6256 |
2021-03-21 10:22
|
22001.dll 9a85e1eccf35e0c2e4f1b4764228e0f9 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6257 |
2021-03-21 10:24
|
mon93_cr.dll 955a8fad4b34c808afa21c1c8692891d Trickbot Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Kovter Windows ComputerName DNS crashed |
3
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2 https://update.googleapis.com/service/update2?cup2key=10:2908630137&cup2hreq=3d69f8b570e6d256df74855675a3f9977abb0a6efe59e9daa70b1bd789d83978
|
7
edgedl.gvt1.com(142.250.34.2) 123.200.26.246 - mailcious 142.250.34.2 122.2.28.70 - mailcious 180.92.238.186 - mailcious 103.225.138.94 - mailcious 131.255.106.152 - mailcious
|
9
ET CNC Feodo Tracker Reported CnC Server group 4 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex SURICATA Applayer Mismatch protocol both directions ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 1 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
7.8 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6258 |
2021-03-21 10:26
|
Documents599.xlsm 8e14cc9fccebe9fff32ec0cf5fd14704VirusTotal Malware Checks debugger WMI unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName crashed |
1
http://fqzzj16gndioz03mxadr.xyz/summer.gif
|
1
fqzzj16gndioz03mxadr.xyz() - mailcious
|
|
|
6.4 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6259 |
2021-03-21 10:32
|
a155.dll c957b150c5a36d00f1c964d56a151997 Trickbot Dridex TrickBot VirusTotal Malware suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process malicious URLs Kovter ComputerName DNS crashed |
1
https://73.103.36.158/mon155/TEST22-PC_W617601.E9BF1C1F73CE5DFCC833C18F3926773A/5/file/
|
6
67.212.241.178 72.131.216.28 73.103.36.158 50.197.243.125 72.128.158.51 96.88.45.25
|
2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
6.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6260 |
2021-03-21 10:32
|
mon105_cr.dll 0f342e64cf48ef4b6131f7c2f1244f70 Trickbot Dridex TrickBot VirusTotal Malware Report suspicious privilege Checks debugger buffers extracted unpack itself Check virtual network interfaces Kovter ComputerName DNS crashed |
3
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f
|
6
142.112.79.223 - mailcious 123.200.26.246 - mailcious 122.2.28.70 - mailcious 180.92.238.186 - mailcious 201.20.118.122 - mailcious 131.255.106.152 - mailcious
|
4
ET CNC Feodo Tracker Reported CnC Server group 4 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) SURICATA Applayer Mismatch protocol both directions
|
|
6.2 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6261 |
2021-03-21 10:32
|
mon93_cr.dll 955a8fad4b34c808afa21c1c8692891d Trickbot Dridex TrickBot VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Tofsee Kovter ComputerName DNS |
8
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:2d284ad3-5648-4376-8360-b0559e35418f https://50.197.243.125/mon93/WIN7-PC_W617601.93BB8C7511407F8371B563BB303FD36E/5/file/ https://50.197.243.125/mon93/WIN7-PC_W617601.93BB8C7511407F8371B563BB303FD36E/14/user/Administrator/0/ https://50.197.243.125/mon93/WIN7-PC_W617601.93BB8C7511407F8371B563BB303FD36E/14/DNSBL/listed/0/ https://50.197.243.125/mon93/WIN7-PC_W617601.93BB8C7511407F8371B563BB303FD36E/0/Windows%207%20x86%20SP1/1104/175.208.134.150/ED782E1E76A5CFB3B034E9323D902B376EF3D8927E4791D1434418F530E078D4/Xl03ixmBSrmV6KzqluzG/ https://api.ip.sb/ip
|
8
150.134.208.175.b.barracudacentral.org(127.0.0.2) 150.134.208.175.cbl.abuseat.org() 150.134.208.175.zen.spamhaus.org() api.ip.sb(104.26.12.31) 154.126.176.30 - mailcious 172.67.75.172 122.2.28.70 - mailcious 50.197.243.125
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET CNC Feodo Tracker Reported CnC Server group 4 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
|
|
7.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6262 |
2021-03-21 10:43
|
2200.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6263 |
2021-03-21 10:44
|
updatewin2.exe 996ba35165bb62473d2a6743a5200d45VirusTotal Malware unpack itself Windows Remote Code Execution |
|
|
|
|
3.6 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6264 |
2021-03-21 10:54
|
xckex.exe 8446eb1134ac6b049b65eead1d545b59 ftp Client info stealer email stealer Win Trojan agentTesla browser Google Chrome User Data Download management VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Ransomware Windows Tor ComputerName Cryptographic key crashed |
|
|
|
|
11.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6265 |
2021-03-21 10:54
|
2200.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6266 |
2021-03-21 10:59
|
2200.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6267 |
2021-03-21 11:04
|
2200.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6268 |
2021-03-21 11:14
|
xload.exe a2a5d5a1e81a0c4fe99c6387544de8e3 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
7.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6269 |
2021-03-21 14:25
|
22.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6270 |
2021-03-21 14:33
|
22.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|