| 6541 |
2024-08-17 23:14
|
 Configure.xml a163ce14405a6eed5ec4bfbef078e5b6
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6542 |
2024-08-17 23:13
|
 cleanospp.exe d3467cb7b83b654c2d05407dc7ba2360
Generic Malware Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE64 PDB Check memory unpack itself |
|
|
|
|
1.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6543 |
2024-08-17 23:13
|
 msvcr100.dll df3ca8d16bded6a54977b30e66864d33
Gen1 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check PDB |
|
|
|
|
0.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6544 |
2024-08-17 23:10
|
 cleanospp.exe 98821a7a5737d656633d10a3afb724bd
Generic Malware Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 PDB Check memory unpack itself WriteConsoleW |
|
|
|
|
1.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6545 |
2024-08-17 23:10
|
 msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
Gen1 Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check PDB |
|
|
|
|
0.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6546 |
2024-08-17 23:10
|
 msvcr100.dll df3ca8d16bded6a54977b30e66864d33
Gen1 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check PDB |
|
|
|
|
0.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6547 |
2024-08-17 23:09
|
 cleanospp.exe d3467cb7b83b654c2d05407dc7ba2360
Generic Malware Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE64 PDB unpack itself |
|
|
|
|
1.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6548 |
2024-08-17 23:00
|
 DNSBench.exe 04177f89fa23b9d6fec146d9be737566
UPX PE File PE32 Malware download VirusTotal Malware Checks debugger unpack itself Check virtual network interfaces Tofsee GameoverP2P Zeus DNS crashed |
2
http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
https://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb
|
590
wglhn4qxaszflva4flruzoirwh.com()
www.dq0ehd0tgeuaklnd3trkwmnbof.com()
kv33ntmrha1ra4whqbsupdwdwe.Youtube.com()
fh43jy5tr4buuf50gjqky00yne.com()
v3tajp3tuvkvvcv2gcskqi0hvf.com()
nfv4yqnqwaciuniknctiqggdyh.com()
isc.org(151.101.2.217)
ciwlhowxtrqu3cfaxdsaj5pk5g.Youtube.com()
www.wj0tjhvswhj3mcxfbgra2gsgyh.com()
25.16.6.68.test.senderbase.org()
30.16.100.68.origin.asn.cymru.com(127.0.0.2)
jt5yc2yrcyhjuzl51lqsi3ic5b.Yahoo.com()
b1lpxcbstkb4d2h1omqanlqfog.Live.com(204.79.197.212)
25.16.4.68.origin.asn.cymru.com(127.0.0.2)
2.87.93.66.origin.asn.cymru.com(127.0.0.2)
as7922.asn.cymru.com()
y3njz1lu05amhmtvnasoq4nqrb.Google.com()
uksz2nvtjy0llumtecqiypfdug.com()
sol2tc2qrih14k30hss4qzipsg.Yahoo.com()
www.n0t3ifgxgdtqoksq3ascvijv3g.com()
w0mer1urosq0bsrhjytgnsnnve.com()
1tdu3d2ud11efzeyqkra15p5af.com()
170.68.87.68.origin.asn.cymru.com(127.0.0.2)
22.71.154.156.test.senderbase.org()
ud4z2kss1v5ghdqbvrs0ogfjie.Youtube.com()
lgilom1v0mer0xytsqrwq5ho0c.com()
i5xxupdtpeahxjaan1qyqaozyb.Live.com(204.79.197.212)
cbsh3upwdledr32w3pqyojbwwb.Google.com()
4qmo30fq3hryctxncyqiakqrdb.com()
1fnspaju2dxx0csdmssuu1fbkd.Youtube.com()
ufdzt5wtls2crtrxzbs0d5p4ke.com()
qshberjqbhcyac2nc4ro11iklg.com()
www.qgyt1wksdaqmu3cgjbr43rquac.com()
2r1p0fksxdbydh5snprqovgiwf.Google.com()
0vftpz3x240xa0oedor23fn0bc.com()
db0zcnzuuspdq1nsy0sep1b0ef.Yahoo.com()
eq4a1tdutcylcr44raqcx220vb.com()
tfhhxn0xnq2x3josvhsaw2yywd.com()
1.194.153.198.test.senderbase.org()
gj1weg4xzob3ntdcqjqig5jg3a.Yahoo.com()
0kh1cccrf3uhzlupl2rklwfpoh.com()
30.16.12.68.test.senderbase.org()
www.Yahoo.com(180.222.119.248)
www.Youtube.com(142.250.207.110) - mailcious
qxwgvpqtr3llinpfijrgskbcra.com()
dyrtw5yxwxa0fwgqugruohi3jg.Google.com()
tsgb1fdutzd5oacfsbqyzmdo5a.com()
www.n04pvi3w10oknbamnvrcs2e5sd.com()
vj44lfaxcqmbosfi0lti0y4sya.com()
29.32.113.24.origin.asn.cymru.com(127.0.0.2)
w4fhrlav5zfp44pwurqyolaolh.Youtube.com()
6.2.2.4.test.senderbase.org()
wasahngxefbkpq1wftrsylruxh.com()
mhf1ptyts51xwuxq0pryfbddgd.com()
co52fllvtb1hdkokcqsa4l21xg.Live.com(204.79.197.212)
zpvidqauzbdpmbsthkqw4ejgva.Yahoo.com()
222.220.67.208.origin.asn.cymru.com(127.0.0.2)
tzjdtbbua55jehml4ns0wshqsc.Google.com()
qoi4ofrq4pibiptxujtyi1tmbd.Live.com(204.79.197.212)
net127.rebindtest.com(127.0.0.1)
ameazjzwgxdnmfdnvwt4wuwloc.Youtube.com()
1.1.1.1.origin.asn.cymru.com(127.0.0.2)
u3liem4xfbuwuyhmw2smsnorqg.com()
pcbgukzvqvcugc2lhgs4mtxkvd.com()
30.16.6.68.test.senderbase.org()
22.70.154.156.test.senderbase.org()
ytdrtrksp5ik15kvnsqkcjwvtd.Google.com()
www.pahwdmlvqkqupywfdtsax1avje.com()
oykhnjjqs1s1g0tl51q4xpyvrd.com()
ebwv3zws4bmvyqchwcqy2dexzg.com()
25.18.1.68.origin.asn.cymru.com(127.0.0.2)
2.111.81.64.test.senderbase.org()
1.212.118.74.origin.asn.cymru.com()
bw3gij1rd0ll1rx4tst2dfdhvc.com()
220.1.55.209.test.senderbase.org()
1n4rs1fvwdewy5dpk3skcrux5b.Yahoo.com()
net172.rebindtest.com(172.16.0.1)
www.yjbmz2juxg3oqjedcftiumyrle.com()
251.35.250.129.test.senderbase.org()
2.45.81.64.test.senderbase.org()
g5hn2zhssjwpg5qpjltyplltxd.com()
tep3teqqktfdfxbylasuvnmstd.com()
loiumtsriroseascwoswg3fnua.Youtube.com()
www.iexf5mgq01qhs2zxqrsyyobaeh.com()
jfjwltxqjanq4repl1sa2bhwud.com()
o42xu0zx1j0ui0qm0frixwc12e.com()
10.252.2.199.origin.asn.cymru.com(127.0.0.2)
roc3ohet1k3nqhebmcrkx5rcpf.Yahoo.com()
jkl2jbmr4ifcxddbrzsqc4lgag.com()
as11696.asn.cymru.com()
m0dn2kkuoh5idlhr3cr4n3b0hd.Yahoo.com()
8.8.8.8.test.senderbase.org()
9.9.9.9.origin.asn.cymru.com(127.0.0.2)
iv2pwvbuv1mag0mdkxqa4cbbnf.com()
www.cnazauutqjrkhmgrjsq00xtrlb.com()
fucfr01tvzh1i1211cs2m1zcma.Live.com(204.79.197.212)
2.41.231.216.origin.asn.cymru.com(127.0.0.2)
25.16.2.68.origin.asn.cymru.com(127.0.0.2)
dbb113qwped2l1sx4gtszg31gd.Youtube.com()
25.16.100.68.origin.asn.cymru.com(127.0.0.2)
vnhhecsqf1lnj5jubvqmmn035c.Yahoo.com()
29.32.113.24.test.senderbase.org()
2.95.254.216.origin.asn.cymru.com(127.0.0.2)
3.2.2.4.origin.asn.cymru.com(127.0.0.2)
25.16.13.68.test.senderbase.org()
dwzdq3ostta42ludigqqxtu2na.com()
sjvdontww3wpo2unfwtwydq4nh.com()
pbtahbotymikjoecdmsszrouyf.com()
25.70.154.156.origin.asn.cymru.com(127.0.0.2)
30.16.11.68.origin.asn.cymru.com(127.0.0.2)
mchjxsgql1lkkfvcelr2omtmxh.Yahoo.com()
200.234.194.204.origin.asn.cymru.com(127.0.0.2)
2.212.118.74.test.senderbase.org()
5iyj5lrr3pmfkx30nztglkuv0a.Yahoo.com()
30.16.4.68.test.senderbase.org()
gi35idhtqykw03xhmyt2qyrw3d.com()
vlrm02lxlw5crkujlbsqpgxf0b.Yahoo.com()
25.16.100.68.test.senderbase.org()
woxxb1oxwa0rgfp03zryyuu02a.Youtube.com()
vurzrcivogzjr1dyxqqanjzutf.Google.com()
2.224.92.66.origin.asn.cymru.com(127.0.0.2)
10.214.117.204.origin.asn.cymru.com(127.0.0.2)
30.16.111.68.origin.asn.cymru.com(127.0.0.2)
as17184.asn.cymru.com()
owv0wz1sa2pfe0icdssgw0ctrg.Live.com(204.79.197.212)
s12ptbnvoq5ekoggictahecs3b.com()
www.b4rqgfqqavm5xielymrclhguhb.com()
5caj4crw0fe4w32cantate540d.com()
r1mkgxrso0bc43e1i2ryhx2o4g.Google.com()
g34454zqeux11ima1fqmiv2yvh.com()
f5nkwbyx0nirh4iksbtygrj05f.Google.com()
mwg1lborpaic53kl4hre1gfiqb.com()
uczmwdjxexbtp0p3ibq4fnadbd.Yahoo.com()
qlxsfxfq0lhyudu4asrkqlys3g.com()
30.16.12.68.origin.asn.cymru.com(127.0.0.2)
1.71.154.156.origin.asn.cymru.com(127.0.0.2)
1emqivmr5j2gisvgd5skl1gprc.com()
i1nrwejskdestv4pddryd5oewf.com()
bg33utouolpfzzuhj2sufeinnc.com()
10.212.97.204.origin.asn.cymru.com(127.0.0.2)
30.16.100.68.test.senderbase.org()
f0mz1gjxpf5jlrageiruamrfua.com()
4l2nv2au21icsu5q5xs450xllh.Yahoo.com()
n5czl5lwtookojwmuxqgqsp24a.com()
x4x0qzbqbd4addt5p3suhnso4d.Yahoo.com()
cgsos4wuvv3nfsvr3oqcckuk4e.com()
dw1m54htxi320ak5vyssrsr55c.Youtube.com()
m0gcqllxv55u0febxtquckbxpe.com()
3.2.2.4.test.senderbase.org()
2.159.81.64.origin.asn.cymru.com(127.0.0.2)
uxfkilhtotiprhdmwassabm0vh.com()
30.16.9.68.test.senderbase.org()
4x341neujlm4cvv54zqw4yzpcg.Live.com(204.79.197.212)
zdrd2brxdfirytdlqtq4immyda.com()
xuj4fanuknnvgvanloq2q0ejca.com()
www.ciwdeybtdslirk50ycqit4iupc.com()
123.220.67.208.origin.asn.cymru.com(127.0.0.2)
1gyljw5s5u1k4jehcitsfoyode.Google.com()
www.ay5xgkeqhow4mel10eqqf3szeg.com()
x5sxhovwczk0lc2iyrqq2ec4he.Live.com(204.79.197.212)
tzmef3ywrv2gjdygjbt2gp5e2e.Youtube.com()
2.159.92.66.test.senderbase.org()
bt3ghecv0uku3iyqtprmkgkxnf.com()
25.16.11.68.test.senderbase.org()
1gquyuasadgfqzo3ndrcxeixcd.Google.com()
yb3ranrxmooeus2ue5rydjpgtd.com()
30.16.6.68.origin.asn.cymru.com(127.0.0.2)
8.8.8.8.origin.asn.cymru.com(127.0.0.2)
www.e4hxuc1s2jgkx3dls3tiwekuzb.com()
wjx3t2lv55qjdyqjnrt2olnwbb.Live.com(204.79.197.212)
0sqi0trtnl1m25ve1yroftu25c.com()
cf5r3jfsxb11oarpyor2unldyd.Live.com(204.79.197.212)
caypoiurkjmums2unwt2x1h04h.com()
chdnhn5qygievdd0epqapbttja.com()
www.vziulxkvn4feeaqt3aqwhasxmg.com()
30.16.4.68.origin.asn.cymru.com(127.0.0.2)
25.16.10.68.origin.asn.cymru.com(127.0.0.2)
net10.rebindtest.com(10.0.0.1)
41y1utvtb5zxlin0gmroficjoc.com()
glblwa4xyzlvol30v3sayyzhyc.Google.com()
vuvaf0uvikwg242ykfsqukmt2h.Google.com()
4seuowgvunn5v1vmnvqq15zuog.com()
9.9.9.9.test.senderbase.org()
www.tniiqmdve5k5hdhmttr4uspvfb.com()
as10397.asn.cymru.com()
as397213.asn.cymru.com()
pywi1l1qm2s5dlgpdds2sggb5f.com()
www.grc.com(4.79.142.202)
www.wisr0t0wm3kdv0voznsg5cpx0b.com()
www.napdruiutipgyhypsjsue1ap4d.com()
200.232.194.204.origin.asn.cymru.com(127.0.0.2)
22.71.154.156.origin.asn.cymru.com(127.0.0.2)
bens5d2xmqjflu2nczsa4oymjg.Yahoo.com()
220.222.67.208.origin.asn.cymru.com(127.0.0.2)
1.71.154.156.test.senderbase.org()
vkyl1qeu3r5iy4vi4iqojcjycf.com()
squghqhs4dkp1c5vg1s40jtrkd.com()
4.4.8.8.test.senderbase.org()
h0xagt1wakbqgz2grpqsxn2r5b.Youtube.com()
1.192.153.198.origin.asn.cymru.com(127.0.0.2)
ic02pafsf1s5ikdfcjrmlxkd2h.Youtube.com()
4ceyccxsfgomhl5u0pq4bdwpmg.Youtube.com()
c5lp4ddt0u3wjluma4t052seff.com()
5.2.2.4.origin.asn.cymru.com(127.0.0.2)
n1b5pwyxml3hgvvwjgqmmwei5f.com()
2.159.81.64.test.senderbase.org()
fcwivmnrwrtck0ifymskk2ewhh.com()
55bqbzksyr32rl5fitsgzzeg0a.com()
womt5qbxx0luc3kpl5t04bkzlg.com()
btm1v1ntuwpi4sbst4rqzedi3f.com()
dideb0ewbubdju32tzqe4rnxxg.Live.com(204.79.197.212)
30.16.2.68.origin.asn.cymru.com(127.0.0.2)
btpfifms3xhwodffq0rynda1ob.Google.com()
rvwkoyiudyhxup5b00tsat5qte.com()
2.79.81.64.test.senderbase.org()
fteim2mrp10j31bnlbq2jkqlbe.Live.com(204.79.197.212)
0fmenalwoozlhcf0dks2vtbkfa.com()
kfixupivvlv1mhe0eeruxdzuoh.Yahoo.com()
flr1oyjuxaipunaxaftmomaive.Youtube.com()
naysfajwutyf4euopctwmz2uqe.com()
b4fkktysfueqy2nq1atebvnioh.com()
25.16.12.68.origin.asn.cymru.com(127.0.0.2)
njq2viruwx4h5syjtorgj4h15c.Yahoo.com()
170.68.87.68.test.senderbase.org()
2ynq1otxuzgncnvvhkqwp5fpnf.Youtube.com()
www.fstbrmwwo05n2tzldktgmercdc.com()
1.194.153.198.origin.asn.cymru.com(127.0.0.2)
hgafhvmvtrekm0wuu3r2ulutee.com()
as11404.asn.cymru.com()
mzq31qavcdgchxyiliscicv0qg.com()
kovlekuxi3vj2sqflnqy2yh3wf.Google.com()
quekctdt4azflnlvzkru1bqukd.Live.com(204.79.197.212)
zzjhotbx0gmrbttapotc5ut03b.com()
250.35.250.129.test.senderbase.org()
www.po0fxghul54k0ojfcfsqgapo2c.com()
2.224.92.66.test.senderbase.org()
uwzxdf1vaeulds40gvtst0xjxc.com()
xjsrbgwwb2oszqw2oequgusfyc.Youtube.com()
www.1yooal4rwpjhvehawvt4vc1hsh.com()
tedhlccuwqmzya2ic3qqbdkzra.com()
25.70.154.156.test.senderbase.org()
2pv5bqgr0ylxtxmh3jtgjss1bc.Yahoo.com()
oljqnbuuwytw433bw5tuwplvud.Google.com()
10.252.2.199.test.senderbase.org()
uiqdjb3sxvdyxadlt0seqichkh.com()
jlj0fcaui35x244lkvqiluqqxb.Live.com(204.79.197.212)
cikl5mzuph1dy4heprraztma5h.com()
y3xr4eyxchb3y3vhpgti5zfvpc.Yahoo.com()
10.214.117.204.test.senderbase.org()
rij0vlyweng3niyaeftqr4k2te.com()
eb0bynstzrihlvm1aqrk3iuyzd.com()
b1ebpcmsvknu4r1l0gtg0urdeb.Youtube.com()
wztr54hrjy1ejqrolrrowxyhbb.com()
sy5b5nkxai5pmfkxvnssgia4le.Google.com()
vvdfeuhruo2ev13hmusqbmrjpg.Yahoo.com()
www.owxvwqmw0rt3lylfvmq455kzmh.com()
fij3hhnup1235yoybxsy025z5h.com()
edizsv2sj4ahmx50ciswnvyhja.com()
uhlmljst30to4fbng1survt5ye.com()
www.oku2zzuqekg0eetv1hre3ti5eb.com()
duzidthxgjbgkos5goso1ffmpb.Youtube.com()
2.41.231.216.test.senderbase.org()
www.adgoeodrw4g1o5hwzkrugc5g1g.com()
4.4.8.8.origin.asn.cymru.com(127.0.0.2)
knowkdkv3ihsmudzywt44pqdsg.com()
110.0.55.209.test.senderbase.org()
kzluo4gslwnvnm255lrelc1bze.com()
eppmijetkpmvg35le4turqzg3a.com()
akndwpgsn3tyvidou1toqarjnf.com()
as2914.asn.cymru.com()
m33l3imqeds3qf531vtu5rqate.com()
as22773.asn.cymru.com()
1.2.2.4.origin.asn.cymru.com(127.0.0.2)
whwiftptab3zos2bussunpmdza.Live.com(204.79.197.212)
ci2ftqxxmemnpb5m2htygznmzg.Google.com()
gad5g1iru3qlmcddnaqef0v5wa.com()
rhzduq4rrhpdebo1xdsqzhwguc.com()
bt234l2vmnwrdt1gddq00su2wg.com()
www.q4a5dcoqyviyzu0pqhrybzheyh.com()
www.zazj40vr2zvufjpngjqamiikhd.com()
vwpomk0udtuqfu4neqs4myzibd.com()
pgriu11uvey3si3wu2qelw1ctc.Live.com(204.79.197.212)
phkp0pot5x0ny0u5lotqtjv3pd.com()
lrs2e1aumuoqdlljc1sqz44bof.Live.com(204.79.197.212)
30.16.2.68.test.senderbase.org()
ioatctkqakyb1eg4uxr0synh3f.Youtube.com()
xjkr3ivsmzrwx3fd3ytsmwqb0e.com()
gtrr0stwkwni1fv5rdrmxmlyce.com()
bp4kxb4xls2gbxju2ut2y4bk3g.com()
2.111.81.64.origin.asn.cymru.com(127.0.0.2)
www.3gsdllexmwfna0u1r5tkwy0sng.com()
ksyxhgduyo4febutkltqqpdj2g.com()
bljck35q2cfxz1ajiotwpnysea.Live.com(204.79.197.212)
30.16.10.68.origin.asn.cymru.com(127.0.0.2)
ycdfbhuwbib41k2tq5rgegqhwb.com()
www.Google.com(142.250.206.228)
2.101.124.164.test.senderbase.org()
ezpe4ssvhrhehaqpvcsqx2iagh.com()
2.64.92.66.test.senderbase.org()
mavbalnr3omqvktzfbrcipd1ud.Live.com(204.79.197.212)
5z2z1brw5w2zxadmnzs03af0ph.com()
30.16.13.68.test.senderbase.org()
fa3zrzpvgl2qf0ofmcr0bdyckb.Live.com(204.79.197.212)
u3x1op0wumfb4j0xqaqmihjbfc.Live.com(204.79.197.212)
1.70.154.156.origin.asn.cymru.com(127.0.0.2)
www.iimu0azunxhmi2pkqjq4aqyhrd.com()
as3257.asn.cymru.com()
hmwdm3rwx0g22ukgieqkvowbbh.Google.com()
vea2kalt5qawvbetkvrcgpwtad.Yahoo.com()
2.2.2.4.test.senderbase.org()
txaebhoxau3cbjekmvte3cqrae.com()
xmotufgql4jqc1hinztik4imeb.com()
o3hxow1sm0dlkb0qg2sgnxusve.com()
25.16.9.68.test.senderbase.org()
zcjkjplvswutchpslksajgnocc.Live.com(204.79.197.212)
c5vsehzuywnkbihhx5q4h2vkpd.Yahoo.com()
gq4vs2jvvu3lwms04rr03tpevf.Youtube.com()
heemyqas2mimd4nxgct0vcrese.com()
cwehoqww0fzwfti54osoh3ij1e.Google.com()
tdtdhtxwifomqfov2irym53qib.Youtube.com()
123.222.67.208.test.senderbase.org()
lb44xgjvnycvd0s33dqidrk1lb.com()
2.79.81.64.origin.asn.cymru.com(127.0.0.2)
dlxdtphviktdhdztbxrqioz1de.Live.com(204.79.197.212)
as36692.asn.cymru.com()
nmulocnuihbgwqbsxlse1nzbcb.com()
2.2.2.4.origin.asn.cymru.com(127.0.0.2)
l1azpipv2aygf00mhqrav04f2c.com()
carforfs1fl4vp31coqsyxgmrf.Google.com()
tqc2asvr4gag5fhfv3qc4iskhb.com()
22.70.154.156.origin.asn.cymru.com(127.0.0.2)
ukcj0rlv5mw0dgddwftgljfaqg.com()
2mr2k5asf4jcuscuzrq0n5n3gd.Youtube.com()
0pqh2qxrsvvzcr5qaxteycqvke.isc.org()
as3356.asn.cymru.com()
zuxkngvuqcggdfj5xrrkzq0k1c.com()
www.4f3rrjerllmezvwcrjrc5ebdgf.com()
2cr2wfsrqzfdsygm12qsyfsgvf.com()
1.1.1.1.test.senderbase.org()
unu4i0xqxu2xopjop3tyix4lwb.Yahoo.com()
220.220.67.208.origin.asn.cymru.com(127.0.0.2)
2.127.81.64.test.senderbase.org()
2.101.124.164.origin.asn.cymru.com(127.0.0.2)
25.71.154.156.test.senderbase.org()
dncs4vltkhgv0bqweorcxacy0b.com()
fsrmei4vdpw23qmgklq0qscemd.Google.com()
kmugvfovgdnpfjsp52rqngo50d.com()
as15169.asn.cymru.com()
rotwufprkhpindexfhsqxphlsb.com()
154.64.87.68.origin.asn.cymru.com(127.0.0.2)
25.16.10.68.test.senderbase.org()
220.220.67.208.test.senderbase.org()
1.0.0.1.origin.asn.cymru.com(127.0.0.2)
cnp0idkrq1zvtua2rnty1u1x1c.Live.com(204.79.197.212)
uf4auert4bb1ghtuxequc02clg.com()
l2f5ntowjf4jmwqr4fsoifrlsd.com()
jgwdq3iqlakti4dda1saxb5k0h.Google.com()
1.212.118.74.test.senderbase.org()
www.Live.com(204.79.197.212)
45hncyxxljrz5fbpquto33lb2a.Youtube.com()
6.2.2.4.origin.asn.cymru.com(127.0.0.2)
bgbo0fqqk0er4nc3ipq0x3xf0a.com()
2.87.93.66.test.senderbase.org()
1.192.153.198.test.senderbase.org()
2.159.92.66.origin.asn.cymru.com(127.0.0.2)
usfstpet0tsun0b3kkq2hwjywg.Youtube.com()
m1wdujev3mfx34zv5xsck0zqae.Live.com(204.79.197.212)
25.16.4.68.test.senderbase.org()
222.222.67.208.test.senderbase.org()
25.16.11.68.origin.asn.cymru.com(127.0.0.2)
lqx4k5fufbl1wwgvnhq2kjcrjb.com()
3vgpbpus50w2ibve1vsgtpiqye.com()
gyvistzrkosp3imvfzq2sxvzpb.Google.com()
dqwmkr5rpohbdixg22se400iog.com()
net192.rebindtest.com(192.168.0.1)
he04l2fsolxqbtyzbqqqojehvg.com()
k45c13bwviwmltjt25ra0r04pb.com()
25.16.2.68.test.senderbase.org()
25.71.154.156.origin.asn.cymru.com(127.0.0.2)
5tkc0cyrsfx4walt43rieimbnc.Yahoo.com()
154.69.87.68.origin.asn.cymru.com(127.0.0.2)
220.222.67.208.test.senderbase.org()
rehhdq3qt0tumfqsikrewlhggf.com()
024xhenq2nvkpqvzn0t4txmvte.com()
o4mwbfctrnxpyxmk0ntq1i3oaa.Google.com()
222.220.67.208.test.senderbase.org()
bnatngnsmzrnzcqsmnqqwhwltd.Google.com()
www.k2vmzohx5fynrdfgl3qktnszbe.com()
dyjzhgytugw4gqwkefrcflh2ca.com()
qstjnxeupi53fltczzt0kbpv5e.com()
4.2.2.4.origin.asn.cymru.com(127.0.0.2)
200.234.194.204.test.senderbase.org()
25.18.1.68.test.senderbase.org()
30.18.1.68.origin.asn.cymru.com(127.0.0.2)
bv0khonwiheup0guiqqcv0ky2h.Youtube.com()
2.45.81.64.origin.asn.cymru.com(127.0.0.2)
30.16.10.68.test.senderbase.org()
30.32.113.24.origin.asn.cymru.com(127.0.0.2)
30.16.13.68.origin.asn.cymru.com(127.0.0.2)
200.232.194.204.test.senderbase.org()
00b4isyufr2b4xsmqdqowsi0le.com()
prusjvnxv3xc2vt4s0sq4zwjlg.com()
aobisrvvshvcxfskd3rwaqvfig.Youtube.com()
123.222.67.208.origin.asn.cymru.com(127.0.0.2)
tpmmktdqjjj5lujxb2q2god45h.Google.com()
qldqinrrho5rl4sulaqyzu30uh.Yahoo.com()
154.69.87.68.test.senderbase.org()
ktnpxdtxdekurlmvvpridrb1zc.com()
as1239.asn.cymru.com()
10.212.97.204.test.senderbase.org()
as397215.asn.cymru.com()
dn501p0ujeovrxl5apte035wbh.Google.com()
ok1bfk5s5urkbnzalzrqklmoch.com()
kge1le5rgre2t3gisss0nrxt1a.Youtube.com()
5rex1h0ub4vtqrpwodqmdcabed.Yahoo.com()
net4.rebindtest.com(4.4.4.4)
220.1.55.209.origin.asn.cymru.com(127.0.0.2)
gcx5b3eubs2aybjnzyq0f0ghug.com()
3juqowwsucmco3vo5ttsdlzn2c.com()
222.222.67.208.origin.asn.cymru.com(127.0.0.2)
30.16.11.68.test.senderbase.org()
2.64.92.66.origin.asn.cymru.com(127.0.0.2)
3ladwgxvuwxt201fa0tu3otpoc.com()
tprsxe1uf0z2wegcoltg0i0zef.com()
hhgzimfv5e5fqpujverooji03a.com()
vmz1yigx1chdigyvdersn55gie.com()
5u1xjrnvdm0iyvon41t0jzp5kc.com()
5.2.2.4.test.senderbase.org()
xbac4yis25yymhjktgrqnyvdxh.Live.com(204.79.197.212)
ddxbjies0m1jktjcvvsqeffxua.com()
2x0d4xnxzd4qlggxhktex2atke.com()
uixfxznqkgs2q0bq0ktggqk35e.com()
yb3ywgosd4uigqc244sirodzsf.com()
n033mfyxrnzjnkfpborkqmf1mb.com()
rsbwtp4rhclm4hzf3vsm4mczia.Yahoo.com()
hznlmnfwy35trntvjssegq2dre.Yahoo.com()
dukhhkcrp5jkrxgp1bsm33h3ec.com()
123.220.67.208.test.senderbase.org()
ujrfsnuq1fklycopgxqehzdfca.com()
qrkc24ptbyzcm25jyjrcacoszb.com()
pcemkf4voeeebdwqhotix345ze.Yahoo.com()
w5abunztb2kkeabt33rar05fsa.com()
hnkka4au1u40pu4m44rspk0e5c.com()
msti0qcwnhzy3ayqpitu522qge.com()
30.18.1.68.test.senderbase.org()
athu1huvxeiqaxizvstkqdtilh.com()
ifvekmhx1gf4yb0sdnreqraxof.Youtube.com()
4h1d5w2wnenrehy04criyyu04e.com()
2lwntxbvyk5qxmsvkst0wiz5nf.Google.com()
vswaiyhqylxyciun5ptopebjqd.com()
sjqirogtxghkz21zamsi0zuiha.Google.com()
xdvzes2v0pefivqk1ys005em5e.com()
bdrfpryrsn533loggusg0odqid.Youtube.com()
25.16.6.68.origin.asn.cymru.com(127.0.0.2)
k4z330ixsdw1q4jopuquxvv5jd.com()
www.yews3zxtj2ddrhhevtqovzjwrf.com()
25.16.9.68.origin.asn.cymru.com(127.0.0.2)
25.16.111.68.test.senderbase.org()
ausjhnztw21c33emrwtwhwqjnf.Live.com(204.79.197.212)
www.nlujakhur3a1xiixmiqg1sshmb.com()
d41bavisvcsulhtkoet41nkxsf.Google.com()
4.2.2.4.test.senderbase.org()
zjvohh4vh2fpdomdl1qq4b0i4f.com()
250.35.250.129.origin.asn.cymru.com(127.0.0.2)
mtscmy1txon1n0sly0ronstx4b.Google.com()
e4hryrwv0f43oj1hpbrmjsp43c.Yahoo.com()
nulfd4jwz1xjq1flfntcbhl53c.com()
0frju1zskkrejdbz4oq2ewzyvh.com()
ir2ndyxt0bj55tei3grc0g4xnc.Live.com(204.79.197.212)
g1zyj10u3u0ybkgzf1t0i0fbwg.Yahoo.com()
as3786.asn.cymru.com()
0xqo5glrtkhiquoxwyqyrbrjoa.Yahoo.com()
25.16.111.68.origin.asn.cymru.com(127.0.0.2)
y2zaz53qerl153mi0fs2fghinc.Yahoo.com()
2.127.81.64.origin.asn.cymru.com(127.0.0.2)
as13335.asn.cymru.com()
vldqziuvv1khmqmfxrr2ve5kse.com()
doya1k0x5qob12ev4bqk51h5xg.com()
s3xpvahwjmhdbx4fs3qaaihngh.com()
251.35.250.129.origin.asn.cymru.com(127.0.0.2)
110.0.55.209.origin.asn.cymru.com(127.0.0.2)
25.16.13.68.origin.asn.cymru.com(127.0.0.2)
tsyoqmqsc0dpjc3nfvtms5nlvg.Youtube.com()
qxwgh5qx42w34czz31s0n5ykpf.com()
2.95.254.216.test.senderbase.org()
1.70.154.156.test.senderbase.org()
25.16.12.68.test.senderbase.org()
wwakaqnse51ljjkvb3qud0xr0h.com()
coxrn2auhawe43oq1iqubcdfne.Google.com()
birxptxtiu3pgrnr4kq2lnnx2c.Youtube.com()
crqypzwt2k111fiwkfqq3r5mhb.com()
fkeiwcav42jobwiliiruz4hdxf.com()
zgizxgyr4bnhufyn3fs0ejn4xh.Yahoo.com()
2.175.27.216.origin.asn.cymru.com(127.0.0.2)
as19281.asn.cymru.com()
pypvapnx1ql0cxm0hgtstpyhuh.Live.com(204.79.197.212)
www.c5smjgyvhfi1mzwkghsoju00fb.com()
xvzcbq5s1a0uf54ksargrz55nc.com()
www.rodj53xsomwgpx2rfsscfrpn5f.com()
30.16.9.68.origin.asn.cymru.com(127.0.0.2)
v5igpqtuvqnl3nvhiutua45vwf.com()
30.32.113.24.test.senderbase.org()
www.3rhy21xwaupnpk4dwoq4xgqsmf.com()
jnyoehzsvpu0xemdksqcnns3xc.Google.com()
2.212.118.74.origin.asn.cymru.com()
5qwc3jlujdcv0q45q3rik5td5b.com()
1.0.0.1.test.senderbase.org()
svrn44ptag1tlvaw42qujo4mfh.Youtube.com()
qnfe2enuwtky3d13rwtkweti3c.Youtube.com()
2.175.27.216.test.senderbase.org()
30.16.111.68.test.senderbase.org()
3gnhcjmv4muf3jvzaftaggsg1f.Google.com()
154.64.87.68.test.senderbase.org()
www.smwseaevoaqk4q1kayso0g0zqa.com()
f4koqwascalcvxrmrkt2xouqbf.com()
1.2.2.4.test.senderbase.org()
129.250.35.250
129.250.35.251
64.81.45.2
68.11.16.25
68.9.16.25
66.93.87.2
156.154.70.22
199.2.252.10
216.254.95.2
156.154.70.25
198.41.0.4
209.55.1.220
68.1.18.30
204.194.234.200
204.97.212.10
68.6.16.25
208.67.220.222
68.87.68.170
208.67.220.220
208.67.222.123
68.111.16.25
68.100.16.25
68.11.16.30
156.154.71.1
156.154.70.1
216.27.175.2
68.87.69.154
68.2.16.30
1.0.0.1
204.194.232.200
68.12.16.30
24.113.32.30
68.4.16.25
74.118.212.1
204.117.214.10
4.79.142.202
156.154.71.22
66.92.224.2
64.81.159.2
156.154.71.25
68.13.16.30
208.67.222.220
208.67.222.222
68.10.16.30
68.13.16.25
4.2.2.2
68.87.64.154
216.231.41.2
208.67.220.123
64.81.127.2
64.81.79.2
74.118.212.2
68.9.16.30
68.6.16.30
66.92.159.2
4.2.2.1
4.2.2.3
209.55.0.110
4.2.2.5
4.2.2.4
4.2.2.6
68.4.16.30
198.153.194.1
68.1.18.25
68.100.16.30
68.10.16.25
68.12.16.25
24.113.32.29
68.2.16.25
68.111.16.30
66.92.64.2
64.81.111.2
198.153.192.1
9.9.9.9
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Possible Zeus P2P Variant DGA NXDOMAIN Responses July 11 2014
|
|
3.6 |
|
4 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6549 |
2024-08-17 22:39
|
 SVC.exe e97f5c3efb2cc80e001129383d5a0132
Malicious Library PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger ICMP traffic unpack itself Check virtual network interfaces Windows ComputerName Cryptographic key |
|
|
|
|
3.6 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6550 |
2024-08-17 22:37
|
 Identifications.exe edcf274c5fb6582593f81ecc977264e9
Emotet Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE64 MZP Format OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
2.0 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6551 |
2024-08-17 22:34
|
 PctOccurred.exe 31f04226973fdade2e7232918f11e5da
Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName |
|
|
|
|
7.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6552 |
2024-08-17 22:34
|
 d204.dll b9a842469a9ef4ad634afd464133d43b
Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Check memory unpack itself ComputerName crashed |
|
|
|
|
2.2 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6553 |
2024-08-17 22:33
|
 mobiletrans.exe c8af5b81b11f3db6cb5b7efab33d11ef
Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware |
|
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 4
|
|
0.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6554 |
2024-08-17 22:32
|
 scheduledllama.exe 46aa8f5fe3d5af96f0a970a8f4df625d
RedLine Infostealer RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
2
147.124.222.241
172.67.161.137
|
|
|
5.2 |
M |
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6555 |
2024-08-17 22:30
|
 leon.exe 962f3de7b7ee4a08179142efffa50372
Stealc Gen1 Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Antivirus Malicious Packer PE File PE32 DLL OS Processor Check .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c AutoRuns Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin |
13
http://185.215.113.16/well/random.exe - rule_id: 41492
http://185.215.113.16/num/random.exe - rule_id: 41818
http://185.215.113.100/0d60be0de163924d/nss3.dll
http://185.215.113.100/0d60be0de163924d/freebl3.dll
http://185.215.113.100/e2b1563c6670f193.php - rule_id: 41968
http://185.215.113.100/0d60be0de163924d/vcruntime140.dll
http://31.41.244.10/Dem7kTu/index.php
http://185.215.113.100/0d60be0de163924d/sqlite3.dll
http://185.215.113.100/ - rule_id: 41969
http://185.215.113.100/0d60be0de163924d/mozglue.dll
http://185.215.113.100/0d60be0de163924d/softokn3.dll
http://185.215.113.16/steam/random.exe - rule_id: 41792
http://185.215.113.100/0d60be0de163924d/msvcp140.dll
|
4
31.41.244.10
185.215.113.100 - mailcious
185.215.113.16 - mailcious
172.67.202.34
|
20
ET DROP Spamhaus DROP Listed Traffic Inbound group 2
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET MALWARE Win32/Stealc Submitting System Information to C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
5
http://185.215.113.16/well/random.exe
http://185.215.113.16/num/random.exe
http://185.215.113.100/e2b1563c6670f193.php
http://185.215.113.100/
http://185.215.113.16/steam/random.exe
|
15.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|