| 6256 |
2021-03-21 10:22
|
22001.dll 9a85e1eccf35e0c2e4f1b4764228e0f9
VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6257 |
2021-03-21 10:24
|
mon93_cr.dll 955a8fad4b34c808afa21c1c8692891d
Trickbot Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Kovter Windows ComputerName DNS crashed |
3
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
https://update.googleapis.com/service/update2
https://update.googleapis.com/service/update2?cup2key=10:2908630137&cup2hreq=3d69f8b570e6d256df74855675a3f9977abb0a6efe59e9daa70b1bd789d83978
|
7
edgedl.gvt1.com(142.250.34.2)
123.200.26.246 - mailcious
142.250.34.2
122.2.28.70 - mailcious
180.92.238.186 - mailcious
103.225.138.94 - mailcious
131.255.106.152 - mailcious
|
9
ET CNC Feodo Tracker Reported CnC Server group 4
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
SURICATA Applayer Mismatch protocol both directions
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET CNC Feodo Tracker Reported CnC Server group 1
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
7.8 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6258 |
2021-03-21 10:26
|
 Documents599.xlsm 8e14cc9fccebe9fff32ec0cf5fd14704VirusTotal Malware Checks debugger WMI unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName crashed |
1
http://fqzzj16gndioz03mxadr.xyz/summer.gif
|
1
fqzzj16gndioz03mxadr.xyz() - mailcious
|
|
|
6.4 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6259 |
2021-03-21 10:32
|
 a155.dll c957b150c5a36d00f1c964d56a151997
Trickbot Dridex TrickBot VirusTotal Malware suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs Kovter ComputerName DNS crashed |
1
https://73.103.36.158/mon155/TEST22-PC_W617601.E9BF1C1F73CE5DFCC833C18F3926773A/5/file/
|
6
67.212.241.178
72.131.216.28
73.103.36.158
50.197.243.125
72.128.158.51
96.88.45.25
|
2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
6.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6260 |
2021-03-21 10:32
|
mon105_cr.dll 0f342e64cf48ef4b6131f7c2f1244f70
Trickbot Dridex TrickBot VirusTotal Malware Report suspicious privilege Checks debugger buffers extracted unpack itself Check virtual network interfaces Kovter ComputerName DNS crashed |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
6
142.112.79.223 - mailcious
123.200.26.246 - mailcious
122.2.28.70 - mailcious
180.92.238.186 - mailcious
201.20.118.122 - mailcious
131.255.106.152 - mailcious
|
4
ET CNC Feodo Tracker Reported CnC Server group 4
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
SURICATA Applayer Mismatch protocol both directions
|
|
6.2 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6261 |
2021-03-21 10:32
|
mon93_cr.dll 955a8fad4b34c808afa21c1c8692891d
Trickbot Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Kovter ComputerName DNS |
8
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
https://50.197.243.125/mon93/WIN7-PC_W617601.93BB8C7511407F8371B563BB303FD36E/5/file/
https://50.197.243.125/mon93/WIN7-PC_W617601.93BB8C7511407F8371B563BB303FD36E/14/user/Administrator/0/
https://50.197.243.125/mon93/WIN7-PC_W617601.93BB8C7511407F8371B563BB303FD36E/14/DNSBL/listed/0/
https://50.197.243.125/mon93/WIN7-PC_W617601.93BB8C7511407F8371B563BB303FD36E/0/Windows%207%20x86%20SP1/1104/175.208.134.150/ED782E1E76A5CFB3B034E9323D902B376EF3D8927E4791D1434418F530E078D4/Xl03ixmBSrmV6KzqluzG/
https://api.ip.sb/ip
|
8
150.134.208.175.b.barracudacentral.org(127.0.0.2)
150.134.208.175.cbl.abuseat.org()
150.134.208.175.zen.spamhaus.org()
api.ip.sb(104.26.12.31)
154.126.176.30 - mailcious
172.67.75.172
122.2.28.70 - mailcious
50.197.243.125
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET CNC Feodo Tracker Reported CnC Server group 4
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
7.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6262 |
2021-03-21 10:43
|
2200.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6263 |
2021-03-21 10:44
|
 updatewin2.exe 996ba35165bb62473d2a6743a5200d45VirusTotal Malware unpack itself Windows Remote Code Execution |
|
|
|
|
3.6 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6264 |
2021-03-21 10:54
|
xckex.exe 8446eb1134ac6b049b65eead1d545b59
ftp Client info stealer email stealer Win Trojan agentTesla browser Google Chrome User Data Download management VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed |
|
|
|
|
11.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6265 |
2021-03-21 10:54
|
2200.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6266 |
2021-03-21 10:59
|
2200.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6267 |
2021-03-21 11:04
|
2200.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6268 |
2021-03-21 11:14
|
 xload.exe a2a5d5a1e81a0c4fe99c6387544de8e3
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
7.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6269 |
2021-03-21 14:25
|
22.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6270 |
2021-03-21 14:33
|
22.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|