6121 |
2021-03-17 23:39
|
bsdasdasd333.exe 3b464a4879a13344f2683df235063506 AsyncRAT backdoor VirusTotal Malware |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
1
coroloboxorozor.com() - mailcious
|
|
|
1.0 |
M |
37 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6122 |
2021-03-17 23:39
|
word.txt 37b2f2b402c9fd67af523ce7a4ed160b Emotet Gen VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Email ComputerName Remote Code Execution DNS crashed |
|
2
euzpdpTPHvaakOPTnKc.euzpdpTPHvaakOPTnKc() 216.239.36.21 - phishing
|
|
|
13.4 |
M |
14 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6123 |
2021-03-17 23:41
|
vbc.exe 6cfcc46ac40c7fccc985e8cbc71c9dbf Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName DNS Cryptographic key crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
|
|
10.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6124 |
2021-03-17 23:46
|
142.dll 3a35cdd69dbafa00b86e274c03444a49 Emotet Gen VirusTotal Malware Checks debugger buffers extracted RWX flags setting unpack itself suspicious process malicious URLs Remote Code Execution |
|
|
|
|
5.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6125 |
2021-03-17 23:48
|
28.casacapitale.exe 5b94175e4686d1615628f78a623bcead Emotet Gen Dridex TrickBot VirusTotal Malware Report suspicious privilege Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces suspicious process malicious URLs IP Check Kovter ComputerName DNS |
1
http://checkip.amazonaws.com/
|
6
150.134.208.175.b.barracudacentral.org(127.0.0.2) checkip.amazonaws.com(52.204.109.97) 150.134.208.175.cbl.abuseat.org() 150.134.208.175.zen.spamhaus.org() 23.21.27.29 131.255.106.152 - mailcious
|
4
ET POLICY curl User-Agent Outbound ET CNC Feodo Tracker Reported CnC Server group 4 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
7.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6126 |
2021-03-17 23:52
|
d515b82629ce25b41646fdc3ebe748... b83345e9bbe5d96d5488dfcb6c0e2999VirusTotal Malware unpack itself |
|
|
|
|
2.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6127 |
2021-03-17 23:58
|
mmn.exe 6ac860e3c427880aac2716da9e6f9269 Azorult .NET framework ftp Client info stealer email stealer Win Trojan agentTesla browser Google Chrome User Data Download management VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName DNS Cryptographic key crashed |
|
|
|
|
11.6 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6128 |
2021-03-18 00:09
|
rrr.exe e1a35115295cd4740b9b779c8d1e1c24 Azorult .NET framework Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
|
|
|
12.2 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6129 |
2021-03-18 00:15
|
Rechnung.js f94bfce5384f10201df977d67ea6c5d1 Gen Malware download Wshrat NetWireRC VirusTotal Malware VBScript AutoRuns buffers extracted WMI wscript.exe payload download Creates executable files unpack itself AppData folder malicious URLs AntiVM_Disk IP Check VM Disk Size Check human activity check Ransomware Windows Houdini ComputerName DNS Dropper |
4
http://79.134.225.94:5200/is-ready http://wshsoft.company/python27.zip http://79.134.225.94:5200/moz-sdk http://ip-api.com/json/
|
5
wshsoft.company(194.59.164.67) - malware ip-api.com(208.95.112.1) 79.134.225.94 208.95.112.1 194.59.164.67 - malware
|
3
ET MALWARE WSHRAT CnC Checkin ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1 ET POLICY External IP Lookup ip-api.com
|
|
10.0 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6130 |
2021-03-18 08:00
|
saber.exe 9be7ceaf74ddf6accd91f06b7ae99c76 Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
10.4 |
|
22 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6131 |
2021-03-18 08:45
|
.rels 69984e911a8e36d7f6eab75bf36c6d01Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6132 |
2021-03-18 08:45
|
[Content_Types].xml 2d7389509248f6fbf029f1ef6de3b7a9Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6133 |
2021-03-18 08:46
|
[Content_Types].xml 2d7389509248f6fbf029f1ef6de3b7a9Code Injection unpack itself Windows utilities malicious URLs Windows |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f http://www.bing.com/favicon.ico
|
|
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6134 |
2021-03-18 08:47
|
[Content_Types].xml 2d7389509248f6fbf029f1ef6de3b7a9Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
5.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6135 |
2021-03-18 08:48
|
.rels 69984e911a8e36d7f6eab75bf36c6d01Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|