6451 |
2021-03-23 18:30
|
VZR.exe fc7c1d93d598a03632552cb838f466e1 Google Chrome User Data browser info stealer VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process Windows DNS |
|
|
|
|
11.2 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6452 |
2021-03-24 07:43
|
gf.gif 7e9de3d14155debd7365607e49e794f7VirusTotal Malware Check memory Checks debugger unpack itself |
|
1
aws.amazon.com(13.225.123.73)
|
|
|
1.2 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6453 |
2021-03-24 07:53
|
44278.696505787.dat 90fa9157a12ba1cef7f7285b103d5739Check memory Checks debugger unpack itself Tofsee |
|
2
aws.amazon.com(13.225.123.73) 13.225.123.73
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6454 |
2021-03-24 07:58
|
44278.696505787.dat 90fa9157a12ba1cef7f7285b103d5739Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Tofsee |
1
|
3
aws.amazon.com(13.225.123.73) perfeck42.uno() 54.230.166.70
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6455 |
2021-03-24 08:09
|
gf.gif 7e9de3d14155debd7365607e49e794f7VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Tofsee |
1
|
3
allthemilliplastini.space() - mailcious aws.amazon.com(13.225.123.73) 13.225.123.73
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6456 |
2021-03-24 10:08
|
AVR.exe ced8ae835d857fa6b1d6a49f4733ac66 Google Chrome User Data browser info stealer VirusTotal Malware Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process Windows |
|
|
|
|
10.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6457 |
2021-03-24 10:10
|
winlog.exe 51beebfe8676115fc2a11686b9817396FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder sandbox evasion DNS |
24
http://www.berkgaffaroglu.com/m0rc/ http://www.valentinaasia.com/m0rc/ http://www.zuot-1.com/m0rc/?Txops06=AoMZuz1/0BcV7eIxE8muyyyciw3bGYIxhRhEjOVUIkc8Ordg7t3cOz/Vq2RLpZse2P2YG0m8&KzuD=PnjpKJCXM http://www.tarawilliamsflrealtor.com/m0rc/?Txops06=QenV4VpCGS9vIe8273CmgMCNEfkRUOk3ePSE0FWq77gZUhrw7M6S6oCsw+4VeXsutdEle4va&KzuD=PnjpKJCXM http://www.yuanchengdope.com/m0rc/ http://www.lifeandagri.com/m0rc/ http://www.zuot-1.com/m0rc/ http://www.amrdiabcafe.com/m0rc/?Txops06=K9SS2bzskooRboifDtGiAFpnsOT1dt19FEpxnrqHV2WUkJP2yysnve0pKI+Dbqnf7DFzoWXd&KzuD=PnjpKJCXM http://www.berkgaffaroglu.com/m0rc/?Txops06=tMDcZMKEVYhat7UHKv1rpSXNolkiKhJHOXSNP6sEtfFAjhc8t1fYHddOH5QjPAlKaMsQ1j2/&KzuD=PnjpKJCXM http://www.yuanchengdope.com/m0rc/?Txops06=sFdwIwwGP+HKQV8vUXVRuZFzo3I0h8IjDOQVgNrfUmb2/7YwQlcusrV809ryaqOnp+0kNzjo&KzuD=PnjpKJCXM http://www.lifeandagri.com/m0rc/?Txops06=Yt58homu5OTYz/v0mhPz6bcOEdz6HUNsf0QHGRphK1hj+p1b3hPLvKv8Uw6hIlaGJexdutCT&KzuD=PnjpKJCXM http://www.alphaonemediagroup.com/m0rc/ http://www.thrillsharelms.net/m0rc/?Txops06=AeSEM3O1GEIngYJhQRD8w4Ds3FUoy+/yjmhq6vOn3Bx/SwBsbIrM6BC55mqSPTHhJA8EXfg5&KzuD=PnjpKJCXM http://www.tarawilliamsflrealtor.com/m0rc/ http://www.thrillsharelms.net/m0rc/ http://www.icloudmobiles.com/m0rc/?Txops06=eDvgW+xu+0q5XvAsJsnO1TMOhFJiVUDWNbGlp9clBATJ76fHu+FgMKl+F9Vi1W9yHUxEiBeI&KzuD=PnjpKJCXM http://www.investgreatlakes.com/m0rc/ http://www.valentinaasia.com/m0rc/?Txops06=5DGci0eCqPd87J6EdzbjuNHiISAwdiAlAJa6sKI6AHjoOa4LD9SNuEcm8/85QZL3pSyJNBwQ&KzuD=PnjpKJCXM http://www.amrdiabcafe.com/m0rc/ http://www.pinkysyles.com/m0rc/?Txops06=cqV6ijHUJYQPwkhwGk8sTrrIW7i5elQZYUEsgPLjX0pCjfTBb9jwmcPeKGY8PIn1LkBtv/Ok&KzuD=PnjpKJCXM http://www.icloudmobiles.com/m0rc/ http://www.pinkysyles.com/m0rc/ http://www.investgreatlakes.com/m0rc/?Txops06=naCGc+pKY3oiNyq/2acLjz+ev8OyFtKnvN+BSfzXfZAB9zXjuVQknsVQn+SNuZZDN02N9qNv&KzuD=PnjpKJCXM http://www.alphaonemediagroup.com/m0rc/?Txops06=hVo1FNwFhYVmMdZAQ7qmaW3SLJZFkPXbnKve51K4accoE8wcvwZSpPiWY6hPBUOOfkiNEns9&KzuD=PnjpKJCXM
|
25
www.icloudmobiles.com(204.11.56.48) www.gehavealouine.com() www.investgreatlakes.com(34.102.136.180) www.yuanchengdope.com(173.234.175.225) www.molesnag.net() www.alphaonemediagroup.com(34.102.136.180) www.tarawilliamsflrealtor.com(184.168.131.241) www.pinkysyles.com(45.33.23.183) www.thrillsharelms.net(34.102.136.180) www.valentinaasia.com(34.80.190.141) www.amrdiabcafe.com(45.197.108.116) www.zuot-1.com(163.44.185.227) www.lifeandagri.com(104.21.6.19) www.rbc-supportclient05.com() www.berkgaffaroglu.com(160.153.129.32) 163.44.185.227 - malware 184.168.131.241 - mailcious 173.234.175.225 104.21.6.19 34.102.136.180 - mailcious 45.197.108.116 34.80.190.141 - mailcious 204.11.56.48 - phishing 160.153.129.32 45.79.19.196 - suspicious
|
2
ET MALWARE FormBook CnC Checkin (GET) SURICATA HTTP Unexpected Request body
|
|
6.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6458 |
2021-03-24 10:11
|
file.exe 8b6e54917a40e532d4154086b6f05e12 Glupteba Malicious Library VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
2.8 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6459 |
2021-03-24 10:11
|
Client-0.exe b4282c7f3fa918a48c6cc2a8d1872764 AsyncRAT backdoor VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW Ransom Message Firewall state off VM Disk Size Check Ransomware Windows ComputerName DNS crashed |
|
|
|
|
15.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6460 |
2021-03-24 10:13
|
44278.5617880787.dat 8e23ed51c8c7fea74eb2e3b0a61690f3Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Tofsee DNS |
1
|
4
calldivorce.fun(178.128.243.14) - mailcious aws.amazon.com(13.225.123.73) 178.128.243.14 - mailcious 13.225.123.73
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6461 |
2021-03-24 10:13
|
Update%20of%20the%20OFFICE%20P... b4cf2053d95d4fbfc4b28083e509ff47 Antivirus VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS |
1
http://45.14.226.221/cdfe/Fack.jpg
|
3
poseidon99.ddns.net(79.134.225.73) 79.134.225.73 - mailcious 45.14.226.221 - malware
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
18.6 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6462 |
2021-03-24 10:24
|
az1.exe 61968c8debeae1e415a485c0b4d79b46VirusTotal Malware DNS crashed |
|
|
|
|
1.4 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6463 |
2021-03-24 10:25
|
far1.exe c270e01d22df1cf517f86b5e4750b312VirusTotal Malware unpack itself crashed |
|
|
|
|
1.2 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6464 |
2021-03-24 10:27
|
gerte523d.exe 98aca6c94ef680b24885d1462ccc36afVirusTotal Malware unpack itself DNS crashed |
|
|
|
|
2.0 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6465 |
2021-03-24 10:27
|
Clientnik.txt 3e0c0275c22f75048511cbcbdcca3641 AsyncRAT backdoor VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW Firewall state off VM Disk Size Check Ransomware Windows ComputerName crashed |
|
|
|
|
14.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|