6091 |
2024-01-26 12:15
|
about%20.url e3b601a28343c3eb7c8ffcafc492bb0c AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
|
|
|
4.2 |
M |
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6092 |
2024-01-26 12:13
|
ibmSever.vbs bb9a31982bd53b29cc81e3027709727bVirusTotal Malware wscript.exe payload download Tofsee |
2
http://paste.ee/d/Kiio7 https://paste.ee/d/Kiio7
|
2
paste.ee(104.21.84.67) - mailcious 104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6093 |
2024-01-26 12:11
|
currentupdationoftheexplertsay... bfc3ef7d2fa438d76b535b0410fe1296 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
3
http://paste.ee/d/Kiio7 http://172.245.208.3/440/ibmSever.vbs https://paste.ee/d/Kiio7
|
3
paste.ee(172.67.187.200) - mailcious 172.245.208.3 - mailcious 172.67.187.200 - mailcious
|
3
ET INFO Dotted Quad Host VBS Request ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6094 |
2024-01-26 12:11
|
vnextofficeupdationwaitingfort... 869dc88123916a7193c56809db6b5e97 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed |
1
http://192.3.176.145/310/conhost.exe
|
3
api.ipify.org(64.185.227.156) 192.3.176.145 - malware
104.237.62.211
|
9
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6095 |
2024-01-26 09:30
|
installs.exe dee63473a06ba61e8c176166609f3dbc Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6096 |
2024-01-26 09:28
|
somzx.exe e899fbf28973beed105f99e209e11be5 AgentTesla Malicious Library .NET framework(MSIL) UPX PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Discord Browser Email ComputerName DNS Software crashed keylogger |
1
https://discordapp.com/api/webhooks/1197254961164202145/ptzKDsgHtj6pY49BfLZoBFgkUGXIM695d512QfX0eWtZsuDouCKEGxBU0TiPSCQb8iSK
|
4
discordapp.com(162.159.134.233) - mailcious api.ipify.org(64.185.227.156) 162.159.133.233 - malware 64.185.227.156
|
6
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
|
|
14.0 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6097 |
2024-01-26 09:26
|
konotaverse2.1.exe e646eccc6a2a4ae885d9d96e8fa83926 Process Kill Malicious Library FindFirstVolume CryptGenKey UPX PE32 PE File Device_File_Check OS Processor Check VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder human activity check Windows ComputerName DNS DDNS |
|
2
jogard.duckdns.org(91.92.255.54) 91.92.255.54
|
2
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
9.8 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6098 |
2024-01-26 09:24
|
TrueCrypt_NyNIUi.exe 103b8f2dfacb5d9fac830f710c031f22 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware DNS crashed |
|
1
|
|
|
1.8 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6099 |
2024-01-26 09:22
|
zodzx.exe 807942ef0aa75b3e4a16357df18004bc Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader Malicious Library .NET framework(MSIL) UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebug An Remcos VirusTotal Malware Buffer PE Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS keylogger |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50) 178.237.33.50 173.211.106.128
|
1
ET JA3 Hash - Remcos 3.x TLS Connection
|
|
10.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6100 |
2024-01-26 09:19
|
MRK.exe 8b5cf3d102548da37888f34d3d468e27 RedLine Infostealer UltraVNC Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed |
|
1
143.95.79.226 - mailcious
|
|
|
3.6 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6101 |
2024-01-26 09:19
|
adobe.exe a5881f935fa46c5e8cfe5dd0428df074 Emotet Gen1 Malicious Library UPX Malicious Packer VMProtect PE32 PE File MZP Format DLL PE64 OS Processor Check DllRegisterServer dll Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed |
|
|
|
|
3.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6102 |
2024-01-26 09:17
|
tuc5.exe 2763f9339f4a7a8e80822e5a1da41f69 Emotet Gen1 Malicious Library UPX Malicious Packer VMProtect PE32 PE File MZP Format DLL PE64 OS Processor Check DllRegisterServer dll VirusTotal Malware Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed |
|
|
|
|
5.2 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6103 |
2024-01-26 09:16
|
uedfh12.exe 511dcb92421ebd7e873e753f804c6b4f RedLine Infostealer UltraVNC Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key crashed |
|
|
|
|
3.0 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6104 |
2024-01-26 09:14
|
sadsadsadsa.exe 5a6358bb95f251ab50b99305958a4c98 RedlineStealer RedLine stealer .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)
|
|
6.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6105 |
2024-01-26 09:13
|
rost.exe 03135ee6d7c5c029982e63d36d368267 Themida Packer Malicious Packer UPX PE32 PE File Malware download VirusTotal Malware AutoRuns MachineGuid unpack itself Windows utilities suspicious process WriteConsoleW IP Check Tofsee Windows RisePro ComputerName DNS crashed |
2
http://www.maxmind.com/geoip/v2.1/city/me https://db-ip.com/demo/home.php?s=175.208.134.152
|
7
ipinfo.io(34.117.186.192) db-ip.com(104.26.5.15) www.maxmind.com(104.18.145.235) 172.67.75.166 34.117.186.192 104.18.145.235 193.233.132.62 - mailcious
|
4
ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.2 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|