6091 |
2021-03-17 23:02
|
Abjects.txt ce328046ab3836eef7177159d6e080af AsyncRAT backdoor VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces suspicious TLD Tofsee Windows DNS Cryptographic key |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f https://d.itdenther.ru/SystemNetCacheHttpCacheAgeControlh
|
2
d.itdenther.ru(81.177.139.41) 81.177.139.41 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
34 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6092 |
2021-03-17 23:02
|
6e7_2021-01-19_18-04.txt d4827f2bb4c0446d1bba5df00c2436b8VirusTotal Malware ICMP traffic unpack itself Remote Code Execution DNS |
|
1
|
|
|
4.4 |
M |
49 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6093 |
2021-03-17 23:02
|
build_makros.exe 3f1165d54ebadca8bc5a8422eb29a2aa AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows DNS Cryptographic key |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
1
|
|
|
11.2 |
M |
52 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6094 |
2021-03-17 23:02
|
build_sup.txt 5400a701c0e533f09652176253856568VirusTotal Malware Check memory Checks debugger unpack itself crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
|
|
2.0 |
M |
36 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6095 |
2021-03-17 23:03
|
Osiris_qqkz_nauto.exe 37c564ae4779a505b190aa2520bb7266 Gen Dridex TrickBot VirusTotal Malware Malicious Traffic buffers extracted Creates executable files unpack itself AppData folder sandbox evasion anti-virtualization IP Check Tofsee Kovter Windows Tor ComputerName DNS Cryptographic key keylogger |
21
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://212.83.61.218/tor/server/fp/a86ec24f5b8b964f67ac7c27ce92842025983274 http://162.250.188.194/tor/server/fp/c291114640ea333a6ac5801b5e0ec95c012dfe6b http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://45.79.49.223/tor/server/fp/c8ab1b2af0cbaae3611a814b4c7d38dce0cbfeb4 http://45.56.90.176/tor/server/fp/a2e6bb5c391cd46b38c55b4329c35304540771f1 http://213.164.204.38/tor/server/fp/a2f580f93fa3d0da373769614bd9b0c8a6c4623e http://92.38.184.131/tor/server/fp/270934a4f7b669aa387f2d475fbe793d03694547 http://131.188.40.189/tor/status-vote/current/consensus http://5.44.101.190/tor/server/fp/20d2a186a412ea433d9bad2fdbd7b48b36b20b34 http://82.221.131.71/tor/server/fp/0b88c0f5b40ba3507ab8962478e1da6704a09e83 http://109.197.193.160/tor/server/fp/a2cd32d9d0668db764ad68c745ce29693ca851b9 http://178.17.170.88/tor/server/fp/1fc55b6e54789cb4aef1f5a9d35c4420789ab5de http://18.18.248.17/tor/server/fp/26f183b1c08e95f4727c0d73fe28f52c8d1f548b http://195.189.227.48/tor/server/fp/0b3c8c2b2b1a1ca4429b9649f533beb4d7470aea http://45.77.50.147/tor/server/fp/4f500157abf70a1a94636d268a742a8b227b8bfd http://179.43.169.20/tor/server/fp/a2e6bb5c391cd46b38c55b4329c35304540771f1 http://104.248.88.112/tor/server/fp/763b7d67a6b2d19b3e9ea57d1fbdc48f3b85b559 http://199.249.230.170/tor/server/fp/025b66cebc070fcb0519d206cf0cf4965c20c96e http://213.164.204.94/tor/server/fp/f6740deabfd5f62612fa025a5079ea72846b1f67 https://api.ipify.org/
|
29
api.ipify.org(54.225.214.197) time-a.nist.gov(129.6.15.28) 185.246.152.22 162.250.188.194 23.129.64.225 45.77.50.147 92.38.184.131 212.83.61.218 213.164.204.94 213.164.204.38 195.189.227.48 131.188.40.189 - mailcious 178.17.170.88 18.18.248.17 45.79.49.223 179.43.169.20 - phishing 129.6.15.28 199.249.230.170 125.212.217.197 94.142.241.194 45.56.90.176 154.35.175.225 - mailcious 82.221.131.71 5.44.101.190 109.197.193.160 79.133.36.68 23.21.140.41 104.248.88.112 149.56.94.218
|
40
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 204 SURICATA HTTP Request abnormal Content-Encoding header ET POLICY TOR Consensus Data Requested ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 158 ET TOR Known Tor Exit Node Traffic group 39 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 39 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET TOR Known Tor Exit Node Traffic group 122 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 122 ET COMPROMISED Known Compromised or Hostile Host Traffic group 101 ET P2P Tor Get Server Request ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET TOR Known Tor Exit Node Traffic group 76 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 76 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 139 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 591 ET TOR Known Tor Exit Node Traffic group 87 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 87 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 266 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 586 ET TOR Known Tor Exit Node Traffic group 91 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 91 ET COMPROMISED Known Compromised or Hostile Host Traffic group 74 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 403 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 792 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 594 ET TOR Known Tor Exit Node Traffic group 66 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 66 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 658 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 706 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 153 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 201 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 218 ET TOR Known Tor Exit Node Traffic group 6 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 6 ET TOR Known Tor Exit Node Traffic group 35 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 35 ET TOR Known Tor Exit Node Traffic group 115 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 115 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 290
|
|
8.4 |
M |
51 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6096 |
2021-03-17 23:04
|
1488.txt ce0f93d2bb7f18632d6695cf4800f436 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
1
|
|
|
10.8 |
M |
50 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6097 |
2021-03-17 23:09
|
26a5.txt 1bf3028a0b65a4174a66f3677e872026VirusTotal Malware Buffer PE PDB Code Injection buffers extracted unpack itself |
|
|
|
|
7.2 |
M |
54 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6098 |
2021-03-17 23:10
|
dcrat.exe a16225aa2cb7f0c1c4f975bb7a9eede0 Azorult .NET framework Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs suspicious TLD WriteConsoleW IP Check Tofsee Windows Browser Tor ComputerName DNS Software crashed keylogger |
17
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/0f7cfa505d7629e906ccb9e90828239c95f18bc4.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&ae116bdcdc1f6290fbf402f17b2d5c25=717c6d64d7e49290451c54bb8530ea36&1a25c6857acc4f0f641ff2279925b4af=dbb1ff180da67a6c3d331bd83b86e444c638094f&4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=wkzM4YzN54SNwoDMwoDMwAiOl1Wa0BCZlNHchxWRgESZu9GR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=u4iLzRmcvd3czFGcgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLu42bpRXYtJ3bm5WagIXZoR3bgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&9bed4c0d62fb1d6af8403144370ee8e2=9JSZiNzMhdDZmJTO5IWLyETN50COlFTMtYDM3ATLhBDO3Q2NiFGXclnclZ3bjVmUcxlODJiOigGdhBlIsISNuQjI6Iibvl2cyVmVrJ3b3VWbhJnRiwiIud3butmbVJiOigGdhBVbhJ3ZlxWZUJCLiIiOiMHcwFUbhVGdTJCLi42dv52auVlI6ICRJJXZzVVbhVGdTJCLi42dv52auVlI6IiclNXVtFWZ0NlIsIib39mbr5WViojIn5WYM1WYlR3UiwiIud3butmbVJiOigGdhBVbhVGdTJCLi4GXyxVKYmL7l6J7g8WakVXQg42bpRXaulmZlREIodWaIhCrB2OtdyOinuuI6Iycl52boB3byNWaNJCLi4GXyxVMZFETQNVSExFXuwFXcxlI6IycuVWZyN2UiwiIiojIz1WYjJWZXJCL5ETM1ojINFkUiwiIw42bpRXYy9Gcy92QgUGbjFmcPJiOiQmch9mYyVGa09WTiwiIB9CXOJiOiwGbhdXZylmRiwiIB9CXOJiOiMXdylmdpRnbBJCLi0iI6ICUJ5UQMJCLigkYtdEIrVGdv5mbpJiOiM1TJJkIsIieIdEM44iMgAEIVB1QgADM0gTL1kGIp0EVoUmcvNEIpIFKsVGdulkI6ISZtFmTVB1QiwiIwSY7Ry460aJ7g0Lltjpnrj7tqDSQHZFIASK7cGZ7iojIl1WYOVFUHJye&0592b27fd9372485389b3e4b27878b25=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&61f3e9450f43a23b30349f40c7b48399=IGOkFmN4E2MlV2MhNGM5cDN3YGOwcDM3UzNlBDM3EWN http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLu0WYlR3Ugcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLu0WYydWZsVGVgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLuM0Qgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&d80922c2849784bc1447d28a3c91306c=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&635e99668406b9d17dff5dd914abe03f=QTZ4UzN0gzY2cTZlJmZlZ2N1AzNhNWMhRTYkVWO5kTN&3e2cba95dc28875482e835607ed9c48a=9JicldWYuFWTg0WYyd2byBlI6IydvRmbpdFVDFkIs0nIoRXdhdmbpN3cp12Lc9Wau8mZulGcp9CXvwlOzBHd0hmI6ISZtRWYlJnIsICb19WZT9CXhl2cBJiOiUmbvpXZtlGdiwiI2gTMzAjI6ICbhR3cvBnIsISbvNWZsVGVgEWZy92SgYjN3QzUBJiOicmcvJCLiQDO3kjL2ITMsAjN2UjL3MjI6IyYvxmIsIiULJiOiknc05WdvNmIsICb19WZTJiOi42bpdWZyJCLiwWdvV2UiojI5RXajJCLiATNx4CNzEjL4AjMuUzNxIiOiAXaisnOi8mZulEcJJCLiIiOicUQUJCLiIjM0NXZ0JiOiUWbh5kclNXViwiIDBVLyIDVTVEViojIl1WYONEUiwiI0lmQgQjNg40SgwWYu9WazNXZm9mcQByNgM3dvRmbpdlI6IiclZlbpdlIsISWiojIulWbkF0cpJCLi4kI6ISbhNmYld1cpJCLiklI6ISZu9Gaw9mcjlWTzlmIsIyNuQjLzIiOiIXZWJXZ2JXZTJCLiMyQiojIlBXeUJXZ2JXZTJye&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=EjZ1AjZmBjYwMjZ5UzN1QjYiFmNlJTMjNjYlVWZmVzY http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=%00&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=IGOkFmN4E2MlV2MhNGM5cDN3YGOwcDM3UzNlBDM3EWN http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=gLu4ycll2av92Ygcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLuMXby9mZgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/0f7cfa505d7629e906ccb9e90828239c95f18bc4.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&c73c7e0fa085eeb4573982ce98a8b57d=ce93cd4e218354bd9ac289e36d11e3a8&4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM https://ipinfo.io/json
|
5
cd03477.tmweb.ru(5.23.51.195) ipinfo.io(216.239.38.21) 5.23.51.195 216.239.34.21 125.212.217.197
|
4
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 153 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)
|
|
18.8 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6099 |
2021-03-17 23:11
|
IntelTWO.txt d2054b1b66e0d190be9eb250fada79faVirusTotal Malware AutoRuns PDB Code Injection Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Remote Code Execution |
|
|
|
|
5.0 |
M |
21 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6100 |
2021-03-17 23:11
|
Lucky_Fixed.exe c481259ad199b773339f168902cc7437 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows ComputerName Cryptographic key crashed |
12
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6CC89A73E798914A0C763C1371E0F80.html http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B42C59FB1015EEE0964D8CD3ACA6178D.html http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-14AD654C29326C58D7804D172BD0F2A1.html http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-9209B2B6B104062821F62A7C021E49B6.html http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-7167DDE2433CD6710258A705E664A93F.html https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-7167DDE2433CD6710258A705E664A93F.html https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-9209B2B6B104062821F62A7C021E49B6.html https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B42C59FB1015EEE0964D8CD3ACA6178D.html https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-14AD654C29326C58D7804D172BD0F2A1.html https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6CC89A73E798914A0C763C1371E0F80.html
|
4
api.ipify.org(54.243.164.148) liverpooldabestteamoftheworld.com(172.67.197.219) - mailcious 54.235.189.250 172.67.197.219
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.4 |
M |
39 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6101 |
2021-03-17 23:11
|
TeleKiller.exe bb0c7c3de7df87cab6e7962ceab62b0f AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed |
2
http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-896040F2AF009D79EEF149564853AB30.html https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-896040F2AF009D79EEF149564853AB30.html
|
4
wu-tang.xyz() liverpooldabestteamoftheworld.com(104.21.52.98) - mailcious 216.239.34.21 172.67.197.219
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.8 |
M |
27 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6102 |
2021-03-17 23:12
|
Taurusbabac.exe 602c4fc857abdc65397927df41fc638dBrowser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications suspicious process WriteConsoleW installed browsers check Windows Browser Email Cryptographic key Software crashed |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://278marsbahis.com/cfg/ http://278marsbahis.com/log/
|
2
278marsbahis.com(104.21.48.254) 172.67.139.225
|
|
|
14.4 |
M |
48 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6103 |
2021-03-17 23:12
|
001.txt 1cab063cc0c194cc5c81e71aad8a94e0 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows DNS Cryptographic key |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
1
|
|
|
11.0 |
M |
34 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6104 |
2021-03-17 23:13
|
www.txt 8fc65757011f067d0f35d6d4655e75d1 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key |
1
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
|
|
4.8 |
M |
26 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6105 |
2021-03-17 23:13
|
buildcr.txt cca69674ecdc1dcd5ea4446577680d4b Process Kill FindFirstVolume CryptGenKey Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f https://paste.ee/r/E1YUZ
|
2
paste.ee(172.67.219.133) - mailcious 104.21.45.223 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
M |
31 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|