6571 |
2021-03-27 11:24
|
ret3.exe 86506e4534b7433da308a39b0df63cfa VirusTotal Malware unpack itself crashed |
|
|
|
|
1.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6572 |
2021-03-27 11:26
|
Encoding.html d7bb6b9d1cd02209f89dc0c4759ddd87 VirusTotal Malware crashed |
|
|
|
|
0.6 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6573 |
2021-03-27 11:28
|
svchost.exe 6c4d7f39e594a4a0a11a7d8b9372c55d Azorult .NET framework AsyncRAT backdoor VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6574 |
2021-03-27 11:32
|
r10a.dll 588a3f2c94dde4650de944d6ceb90b81 Emotet Gen VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities sandbox evasion Windows ComputerName Remote Code Execution DNS |
|
1
|
|
|
7.8 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6575 |
2021-03-27 11:33
|
winlog.exe d178c14362d0e9f7f76cd0dd6c90ef2c Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
11.8 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6576 |
2021-03-27 11:34
|
dchampx.scr 568a83b031d0da4516f635799e12ffb2 Antivirus AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
3
http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-76CAC67A4AA83F9DFF97F20AE0982733.html http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3A53264A2D579567447B73CFA32EFA4D.html http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1BE6B3B45354515CCB1F9911012811EA.html
|
2
x11fdf4few8f41f.com(172.67.137.73) 104.21.73.19
|
|
|
17.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6577 |
2021-03-27 11:36
|
Encoding.html d7bb6b9d1cd02209f89dc0c4759ddd87 Antivirus Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
4
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://198.251.72.110/ALL.txt http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://www.bing.com/favicon.ico
|
3
ia801407.us.archive.org(207.241.228.147) - mailcious 207.241.228.147 - mailcious 198.251.72.110 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Windows executable base64 encoded ET HUNTING EXE Base64 Encoded potential malware
|
|
10.6 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6578 |
2021-03-27 11:39
|
winlog.exe 17b26019431fda27f9470f0dd665e131FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder sandbox evasion ComputerName DNS |
10
http://www.howtopreventwaterpollution.com/aqu2/ http://www.bipv.company/aqu2/?rZ=vvEwZaIRjFSF+Jni9eiAW+LEqoF2OtsmzQ5Dj+5nFgRFLd6yrfgyoYSjoOiSoeRO028Fk/lT&sBZxw2=FxopsJPxCFPPD http://www.howtopreventwaterpollution.com/aqu2/?rZ=zPSVyQ8jLJ1SiVwGtCMiWi7luu1ipBr6oBKg3PeV2xtOr0reCfDu8b4JV9tjy3mmlHIETrIr&sBZxw2=FxopsJPxCFPPD http://www.fitandfierceathletics.com/aqu2/?rZ=wWdGEuGCEwS3T5PhpOxNUQhIszymNYNQJwgfa3Spu7yQ3X4UsWrCflOmw6AeYZ7EWurq5fIn&sBZxw2=FxopsJPxCFPPD http://www.bipv.company/aqu2/ http://www.happlyending.com/aqu2/ http://www.pmrack.com/aqu2/ http://www.fitandfierceathletics.com/aqu2/ http://www.happlyending.com/aqu2/?rZ=zVV3CXZ1/65ibP/vWPnRO3mEt1AB30ag7bk2OPAEgNtPBfm8kGr/gFj46F/c7WXZnkzTzWCl&sBZxw2=FxopsJPxCFPPD http://www.pmrack.com/aqu2/?rZ=eNunAjC60TgXr/HHMAvEDZJ9lTiY8rojHdX24pFtV90/O/OTV8HncLHTjWQAKeAYXBURQq60&sBZxw2=FxopsJPxCFPPD
|
15
www.stone-master.info() www.xn--2021-kmd.com() www.happlyending.com(99.83.237.21) www.lfhis.com(45.194.167.206) www.thunderoffroadresort.com() www.howtopreventwaterpollution.com(172.67.178.22) www.pmrack.com(135.181.58.27) www.bipv.company(185.104.28.238) www.fitandfierceathletics.com(23.227.38.74) 135.181.58.27 185.104.28.238 - suspicious 172.67.178.22 99.83.230.40 23.227.38.74 - mailcious 45.194.167.206
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
7.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6579 |
2021-03-27 15:46
|
customer2.exe dae3a7fe77e7ff4d1af2a2691dfb4d9a Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process WriteConsoleW installed browsers check Windows Exploit Browser ComputerName Remote Code Execution DNS crashed |
2
http://www.plug-fbnotification.com/coloqaq/parse.exe http://www.plug-fbnotification.com/coloqaq/curl.exe
|
4
www.plug-fbnotification.com(35.220.162.170) get.geojs.io(104.26.1.100) 35.220.162.170 104.26.1.100
|
|
|
12.2 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6580 |
2021-03-27 16:05
|
customer3.exe 762ab2472d5f4811ee77c0b67f1f05c7 Google Chrome User Data browser info stealer Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Exploit Browser ComputerName Remote Code Execution crashed |
2
http://www.plug-fbnotification.com/coloqaq/parse.exe http://www.plug-fbnotification.com/coloqaq/curl.exe
|
4
www.plug-fbnotification.com(35.220.162.170) get.geojs.io(172.67.70.233) 35.220.162.170 172.67.70.233
|
|
|
13.2 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6581 |
2021-03-27 16:05
|
customer1.exe bd77b4fbc696b109e89d869d64c1c969 Google Chrome User Data browser info stealer Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Exploit Browser ComputerName Remote Code Execution crashed |
2
http://www.plug-fbnotification.com/coloqaq/parse.exe http://www.plug-fbnotification.com/coloqaq/curl.exe
|
4
www.plug-fbnotification.com(35.220.162.170) get.geojs.io(104.26.0.100) 104.26.0.100 35.220.162.170
|
|
|
13.4 |
|
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6582 |
2021-03-28 12:03
|
................................. 0b1e7e8f5df88aab779c84f38e6db605Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://x11fdf4few8f41f.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-48EFB1FB999F0899B769D78B85AC801C.html - rule_id: 555
|
4
camfil.xyz() - mailcious x11fdf4few8f41f.com(172.67.137.73) - mailcious 172.67.137.73 - mailcious 107.173.219.80 - malware
|
6
ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
1
http://x11fdf4few8f41f.com/liverpool-fc-news/
|
4.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6583 |
2021-03-28 12:05
|
def.exe 04a666d7cf692764645f28189bdb2e70VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process WriteConsoleW Windows ComputerName |
|
|
|
|
7.6 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6584 |
2021-03-28 12:11
|
Token_Stealer.bat 875b7c5612a875cc7f31644a1c49dfb5VirusTotal Malware Check memory Windows utilities WriteConsoleW Windows |
1
https://discord.com/api/webhooks/824689818528514048/sUwfDroSmij279EFaHnTeZ5wAmuS1tOKNg70gb8tJ5vIlEzGfK-HCDwrwoTwE0Zdvpvl
|
|
|
|
2.0 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6585 |
2021-03-28 12:11
|
RunpeTest.exe b5ea5f2650f82f53059635551ae31469VirusTotal Malware PDB DNS |
|
|
|
|
2.0 |
|
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|