| 6121 |
2021-03-17 23:39
|
bsdasdasd333.exe 3b464a4879a13344f2683df235063506
AsyncRAT backdoor VirusTotal Malware |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
1
coroloboxorozor.com() - mailcious
|
|
|
1.0 |
M |
37 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6122 |
2021-03-17 23:39
|
 word.txt 37b2f2b402c9fd67af523ce7a4ed160b
Emotet Gen VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Email ComputerName Remote Code Execution DNS crashed |
|
2
euzpdpTPHvaakOPTnKc.euzpdpTPHvaakOPTnKc()
216.239.36.21 - phishing
|
|
|
13.4 |
M |
14 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6123 |
2021-03-17 23:41
|
 vbc.exe 6cfcc46ac40c7fccc985e8cbc71c9dbf
Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS Cryptographic key crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
|
|
10.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6124 |
2021-03-17 23:46
|
 142.dll 3a35cdd69dbafa00b86e274c03444a49
Emotet Gen VirusTotal Malware Checks debugger buffers extracted RWX flags setting unpack itself suspicious process malicious URLs Remote Code Execution |
|
|
|
|
5.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6125 |
2021-03-17 23:48
|
 28.casacapitale.exe 5b94175e4686d1615628f78a623bcead
Emotet Gen Dridex TrickBot VirusTotal Malware Report suspicious privilege Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process malicious URLs IP Check Kovter ComputerName DNS |
1
http://checkip.amazonaws.com/
|
6
150.134.208.175.b.barracudacentral.org(127.0.0.2)
checkip.amazonaws.com(52.204.109.97)
150.134.208.175.cbl.abuseat.org()
150.134.208.175.zen.spamhaus.org()
23.21.27.29
131.255.106.152 - mailcious
|
4
ET POLICY curl User-Agent Outbound
ET CNC Feodo Tracker Reported CnC Server group 4
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
7.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6126 |
2021-03-17 23:52
|
 d515b82629ce25b41646fdc3ebe748... b83345e9bbe5d96d5488dfcb6c0e2999VirusTotal Malware unpack itself |
|
|
|
|
2.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6127 |
2021-03-17 23:58
|
 mmn.exe 6ac860e3c427880aac2716da9e6f9269
Azorult .NET framework ftp Client info stealer email stealer Win Trojan agentTesla browser Google Chrome User Data Download management VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName DNS Cryptographic key crashed |
|
|
|
|
11.6 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6128 |
2021-03-18 00:09
|
rrr.exe e1a35115295cd4740b9b779c8d1e1c24
Azorult .NET framework Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
|
|
|
12.2 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6129 |
2021-03-18 00:15
|
 Rechnung.js f94bfce5384f10201df977d67ea6c5d1
Gen Malware download Wshrat NetWireRC VirusTotal Malware VBScript AutoRuns buffers extracted WMI wscript.exe payload download Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk IP Check VM Disk Size Check human activity check Ransomware Windows Houdini ComputerName DNS Dropper |
4
http://79.134.225.94:5200/is-ready
http://wshsoft.company/python27.zip
http://79.134.225.94:5200/moz-sdk
http://ip-api.com/json/
|
5
wshsoft.company(194.59.164.67) - malware
ip-api.com(208.95.112.1)
79.134.225.94
208.95.112.1
194.59.164.67 - malware
|
3
ET MALWARE WSHRAT CnC Checkin
ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
ET POLICY External IP Lookup ip-api.com
|
|
10.0 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6130 |
2021-03-18 08:00
|
 saber.exe 9be7ceaf74ddf6accd91f06b7ae99c76
Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
10.4 |
|
22 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6131 |
2021-03-18 08:45
|
 .rels 69984e911a8e36d7f6eab75bf36c6d01Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6132 |
2021-03-18 08:45
|
 [Content_Types].xml 2d7389509248f6fbf029f1ef6de3b7a9Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6133 |
2021-03-18 08:46
|
 [Content_Types].xml 2d7389509248f6fbf029f1ef6de3b7a9Code Injection unpack itself Windows utilities malicious URLs Windows |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
http://www.bing.com/favicon.ico
|
|
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6134 |
2021-03-18 08:47
|
 [Content_Types].xml 2d7389509248f6fbf029f1ef6de3b7a9Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6135 |
2021-03-18 08:48
|
 .rels 69984e911a8e36d7f6eab75bf36c6d01Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|