6766 |
2021-04-01 09:23
|
tzrvcu.zip d832d70f78937799ed08056442f04442 VirusTotal Malware PDB unpack itself DNS crashed |
|
|
|
|
2.2 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6767 |
2021-04-01 09:23
|
PgDiju1ksGhtWuA 43bea173f29c6c2859eeb858c3ce2bdd |
|
|
|
|
0.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6768 |
2021-04-01 09:25
|
g8k346sx.rar c56e8818c410cb7a486558a6fad5253d VirusTotal Malware PDB unpack itself DNS crashed |
|
|
|
|
2.4 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6769 |
2021-04-01 09:26
|
kwhqfq.tar 8bdb981f0211ddf9ddcc34bf32bea729 VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.6 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6770 |
2021-04-01 09:28
|
oqibxmsfz.zip d29310c232038a6dd1f2b8749be5619e VirusTotal Malware PDB Malicious Traffic unpack itself DNS crashed |
3
http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236418&mv=m&mvi=3&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:1131089239&cup2hreq=b1fbf598cff2d879a4bf382cc07193d04fcb89cdad69ea0b0d44ceb3cb86d922
|
4
r3---sn-3u-bh26.gvt1.com(59.18.44.14) 142.250.199.78 59.18.44.14 142.250.66.67
|
|
|
3.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6771 |
2021-04-01 09:32
|
askinstall31.exe 9d1b497b9d05f015cc768ee06fe6050d Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder suspicious TLD WriteConsoleW installed browsers check Ransomware Windows Exploit Browser ComputerName Remote Code Execution DNS crashed |
4
http://www.cncode.pw/ - rule_id: 481 http://www.fjzbqb.com/Home/Index/lkdinl - rule_id: 483 http://www.fddnice.pw/ - rule_id: 482 https://iplogger.org/1pdxr7
|
9
iplogger.org(88.99.66.31) www.fjzbqb.com(188.225.87.175) - mailcious www.fddnice.pw(103.155.92.58) - mailcious www.cncode.pw(144.202.76.47) - mailcious 59.18.44.14 88.99.66.31 - mailcious 144.202.76.47 188.225.87.175 - mailcious 103.155.92.58 - mailcious
|
|
3
http://www.cncode.pw/ http://www.fjzbqb.com/Home/Index/lkdinl http://www.fddnice.pw/
|
12.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6772 |
2021-04-01 09:33
|
soc.exe 5a0425bfbeae52df2de40d7c067b9b0cBrowser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Windows Browser Email DNS Software |
5
http://203.159.80.141/LKJHGDS/gate.php http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:1403012316&cup2hreq=66305915241c4634f51031e5bc7c5d4bdf4e8c4f63e65e37b4ec8569d469c62c https://www.bing.com/
|
8
r3---sn-3u-bh26.gvt1.com(59.18.44.14) www.google.com(172.217.25.100) 203.159.80.141 142.250.199.68 59.18.44.14 13.107.21.200 142.250.199.78 142.250.66.67
|
|
|
14.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6773 |
2021-04-01 09:33
|
payment_03939.exe b65ddd031511351f6b971e657e78ede8VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.8 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6774 |
2021-04-01 09:34
|
bYZtFqTM 5a16eedc14b68099c21169a2c91f89d3 |
|
|
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6775 |
2021-04-01 09:36
|
regasm.exe bc69057557208d7533ae8a1892273b68Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software |
1
http://msslrsa-motherson.com/coco/coco4/fre.php
|
2
msslrsa-motherson.com(185.209.1.109) 185.209.1.109
|
|
|
13.0 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6776 |
2021-04-01 09:37
|
askinstall32.exe 5daa2140732ce865b202962807d107b1 Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Ransomware Windows Exploit Browser ComputerName Remote Code Execution DNS crashed |
4
http://www.cncode.pw/ - rule_id: 481 http://www.fjzbqb.com/Home/Index/lkdinl - rule_id: 483 http://www.fddnice.pw/ - rule_id: 482 https://iplogger.org/1Pdet7
|
9
iplogger.org(88.99.66.31) www.fjzbqb.com(188.225.87.175) - mailcious www.fddnice.pw(103.155.92.58) - mailcious www.cncode.pw(144.202.76.47) - mailcious 59.18.44.14 88.99.66.31 - mailcious 144.202.76.47 188.225.87.175 - mailcious 103.155.92.58 - mailcious
|
|
3
http://www.cncode.pw/ http://www.fjzbqb.com/Home/Index/lkdinl http://www.fddnice.pw/
|
11.8 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6777 |
2021-04-01 09:38
|
slyla0.tar 0a93401ba77815b37c6301abdd7dc528VirusTotal Malware PDB Malicious Traffic unpack itself DNS crashed |
3
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:480555301&cup2hreq=b80a2af7daed8b780ff89dc8715ac20874a4399172450b9710e682e39b0c9a7b https://update.googleapis.com/service/update2
|
5
edgedl.gvt1.com(142.250.34.2) 216.58.200.14 - mailcious 142.250.66.131 172.217.25.3 142.250.34.2
|
|
|
3.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6778 |
2021-04-01 09:39
|
setup_10.2_mix.exe 5a5355620facf5c0f4da2bea043a47f2VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Exploit Browser ComputerName DNS crashed |
2
https://iplogger.org/favicon.ico https://iplogger.org/1U56q7
|
2
iplogger.org(88.99.66.31) 88.99.66.31 - mailcious
|
|
|
9.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6779 |
2021-04-01 09:40
|
yer5e.exe fae1cf371d316ddd6918efda8b993f72VirusTotal Malware unpack itself crashed |
|
|
|
|
1.2 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6780 |
2021-04-01 09:51
|
44285,5327891204.dat 6a5564a3b29538dcbdacd63636306521Check memory crashed |
|
|
|
|
0.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|