Download management AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Ransomware Windows Browser Tor Email ComputerName Cryptographic key Software crashed keylogger |
3
http://liverpoolofcfanclub.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-BB4F0127925FA3CC2062530FDF7A3934.html - rule_id: 361 http://liverpoolofcfanclub.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5CE6D87A01BDFF577E36CDA694150723.html - rule_id: 361 http://liverpoolofcfanclub.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-9C0C5071597064159707491C94EAD1DB.html - rule_id: 361
|
2
liverpoolofcfanclub.com(104.21.31.39) - mailcious 104.21.31.39 - mailcious
|
|
3
http://liverpoolofcfanclub.com/liverpool-fc-news/features/ http://liverpoolofcfanclub.com/liverpool-fc-news/features/ http://liverpoolofcfanclub.com/liverpool-fc-news/features/
|
18.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5923 |
2021-03-12 18:45
|
secure-viewer.jar 69194c7d702f9bf9fb8c500faafbbb88VirusTotal Malware Check memory heapspray unpack itself Java |
|
|
|
|
2.2 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5924 |
2021-03-12 18:47
|
solution.iops.exe 1f0d7f3144ba0d50374f61c941f5a94e Emotet Trickbot Gen Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces malicious URLs Kovter ComputerName Remote Code Execution DNS crashed |
1
https://85.159.214.61/rob28/TEST22-PC_W617601.51FA6B3783F19317BB7F3DB0B3BF6733/5/kps/
|
10
117.212.193.62 - mailcious 202.142.151.190 103.91.244.102 - mailcious 79.122.166.236 187.190.116.59 - mailcious 85.159.214.61 36.94.202.131 - mailcious 201.184.190.59 80.78.77.116 - mailcious 111.235.66.83
|
5
ET CNC Feodo Tracker Reported CnC Server group 3 ET CNC Feodo Tracker Reported CnC Server group 12 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) ET CNC Feodo Tracker Reported CnC Server group 1
|
|
9.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5925 |
2021-03-12 18:57
|
856125340.exe 0e9b44989a3627976703bbe1e259cf62 AsyncRAT backdoor VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces malicious URLs Tofsee Windows DNS Cryptographic key |
1
https://50n0.tolganfor.ru/SystemNetHttpListenerExceptionU - rule_id: 394
|
2
50n0.tolganfor.ru(81.177.139.41) - malware 81.177.139.41 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://50n0.tolganfor.ru/SystemNetHttpListenerExceptionU
|
4.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|