| 6571 |
2021-03-27 11:24
|
ret3.exe 86506e4534b7433da308a39b0df63cfa
VirusTotal Malware unpack itself crashed |
|
|
|
|
1.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6572 |
2021-03-27 11:26
|
 Encoding.html d7bb6b9d1cd02209f89dc0c4759ddd87
VirusTotal Malware crashed |
|
|
|
|
0.6 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6573 |
2021-03-27 11:28
|
 svchost.exe 6c4d7f39e594a4a0a11a7d8b9372c55d
Azorult .NET framework AsyncRAT backdoor VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6574 |
2021-03-27 11:32
|
 r10a.dll 588a3f2c94dde4650de944d6ceb90b81
Emotet Gen VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities sandbox evasion Windows ComputerName Remote Code Execution DNS |
|
1
|
|
|
7.8 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6575 |
2021-03-27 11:33
|
 winlog.exe d178c14362d0e9f7f76cd0dd6c90ef2c
Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
11.8 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6576 |
2021-03-27 11:34
|
dchampx.scr 568a83b031d0da4516f635799e12ffb2
Antivirus AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
3
http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-76CAC67A4AA83F9DFF97F20AE0982733.html
http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3A53264A2D579567447B73CFA32EFA4D.html
http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1BE6B3B45354515CCB1F9911012811EA.html
|
2
x11fdf4few8f41f.com(172.67.137.73)
104.21.73.19
|
|
|
17.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6577 |
2021-03-27 11:36
|
 Encoding.html d7bb6b9d1cd02209f89dc0c4759ddd87
Antivirus Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3
http://198.251.72.110/ALL.txt
http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
http://www.bing.com/favicon.ico
|
3
ia801407.us.archive.org(207.241.228.147) - mailcious
207.241.228.147 - mailcious
198.251.72.110 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Windows executable base64 encoded
ET HUNTING EXE Base64 Encoded potential malware
|
|
10.6 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6578 |
2021-03-27 11:39
|
winlog.exe 17b26019431fda27f9470f0dd665e131FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder sandbox evasion ComputerName DNS |
10
http://www.howtopreventwaterpollution.com/aqu2/
http://www.bipv.company/aqu2/?rZ=vvEwZaIRjFSF+Jni9eiAW+LEqoF2OtsmzQ5Dj+5nFgRFLd6yrfgyoYSjoOiSoeRO028Fk/lT&sBZxw2=FxopsJPxCFPPD
http://www.howtopreventwaterpollution.com/aqu2/?rZ=zPSVyQ8jLJ1SiVwGtCMiWi7luu1ipBr6oBKg3PeV2xtOr0reCfDu8b4JV9tjy3mmlHIETrIr&sBZxw2=FxopsJPxCFPPD
http://www.fitandfierceathletics.com/aqu2/?rZ=wWdGEuGCEwS3T5PhpOxNUQhIszymNYNQJwgfa3Spu7yQ3X4UsWrCflOmw6AeYZ7EWurq5fIn&sBZxw2=FxopsJPxCFPPD
http://www.bipv.company/aqu2/
http://www.happlyending.com/aqu2/
http://www.pmrack.com/aqu2/
http://www.fitandfierceathletics.com/aqu2/
http://www.happlyending.com/aqu2/?rZ=zVV3CXZ1/65ibP/vWPnRO3mEt1AB30ag7bk2OPAEgNtPBfm8kGr/gFj46F/c7WXZnkzTzWCl&sBZxw2=FxopsJPxCFPPD
http://www.pmrack.com/aqu2/?rZ=eNunAjC60TgXr/HHMAvEDZJ9lTiY8rojHdX24pFtV90/O/OTV8HncLHTjWQAKeAYXBURQq60&sBZxw2=FxopsJPxCFPPD
|
15
www.stone-master.info()
www.xn--2021-kmd.com()
www.happlyending.com(99.83.237.21)
www.lfhis.com(45.194.167.206)
www.thunderoffroadresort.com()
www.howtopreventwaterpollution.com(172.67.178.22)
www.pmrack.com(135.181.58.27)
www.bipv.company(185.104.28.238)
www.fitandfierceathletics.com(23.227.38.74)
135.181.58.27
185.104.28.238 - suspicious
172.67.178.22
99.83.230.40
23.227.38.74 - mailcious
45.194.167.206
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
7.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6579 |
2021-03-27 15:46
|
 customer2.exe dae3a7fe77e7ff4d1af2a2691dfb4d9a
Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process WriteConsoleW installed browsers check Windows Exploit Browser ComputerName Remote Code Execution DNS crashed |
2
http://www.plug-fbnotification.com/coloqaq/parse.exe
http://www.plug-fbnotification.com/coloqaq/curl.exe
|
4
www.plug-fbnotification.com(35.220.162.170)
get.geojs.io(104.26.1.100)
35.220.162.170
104.26.1.100
|
|
|
12.2 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6580 |
2021-03-27 16:05
|
 customer3.exe 762ab2472d5f4811ee77c0b67f1f05c7
Google Chrome User Data browser info stealer Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Exploit Browser ComputerName Remote Code Execution crashed |
2
http://www.plug-fbnotification.com/coloqaq/parse.exe
http://www.plug-fbnotification.com/coloqaq/curl.exe
|
4
www.plug-fbnotification.com(35.220.162.170)
get.geojs.io(172.67.70.233)
35.220.162.170
172.67.70.233
|
|
|
13.2 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6581 |
2021-03-27 16:05
|
 customer1.exe bd77b4fbc696b109e89d869d64c1c969
Google Chrome User Data browser info stealer Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Exploit Browser ComputerName Remote Code Execution crashed |
2
http://www.plug-fbnotification.com/coloqaq/parse.exe
http://www.plug-fbnotification.com/coloqaq/curl.exe
|
4
www.plug-fbnotification.com(35.220.162.170)
get.geojs.io(104.26.0.100)
104.26.0.100
35.220.162.170
|
|
|
13.4 |
|
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6582 |
2021-03-28 12:03
|
................................. 0b1e7e8f5df88aab779c84f38e6db605Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-48EFB1FB999F0899B769D78B85AC801C.html - rule_id: 555
|
4
camfil.xyz() - mailcious
x11fdf4few8f41f.com(172.67.137.73) - mailcious
172.67.137.73 - mailcious
107.173.219.80 - malware
|
6
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
1
http://x11fdf4few8f41f.com/liverpool-fc-news/
|
4.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6583 |
2021-03-28 12:05
|
 def.exe 04a666d7cf692764645f28189bdb2e70VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process WriteConsoleW Windows ComputerName |
|
|
|
|
7.6 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6584 |
2021-03-28 12:11
|
 Token_Stealer.bat 875b7c5612a875cc7f31644a1c49dfb5VirusTotal Malware Check memory Windows utilities WriteConsoleW Windows |
1
https://discord.com/api/webhooks/824689818528514048/sUwfDroSmij279EFaHnTeZ5wAmuS1tOKNg70gb8tJ5vIlEzGfK-HCDwrwoTwE0Zdvpvl
|
|
|
|
2.0 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6585 |
2021-03-28 12:11
|
RunpeTest.exe b5ea5f2650f82f53059635551ae31469VirusTotal Malware PDB DNS |
|
|
|
|
2.0 |
|
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|