6286 |
2021-03-21 19:09
|
fer8.exe 4e228802bcb649751855c0bd9a35ab0d VirusTotal Malware malicious URLs crashed |
|
|
|
|
1.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6287 |
2021-03-21 19:13
|
engine-rawbin.exe 56f4eeaef4814ace6c236ac620bc0663 Gen Browser Info Stealer Malware download FTP Client Info Stealer Azorult VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency MachineGuid Malicious Traffic Check memory Creates executable files Collect installed applications AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Ransomware Browser Email ComputerName Software |
1
http://lexusbiscuit.com/OiuBn/index.php
|
2
lexusbiscuit.com(85.25.177.199) 85.25.177.199 - mailcious
|
1
ET MALWARE AZORult v3.3 Server Response M3
|
|
10.6 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6288 |
2021-03-21 19:24
|
IMG_724_Scanned_603.pdf 5c2cd6d19381ac5a4a517c2165b29813 ftp Client info stealer email stealer Win Trojan agentTesla browser Antivirus Google Chrome User Data AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
8
http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F0229FCF4361E3474252BC51486A1FE9.html - rule_id: 439 http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F3703A552F71D1430FEA82C966AE9B0.html - rule_id: 439 http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-00EF07D21C7D5F4678ACBB70D3F3CD39.html - rule_id: 439 http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150 https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F0229FCF4361E3474252BC51486A1FE9.html - rule_id: 441 https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F3703A552F71D1430FEA82C966AE9B0.html - rule_id: 441 https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-00EF07D21C7D5F4678ACBB70D3F3CD39.html - rule_id: 441
|
6
jejendjcjfhh.com(104.21.22.219) - mailcious freegeoip.app(172.67.188.154) checkip.dyndns.org(131.186.113.70) 104.21.22.219 - mailcious 131.186.161.70 104.21.19.200
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response
|
6
http://jejendjcjfhh.com/ http://jejendjcjfhh.com/ http://jejendjcjfhh.com/ https://jejendjcjfhh.com/liverpool-fc-news/ https://jejendjcjfhh.com/liverpool-fc-news/ https://jejendjcjfhh.com/liverpool-fc-news/
|
16.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6289 |
2021-03-21 19:25
|
fkt.exe 3b741d6798735efdae2d18c80716ee4bVirusTotal Malware AutoRuns Code Injection Check memory Creates executable files ICMP traffic Windows utilities sandbox evasion Windows ComputerName DNS crashed |
|
1
|
|
|
6.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6290 |
2021-03-22 09:00
|
sn1.exe 4e228802bcb649751855c0bd9a35ab0dVirusTotal Malware malicious URLs crashed |
|
|
|
|
2.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6291 |
2021-03-22 09:05
|
PO_107658_200.pdf 4ac557f524400a9007c6c8e6912e9e1f ftp Client info stealer email stealer Win Trojan agentTesla browser Antivirus Google Chrome User Data AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process malicious URLs WriteConsoleW VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
5
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C3D2B2E00FD2D0A487EE9D3E4ED34E37.html http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-43E8645E63EE68E099B116467826FCEA.html http://checkip.dyndns.org/ http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5945125BA39050CC5933CF0C1B36419D.html https://freegeoip.app/xml/175.208.134.150
|
6
liverpoolsupporters9.com(172.67.176.78) freegeoip.app(172.67.188.154) checkip.dyndns.org(131.186.113.70) 172.67.188.154 131.186.161.70 104.21.88.100
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
16.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6292 |
2021-03-22 09:14
|
ss.exe 91ee2afefdf066eae3aead061a8075edVirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6293 |
2021-03-22 09:17
|
VSX.exe d642f78e75dad522b4e70a3227d61ec7VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself malicious URLs |
|
|
|
|
6.0 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6294 |
2021-03-22 09:20
|
wmin.exe 806ba19af21c27492a4e92e38d64c634 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key Software crashed |
1
https://pastebin.com/raw/rmZm7wcd
|
3
pastebin.com(104.23.98.190) - mailcious 79.134.225.22 104.23.99.190 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
17.8 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6295 |
2021-03-22 09:45
|
22.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6296 |
2021-03-22 09:50
|
22.dll 649b5c913739cea195c7662ff412b8ceVirusTotal Malware PDB |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6297 |
2021-03-22 09:59
|
PO_107658_200.pdf 4ac557f524400a9007c6c8e6912e9e1f Antivirus AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW VMware IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
5
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C3D2B2E00FD2D0A487EE9D3E4ED34E37.html - rule_id: 462 http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-43E8645E63EE68E099B116467826FCEA.html - rule_id: 462 http://checkip.dyndns.org/ http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5945125BA39050CC5933CF0C1B36419D.html - rule_id: 462 https://freegeoip.app/xml/175.208.134.150
|
6
liverpoolsupporters9.com(172.67.176.78) - mailcious freegeoip.app(172.67.188.154) checkip.dyndns.org(162.88.193.70) 162.88.193.70 172.67.176.78 104.21.19.200
|
4
ET POLICY External IP Lookup - checkip.dyndns.org ET POLICY DynDNS CheckIp External IP Address Server Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
|
3
http://liverpoolsupporters9.com/liverpool-fc-news/ http://liverpoolsupporters9.com/liverpool-fc-news/ http://liverpoolsupporters9.com/liverpool-fc-news/
|
17.0 |
M |
22 |
Zero
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6298 |
2021-03-22 10:02
|
WPG.exe 6273ade4c3e0abd33473928d7a25b309 Azorult .NET framework VirusTotal Malware |
|
|
|
|
1.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6299 |
2021-03-22 10:09
|
Documents550.xlsm c55996933c6e8ba7db93a76dec4f430eVirusTotal Malware Checks debugger WMI unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows ComputerName DNS crashed |
|
1
jgu16cbxdr03ehqvx.xyz() - mailcious
|
|
|
7.2 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6300 |
2021-03-22 10:18
|
Machos1.exe 460c76892a939c1b7d563171c3b2d349 AsyncRAT backdoor VirusTotal Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces Tofsee DNS |
1
https://cdn.discordapp.com/attachments/790590543397781576/821075940146282537/Token_Stealer.bat
|
4
raw.githubusercontent.com(185.199.108.133) - malware cdn.discordapp.com(162.159.135.233) - malware 185.199.109.133 - mailcious 162.159.134.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|