| 6286 |
2021-03-21 19:09
|
fer8.exe 4e228802bcb649751855c0bd9a35ab0d
VirusTotal Malware malicious URLs crashed |
|
|
|
|
1.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6287 |
2021-03-21 19:13
|
engine-rawbin.exe 56f4eeaef4814ace6c236ac620bc0663
Gen Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Malicious Traffic Check memory Creates executable files Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Browser Email ComputerName Software |
1
http://lexusbiscuit.com/OiuBn/index.php
|
2
lexusbiscuit.com(85.25.177.199)
85.25.177.199 - mailcious
|
1
ET MALWARE AZORult v3.3 Server Response M3
|
|
10.6 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6288 |
2021-03-21 19:24
|
 IMG_724_Scanned_603.pdf 5c2cd6d19381ac5a4a517c2165b29813
ftp Client info stealer email stealer Win Trojan agentTesla browser Antivirus Google Chrome User Data AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
8
http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F0229FCF4361E3474252BC51486A1FE9.html - rule_id: 439
http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F3703A552F71D1430FEA82C966AE9B0.html - rule_id: 439
http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-00EF07D21C7D5F4678ACBB70D3F3CD39.html - rule_id: 439
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F0229FCF4361E3474252BC51486A1FE9.html - rule_id: 441
https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F3703A552F71D1430FEA82C966AE9B0.html - rule_id: 441
https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-00EF07D21C7D5F4678ACBB70D3F3CD39.html - rule_id: 441
|
6
jejendjcjfhh.com(104.21.22.219) - mailcious
freegeoip.app(172.67.188.154)
checkip.dyndns.org(131.186.113.70)
104.21.22.219 - mailcious
131.186.161.70
104.21.19.200
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
|
6
http://jejendjcjfhh.com/
http://jejendjcjfhh.com/
http://jejendjcjfhh.com/
https://jejendjcjfhh.com/liverpool-fc-news/
https://jejendjcjfhh.com/liverpool-fc-news/
https://jejendjcjfhh.com/liverpool-fc-news/
|
16.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6289 |
2021-03-21 19:25
|
fkt.exe 3b741d6798735efdae2d18c80716ee4bVirusTotal Malware AutoRuns Code Injection Check memory Creates executable files ICMP traffic Windows utilities sandbox evasion Windows ComputerName DNS crashed |
|
1
|
|
|
6.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6290 |
2021-03-22 09:00
|
sn1.exe 4e228802bcb649751855c0bd9a35ab0dVirusTotal Malware malicious URLs crashed |
|
|
|
|
2.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6291 |
2021-03-22 09:05
|
 PO_107658_200.pdf 4ac557f524400a9007c6c8e6912e9e1f
ftp Client info stealer email stealer Win Trojan agentTesla browser Antivirus Google Chrome User Data AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
5
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C3D2B2E00FD2D0A487EE9D3E4ED34E37.html
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-43E8645E63EE68E099B116467826FCEA.html
http://checkip.dyndns.org/
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5945125BA39050CC5933CF0C1B36419D.html
https://freegeoip.app/xml/175.208.134.150
|
6
liverpoolsupporters9.com(172.67.176.78)
freegeoip.app(172.67.188.154)
checkip.dyndns.org(131.186.113.70)
172.67.188.154
131.186.161.70
104.21.88.100
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
16.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6292 |
2021-03-22 09:14
|
 ss.exe 91ee2afefdf066eae3aead061a8075edVirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6293 |
2021-03-22 09:17
|
 VSX.exe d642f78e75dad522b4e70a3227d61ec7VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs |
|
|
|
|
6.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6294 |
2021-03-22 09:20
|
 wmin.exe 806ba19af21c27492a4e92e38d64c634
Azorult .NET framework AsyncRAT backdoor VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Software crashed |
1
https://pastebin.com/raw/rmZm7wcd
|
3
pastebin.com(104.23.98.190) - mailcious
79.134.225.22
104.23.99.190 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
17.8 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6295 |
2021-03-22 09:45
|
22.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6296 |
2021-03-22 09:50
|
22.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6297 |
2021-03-22 09:59
|
 PO_107658_200.pdf 4ac557f524400a9007c6c8e6912e9e1f
Antivirus AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
5
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C3D2B2E00FD2D0A487EE9D3E4ED34E37.html - rule_id: 462
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-43E8645E63EE68E099B116467826FCEA.html - rule_id: 462
http://checkip.dyndns.org/
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5945125BA39050CC5933CF0C1B36419D.html - rule_id: 462
https://freegeoip.app/xml/175.208.134.150
|
6
liverpoolsupporters9.com(172.67.176.78) - mailcious
freegeoip.app(172.67.188.154)
checkip.dyndns.org(162.88.193.70)
162.88.193.70
172.67.176.78
104.21.19.200
|
4
ET POLICY External IP Lookup - checkip.dyndns.org
ET POLICY DynDNS CheckIp External IP Address Server Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
|
3
http://liverpoolsupporters9.com/liverpool-fc-news/
http://liverpoolsupporters9.com/liverpool-fc-news/
http://liverpoolsupporters9.com/liverpool-fc-news/
|
17.0 |
M |
22 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6298 |
2021-03-22 10:02
|
 WPG.exe 6273ade4c3e0abd33473928d7a25b309
Azorult .NET framework VirusTotal Malware |
|
|
|
|
1.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6299 |
2021-03-22 10:09
|
 Documents550.xlsm c55996933c6e8ba7db93a76dec4f430eVirusTotal Malware Checks debugger WMI unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS crashed |
|
1
jgu16cbxdr03ehqvx.xyz() - mailcious
|
|
|
7.2 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6300 |
2021-03-22 10:18
|
Machos1.exe 460c76892a939c1b7d563171c3b2d349
AsyncRAT backdoor VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces Tofsee DNS |
1
https://cdn.discordapp.com/attachments/790590543397781576/821075940146282537/Token_Stealer.bat
|
4
raw.githubusercontent.com(185.199.108.133) - malware
cdn.discordapp.com(162.159.135.233) - malware
185.199.109.133 - mailcious
162.159.134.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|