| 6766 |
2021-04-01 09:23
|
tzrvcu.zip d832d70f78937799ed08056442f04442
VirusTotal Malware PDB unpack itself DNS crashed |
|
|
|
|
2.2 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6767 |
2021-04-01 09:23
|
 PgDiju1ksGhtWuA 43bea173f29c6c2859eeb858c3ce2bdd |
|
|
|
|
0.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6768 |
2021-04-01 09:25
|
g8k346sx.rar c56e8818c410cb7a486558a6fad5253d
VirusTotal Malware PDB unpack itself DNS crashed |
|
|
|
|
2.4 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6769 |
2021-04-01 09:26
|
kwhqfq.tar 8bdb981f0211ddf9ddcc34bf32bea729
VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.6 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6770 |
2021-04-01 09:28
|
oqibxmsfz.zip d29310c232038a6dd1f2b8749be5619e
VirusTotal Malware PDB Malicious Traffic unpack itself DNS crashed |
3
http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236418&mv=m&mvi=3&pl=18&shardbypass=yes
http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
https://update.googleapis.com/service/update2?cup2key=10:1131089239&cup2hreq=b1fbf598cff2d879a4bf382cc07193d04fcb89cdad69ea0b0d44ceb3cb86d922
|
4
r3---sn-3u-bh26.gvt1.com(59.18.44.14)
142.250.199.78
59.18.44.14
142.250.66.67
|
|
|
3.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6771 |
2021-04-01 09:32
|
 askinstall31.exe 9d1b497b9d05f015cc768ee06fe6050d
Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder suspicious TLD WriteConsoleW installed browsers check Ransomware Windows Exploit Browser ComputerName Remote Code Execution DNS crashed |
4
http://www.cncode.pw/ - rule_id: 481
http://www.fjzbqb.com/Home/Index/lkdinl - rule_id: 483
http://www.fddnice.pw/ - rule_id: 482
https://iplogger.org/1pdxr7
|
9
iplogger.org(88.99.66.31)
www.fjzbqb.com(188.225.87.175) - mailcious
www.fddnice.pw(103.155.92.58) - mailcious
www.cncode.pw(144.202.76.47) - mailcious
59.18.44.14
88.99.66.31 - mailcious
144.202.76.47
188.225.87.175 - mailcious
103.155.92.58 - mailcious
|
|
3
http://www.cncode.pw/
http://www.fjzbqb.com/Home/Index/lkdinl
http://www.fddnice.pw/
|
12.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6772 |
2021-04-01 09:33
|
 soc.exe 5a0425bfbeae52df2de40d7c067b9b0cBrowser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces malicious URLs installed browsers check Windows Browser Email DNS Software |
5
http://203.159.80.141/LKJHGDS/gate.php
http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236658&mv=m&mvi=3&pcm2cms=yes&pl=18&shardbypass=yes
http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
https://update.googleapis.com/service/update2?cup2key=10:1403012316&cup2hreq=66305915241c4634f51031e5bc7c5d4bdf4e8c4f63e65e37b4ec8569d469c62c
https://www.bing.com/
|
8
r3---sn-3u-bh26.gvt1.com(59.18.44.14)
www.google.com(172.217.25.100)
203.159.80.141
142.250.199.68
59.18.44.14
13.107.21.200
142.250.199.78
142.250.66.67
|
|
|
14.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6773 |
2021-04-01 09:33
|
 payment_03939.exe b65ddd031511351f6b971e657e78ede8VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.8 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6774 |
2021-04-01 09:34
|
bYZtFqTM 5a16eedc14b68099c21169a2c91f89d3 |
|
|
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6775 |
2021-04-01 09:36
|
 regasm.exe bc69057557208d7533ae8a1892273b68Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software |
1
http://msslrsa-motherson.com/coco/coco4/fre.php
|
2
msslrsa-motherson.com(185.209.1.109)
185.209.1.109
|
|
|
13.0 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6776 |
2021-04-01 09:37
|
 askinstall32.exe 5daa2140732ce865b202962807d107b1
Gen Browser Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Ransomware Windows Exploit Browser ComputerName Remote Code Execution DNS crashed |
4
http://www.cncode.pw/ - rule_id: 481
http://www.fjzbqb.com/Home/Index/lkdinl - rule_id: 483
http://www.fddnice.pw/ - rule_id: 482
https://iplogger.org/1Pdet7
|
9
iplogger.org(88.99.66.31)
www.fjzbqb.com(188.225.87.175) - mailcious
www.fddnice.pw(103.155.92.58) - mailcious
www.cncode.pw(144.202.76.47) - mailcious
59.18.44.14
88.99.66.31 - mailcious
144.202.76.47
188.225.87.175 - mailcious
103.155.92.58 - mailcious
|
|
3
http://www.cncode.pw/
http://www.fjzbqb.com/Home/Index/lkdinl
http://www.fddnice.pw/
|
11.8 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6777 |
2021-04-01 09:38
|
slyla0.tar 0a93401ba77815b37c6301abdd7dc528VirusTotal Malware PDB Malicious Traffic unpack itself DNS crashed |
3
http://edgedl.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
https://update.googleapis.com/service/update2?cup2key=10:480555301&cup2hreq=b80a2af7daed8b780ff89dc8715ac20874a4399172450b9710e682e39b0c9a7b
https://update.googleapis.com/service/update2
|
5
edgedl.gvt1.com(142.250.34.2)
216.58.200.14 - mailcious
142.250.66.131
172.217.25.3
142.250.34.2
|
|
|
3.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6778 |
2021-04-01 09:39
|
 setup_10.2_mix.exe 5a5355620facf5c0f4da2bea043a47f2VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Exploit Browser ComputerName DNS crashed |
2
https://iplogger.org/favicon.ico
https://iplogger.org/1U56q7
|
2
iplogger.org(88.99.66.31)
88.99.66.31 - mailcious
|
|
|
9.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6779 |
2021-04-01 09:40
|
yer5e.exe fae1cf371d316ddd6918efda8b993f72VirusTotal Malware unpack itself crashed |
|
|
|
|
1.2 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6780 |
2021-04-01 09:51
|
44285,5327891204.dat 6a5564a3b29538dcbdacd63636306521Check memory crashed |
|
|
|
|
0.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|