| 6091 |
2021-03-17 23:02
|
Abjects.txt ce328046ab3836eef7177159d6e080af
AsyncRAT backdoor VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces suspicious TLD Tofsee Windows DNS Cryptographic key |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
https://d.itdenther.ru/SystemNetCacheHttpCacheAgeControlh
|
2
d.itdenther.ru(81.177.139.41)
81.177.139.41 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
34 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6092 |
2021-03-17 23:02
|
 6e7_2021-01-19_18-04.txt d4827f2bb4c0446d1bba5df00c2436b8VirusTotal Malware ICMP traffic unpack itself Remote Code Execution DNS |
|
1
|
|
|
4.4 |
M |
49 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6093 |
2021-03-17 23:02
|
build_makros.exe 3f1165d54ebadca8bc5a8422eb29a2aa
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows DNS Cryptographic key |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
1
|
|
|
11.2 |
M |
52 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6094 |
2021-03-17 23:02
|
 build_sup.txt 5400a701c0e533f09652176253856568VirusTotal Malware Check memory Checks debugger unpack itself crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
|
|
2.0 |
M |
36 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6095 |
2021-03-17 23:03
|
Osiris_qqkz_nauto.exe 37c564ae4779a505b190aa2520bb7266
Gen Dridex TrickBot VirusTotal Malware Malicious Traffic buffers extracted Creates executable files unpack itself AppData folder sandbox evasion anti-virtualization IP Check Tofsee Kovter Windows Tor ComputerName DNS Cryptographic key keylogger |
21
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://212.83.61.218/tor/server/fp/a86ec24f5b8b964f67ac7c27ce92842025983274
http://162.250.188.194/tor/server/fp/c291114640ea333a6ac5801b5e0ec95c012dfe6b
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://45.79.49.223/tor/server/fp/c8ab1b2af0cbaae3611a814b4c7d38dce0cbfeb4
http://45.56.90.176/tor/server/fp/a2e6bb5c391cd46b38c55b4329c35304540771f1
http://213.164.204.38/tor/server/fp/a2f580f93fa3d0da373769614bd9b0c8a6c4623e
http://92.38.184.131/tor/server/fp/270934a4f7b669aa387f2d475fbe793d03694547
http://131.188.40.189/tor/status-vote/current/consensus
http://5.44.101.190/tor/server/fp/20d2a186a412ea433d9bad2fdbd7b48b36b20b34
http://82.221.131.71/tor/server/fp/0b88c0f5b40ba3507ab8962478e1da6704a09e83
http://109.197.193.160/tor/server/fp/a2cd32d9d0668db764ad68c745ce29693ca851b9
http://178.17.170.88/tor/server/fp/1fc55b6e54789cb4aef1f5a9d35c4420789ab5de
http://18.18.248.17/tor/server/fp/26f183b1c08e95f4727c0d73fe28f52c8d1f548b
http://195.189.227.48/tor/server/fp/0b3c8c2b2b1a1ca4429b9649f533beb4d7470aea
http://45.77.50.147/tor/server/fp/4f500157abf70a1a94636d268a742a8b227b8bfd
http://179.43.169.20/tor/server/fp/a2e6bb5c391cd46b38c55b4329c35304540771f1
http://104.248.88.112/tor/server/fp/763b7d67a6b2d19b3e9ea57d1fbdc48f3b85b559
http://199.249.230.170/tor/server/fp/025b66cebc070fcb0519d206cf0cf4965c20c96e
http://213.164.204.94/tor/server/fp/f6740deabfd5f62612fa025a5079ea72846b1f67
https://api.ipify.org/
|
29
api.ipify.org(54.225.214.197)
time-a.nist.gov(129.6.15.28)
185.246.152.22
162.250.188.194
23.129.64.225
45.77.50.147
92.38.184.131
212.83.61.218
213.164.204.94
213.164.204.38
195.189.227.48
131.188.40.189 - mailcious
178.17.170.88
18.18.248.17
45.79.49.223
179.43.169.20 - phishing
129.6.15.28
199.249.230.170
125.212.217.197
94.142.241.194
45.56.90.176
154.35.175.225 - mailcious
82.221.131.71
5.44.101.190
109.197.193.160
79.133.36.68
23.21.140.41
104.248.88.112
149.56.94.218
|
40
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 204
SURICATA HTTP Request abnormal Content-Encoding header
ET POLICY TOR Consensus Data Requested
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 158
ET TOR Known Tor Exit Node Traffic group 39
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 39
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET TOR Known Tor Exit Node Traffic group 122
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 122
ET COMPROMISED Known Compromised or Hostile Host Traffic group 101
ET P2P Tor Get Server Request
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET TOR Known Tor Exit Node Traffic group 76
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 76
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 139
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 591
ET TOR Known Tor Exit Node Traffic group 87
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 87
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 266
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 586
ET TOR Known Tor Exit Node Traffic group 91
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 91
ET COMPROMISED Known Compromised or Hostile Host Traffic group 74
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 403
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 792
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 594
ET TOR Known Tor Exit Node Traffic group 66
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 66
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 658
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 706
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 153
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 201
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 218
ET TOR Known Tor Exit Node Traffic group 6
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 6
ET TOR Known Tor Exit Node Traffic group 35
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 35
ET TOR Known Tor Exit Node Traffic group 115
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 115
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 290
|
|
8.4 |
M |
51 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6096 |
2021-03-17 23:04
|
1488.txt ce0f93d2bb7f18632d6695cf4800f436
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
1
|
|
|
10.8 |
M |
50 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6097 |
2021-03-17 23:09
|
26a5.txt 1bf3028a0b65a4174a66f3677e872026VirusTotal Malware Buffer PE PDB Code Injection buffers extracted unpack itself |
|
|
|
|
7.2 |
M |
54 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6098 |
2021-03-17 23:10
|
 dcrat.exe a16225aa2cb7f0c1c4f975bb7a9eede0
Azorult .NET framework Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs suspicious TLD WriteConsoleW IP Check Tofsee Windows Browser Tor ComputerName DNS Software crashed keylogger |
17
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/0f7cfa505d7629e906ccb9e90828239c95f18bc4.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&ae116bdcdc1f6290fbf402f17b2d5c25=717c6d64d7e49290451c54bb8530ea36&1a25c6857acc4f0f641ff2279925b4af=dbb1ff180da67a6c3d331bd83b86e444c638094f&4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=wkzM4YzN54SNwoDMwoDMwAiOl1Wa0BCZlNHchxWRgESZu9GR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=u4iLzRmcvd3czFGcgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLu42bpRXYtJ3bm5WagIXZoR3bgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&9bed4c0d62fb1d6af8403144370ee8e2=9JSZiNzMhdDZmJTO5IWLyETN50COlFTMtYDM3ATLhBDO3Q2NiFGXclnclZ3bjVmUcxlODJiOigGdhBlIsISNuQjI6Iibvl2cyVmVrJ3b3VWbhJnRiwiIud3butmbVJiOigGdhBVbhJ3ZlxWZUJCLiIiOiMHcwFUbhVGdTJCLi42dv52auVlI6ICRJJXZzVVbhVGdTJCLi42dv52auVlI6IiclNXVtFWZ0NlIsIib39mbr5WViojIn5WYM1WYlR3UiwiIud3butmbVJiOigGdhBVbhVGdTJCLi4GXyxVKYmL7l6J7g8WakVXQg42bpRXaulmZlREIodWaIhCrB2OtdyOinuuI6Iycl52boB3byNWaNJCLi4GXyxVMZFETQNVSExFXuwFXcxlI6IycuVWZyN2UiwiIiojIz1WYjJWZXJCL5ETM1ojINFkUiwiIw42bpRXYy9Gcy92QgUGbjFmcPJiOiQmch9mYyVGa09WTiwiIB9CXOJiOiwGbhdXZylmRiwiIB9CXOJiOiMXdylmdpRnbBJCLi0iI6ICUJ5UQMJCLigkYtdEIrVGdv5mbpJiOiM1TJJkIsIieIdEM44iMgAEIVB1QgADM0gTL1kGIp0EVoUmcvNEIpIFKsVGdulkI6ISZtFmTVB1QiwiIwSY7Ry460aJ7g0Lltjpnrj7tqDSQHZFIASK7cGZ7iojIl1WYOVFUHJye&0592b27fd9372485389b3e4b27878b25=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&61f3e9450f43a23b30349f40c7b48399=IGOkFmN4E2MlV2MhNGM5cDN3YGOwcDM3UzNlBDM3EWN
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLu0WYlR3Ugcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLu0WYydWZsVGVgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLuM0Qgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&d80922c2849784bc1447d28a3c91306c=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&635e99668406b9d17dff5dd914abe03f=QTZ4UzN0gzY2cTZlJmZlZ2N1AzNhNWMhRTYkVWO5kTN&3e2cba95dc28875482e835607ed9c48a=9JicldWYuFWTg0WYyd2byBlI6IydvRmbpdFVDFkIs0nIoRXdhdmbpN3cp12Lc9Wau8mZulGcp9CXvwlOzBHd0hmI6ISZtRWYlJnIsICb19WZT9CXhl2cBJiOiUmbvpXZtlGdiwiI2gTMzAjI6ICbhR3cvBnIsISbvNWZsVGVgEWZy92SgYjN3QzUBJiOicmcvJCLiQDO3kjL2ITMsAjN2UjL3MjI6IyYvxmIsIiULJiOiknc05WdvNmIsICb19WZTJiOi42bpdWZyJCLiwWdvV2UiojI5RXajJCLiATNx4CNzEjL4AjMuUzNxIiOiAXaisnOi8mZulEcJJCLiIiOicUQUJCLiIjM0NXZ0JiOiUWbh5kclNXViwiIDBVLyIDVTVEViojIl1WYONEUiwiI0lmQgQjNg40SgwWYu9WazNXZm9mcQByNgM3dvRmbpdlI6IiclZlbpdlIsISWiojIulWbkF0cpJCLi4kI6ISbhNmYld1cpJCLiklI6ISZu9Gaw9mcjlWTzlmIsIyNuQjLzIiOiIXZWJXZ2JXZTJCLiMyQiojIlBXeUJXZ2JXZTJye&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=EjZ1AjZmBjYwMjZ5UzN1QjYiFmNlJTMjNjYlVWZmVzY
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=%00&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=IGOkFmN4E2MlV2MhNGM5cDN3YGOwcDM3UzNlBDM3EWN
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=gLu4ycll2av92Ygcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/1qjf26r6i5eaf11049cwi97t4latqqpylcotv8zbuow2bxxg0lm7906kvfp0pnsg5nmc3x4ysz68otkbpj39nu/51afc5b336611bc72e86f878effc8f43.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&f3c39371923a2a97e8e2004599d6c568=gjMygjMyQ2MhdTNhdjN3IWNiJjNlJWMmR2NzMzY1gjMxMTO1QGO0cDM&cbed01b57bb84a42c95af8de36c27ba3=wYilDZ4AzM0ITNhN2YmF2YjFTMlVjZ1MjMzMDMkNDNlhTZkJmMiZzM&3e2cba95dc28875482e835607ed9c48a=4iLuMXby9mZgcmbph2Y0VmR&4b836cb6b63ff52e76cc353a8666a413=ETZ3ETYlZ2YyATOmRDMhF2YwkzMwgjNlJ2YwI2M2MDN&222849a66532f350bf8537e61aabb5b0=ITOklDMzgTYldDZ3ITO4UDNiNjYyEGOhlzYycDNiRjZ
http://cd03477.tmweb.ru/s37gue3wcapintnq8aymsm4gxqthbf8ke/4xunxsulhh0vjwpro1yk0h20gz1osslxmtcnp352fd8u4inmyfrkt7qqfo5zvxwy/0f7cfa505d7629e906ccb9e90828239c95f18bc4.php?4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM&c73c7e0fa085eeb4573982ce98a8b57d=ce93cd4e218354bd9ac289e36d11e3a8&4np9zI4szio6ayvNH2RdxaGmV=mMK53KaJiq8UIEe720P8Sdd&wFII9dgDoHfri3pdfQQFPxtN90hQXW=JtNJxBRKEJ5qBi&Z8LvdBMYr9V5JI5QpRrV7Uu1b=GL6UGsoM
https://ipinfo.io/json
|
5
cd03477.tmweb.ru(5.23.51.195)
ipinfo.io(216.239.38.21)
5.23.51.195
216.239.34.21
125.212.217.197
|
4
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 153
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)
|
|
18.8 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6099 |
2021-03-17 23:11
|
 IntelTWO.txt d2054b1b66e0d190be9eb250fada79faVirusTotal Malware AutoRuns PDB Code Injection Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Remote Code Execution |
|
|
|
|
5.0 |
M |
21 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6100 |
2021-03-17 23:11
|
 Lucky_Fixed.exe c481259ad199b773339f168902cc7437
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows ComputerName Cryptographic key crashed |
12
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6CC89A73E798914A0C763C1371E0F80.html
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B42C59FB1015EEE0964D8CD3ACA6178D.html
http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-14AD654C29326C58D7804D172BD0F2A1.html
http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-9209B2B6B104062821F62A7C021E49B6.html
http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-7167DDE2433CD6710258A705E664A93F.html
https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-7167DDE2433CD6710258A705E664A93F.html
https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-9209B2B6B104062821F62A7C021E49B6.html
https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B42C59FB1015EEE0964D8CD3ACA6178D.html
https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-14AD654C29326C58D7804D172BD0F2A1.html
https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E6CC89A73E798914A0C763C1371E0F80.html
|
4
api.ipify.org(54.243.164.148)
liverpooldabestteamoftheworld.com(172.67.197.219) - mailcious
54.235.189.250
172.67.197.219
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.4 |
M |
39 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6101 |
2021-03-17 23:11
|
TeleKiller.exe bb0c7c3de7df87cab6e7962ceab62b0f
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed |
2
http://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-896040F2AF009D79EEF149564853AB30.html
https://liverpooldabestteamoftheworld.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-896040F2AF009D79EEF149564853AB30.html
|
4
wu-tang.xyz()
liverpooldabestteamoftheworld.com(104.21.52.98) - mailcious
216.239.34.21
172.67.197.219
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.8 |
M |
27 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6102 |
2021-03-17 23:12
|
 Taurusbabac.exe 602c4fc857abdc65397927df41fc638dBrowser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications suspicious process WriteConsoleW installed browsers check Windows Browser Email Cryptographic key Software crashed |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://278marsbahis.com/cfg/
http://278marsbahis.com/log/
|
2
278marsbahis.com(104.21.48.254)
172.67.139.225
|
|
|
14.4 |
M |
48 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6103 |
2021-03-17 23:12
|
001.txt 1cab063cc0c194cc5c81e71aad8a94e0
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows DNS Cryptographic key |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
1
|
|
|
11.0 |
M |
34 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6104 |
2021-03-17 23:13
|
www.txt 8fc65757011f067d0f35d6d4655e75d1
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key |
1
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
|
|
4.8 |
M |
26 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6105 |
2021-03-17 23:13
|
 buildcr.txt cca69674ecdc1dcd5ea4446577680d4b
Process Kill FindFirstVolume CryptGenKey Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
https://paste.ee/r/E1YUZ
|
2
paste.ee(172.67.219.133) - mailcious
104.21.45.223 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
M |
31 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|