7081 |
2021-04-08 18:32
|
xxxlss.exe 3ee61e1613c898c3078dd7fdaa00b8af Azorult .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
|
|
|
8.2 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7082 |
2021-04-08 18:35
|
3.exe 7c9068127d92ac8179b511617146a8d6 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
1
|
|
|
11.4 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7083 |
2021-04-08 19:43
|
ZenDEngine1.jpg 12e23b234e6739b0148a172be65e665fVirusTotal Malware DNS |
|
|
|
|
1.0 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7084 |
2021-04-08 19:43
|
origg-01.exe 133b4a863e9a9c74b7320f54abf199d7 Azorult .NET framework Check memory Checks debugger unpack itself Windows DNS Cryptographic key |
|
|
|
|
2.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7085 |
2021-04-08 19:43
|
zender.txt 5db24413257332efd03849b64f49b2c1 Antivirus Code Injection Check memory Creates executable files exploit crash unpack itself Windows utilities suspicious process Windows Exploit DNS crashed |
|
3
79.141.170.43 104.26.13.31 104.192.141.1 - mailcious
|
|
|
6.4 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7086 |
2021-04-08 19:43
|
winlog.exe 7b95e7c4b726fb678571f965327eb05cBrowser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://amrp.tw/ozi/gate.php
|
2
amrp.tw(35.195.167.237) 35.195.167.237
|
|
|
8.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7087 |
2021-04-08 19:44
|
SKM_C25832100083932157.exe 67b98281009cbfdb96bfaec29243f173 AsyncRAT backdoor VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces DNS DDNS |
6
http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F0F96D3333F94679C552F5DEB9CE2AF.html - rule_id: 708 http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1C2631A67656349A968652D332BDCE4F.html - rule_id: 708 https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F0F96D3333F94679C552F5DEB9CE2AF.html - rule_id: 709 https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F0F96D3333F94679C552F5DEB9CE2AF.html https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1C2631A67656349A968652D332BDCE4F.html - rule_id: 709 https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1C2631A67656349A968652D332BDCE4F.html
|
4
myliverpoolnews.cf(104.21.56.119) - mailcious severdops.ddns.net(103.151.123.132) - mailcious 104.21.56.119 - mailcious 103.151.123.132 - mailcious
|
|
4
http://myliverpoolnews.cf/liverpool-fc-news/ http://myliverpoolnews.cf/liverpool-fc-news/ https://myliverpoolnews.cf/liverpool-fc-news/ https://myliverpoolnews.cf/liverpool-fc-news/
|
6.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7088 |
2021-04-08 19:45
|
winlog.exe d074162909d26edf4001380da0ae4743VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder DNS |
|
|
|
|
4.2 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7089 |
2021-04-08 19:45
|
2.exe a7e67e6abd539aeddbb9021d23f6f217 Azorult .NET framework Gen1 AsyncRAT backdoor Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser ComputerName DNS Cryptographic key crashed |
10
http://86.107.197.8:38214/ http://195.54.160.9:32972/ http://pokacienon.xyz/ https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/62ab596d-a885-41d2-8876-b14668b5131e/test.exe?Signature=QTjNeEZOEfvGMKnBzCyT7mG4nIg%3D&Expires=1617876243&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=4_MBFBXZdU5kGeZTREx1qRsbERpZ4M_z&response-content-disposition=attachment%3B%20filename%3D%22test.exe%22 https://iplogger.org/favicon.ico https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/9580842f-6891-49c8-802a-149bf1d42264/serv.exe?Signature=pn6i4toRFefu0thF36SY2ehfP5o%3D&Expires=1617875783&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=Iu1.paGkjklgsxTllu12XmiT7Jmt91vp&response-content-disposition=attachment%3B%20filename%3D%22serv.exe%22 https://iplogger.org/1tMzh7 https://api.ip.sb/geoip https://iplogger.org/1tsTg7 https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/a1867a39-2dbe-42c2-b513-5f9bd398e056/newred.exe?Signature=%2Bly8TEK7wfszfC4CJMdwVZNxl90%3D&Expires=1617876376&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=XZ1Wq9dWgSEXAF.IA6b.w7ImqXWWjs9E&response-content-disposition=attachment%3B%20filename%3D%22newred.exe%22
|
12
pokacienon.xyz(79.141.170.43) api.ip.sb(104.26.12.31) bbuseruploads.s3.amazonaws.com(52.217.136.201) - malware bitbucket.org(104.192.141.1) - malware iplogger.org(88.99.66.31) - mailcious 79.141.170.43 52.217.44.156 88.99.66.31 - mailcious 195.54.160.9 86.107.197.8 - mailcious 104.26.13.31 104.192.141.1 - mailcious
|
|
|
17.0 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7090 |
2021-04-08 19:49
|
winlog.exe 3ee47ef2fed1383543fed2509ee9d533VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder DNS |
10
http://www.scanourworld.com/nsag/ - rule_id: 455 http://www.vooronsland.com/nsag/?mHuHyl=ePIbjCfWAeW/4f63AGNXQz6xuO5rUlLypeHea2Yt6EoOWfF6Ojatazd4RPO9Tt4lOMtVTCu7&ExlPiL=Ufg8TTAHSRE http://www.scanourworld.com/nsag/?mHuHyl=RjpY/w7SlG6X0MktOkaS4a7cxyPO11vhmKSgl8HqKcRxVLLhONg71tk1m8LnOJlxdfFnslqN&ExlPiL=Ufg8TTAHSRE - rule_id: 455 http://www.glowtheblog.com/nsag/ - rule_id: 457 http://www.maurobenetti.com/nsag/?mHuHyl=xJgr1zV59J07F/DGN1mBIGYh6nwnQp51UVIcsTyZyeF+aiDjmWFFzzRpr6962uaxDh/K9fQW&ExlPiL=Ufg8TTAHSRE http://www.vooronsland.com/nsag/ http://www.usopencoverage.com/nsag/ - rule_id: 456 http://www.usopencoverage.com/nsag/?mHuHyl=og4DIg58JlKco58KkdqEYNLQLc3eWWfvHIn4nR8VBNKZeGgyeIgd3wA4BT8g076OhyzEqtq0&ExlPiL=Ufg8TTAHSRE - rule_id: 456 http://www.glowtheblog.com/nsag/?mHuHyl=HzZPNJQ8O4WE+bdm4vfaT6k2sBckkYigm/ImWf97pB6lZmCMtuvHJWo30XNbtj7YSTZJJE49&ExlPiL=Ufg8TTAHSRE - rule_id: 457 http://www.maurobenetti.com/nsag/
|
20
www.caresring.com(3.14.206.30) - mailcious www.droneserviceshouston.com(52.58.78.16) - mailcious www.glowtheblog.com(217.160.0.236) www.maurobenetti.com(185.199.111.153) www.vooronsland.com(83.137.149.10) www.usopencoverage.com(94.136.40.51) www.scanourworld.com(34.102.136.180) www.kodairo.com(34.201.8.187) - mailcious www.bkhlep.xyz(150.95.255.38) www.explorerthecity.com(91.195.240.94) 52.15.160.167 91.195.240.94 - phishing 94.136.40.51 - mailcious 52.58.78.16 - mailcious 34.102.136.180 - mailcious 150.95.255.38 - mailcious 217.160.0.236 - mailcious 34.201.8.187 - mailcious 185.199.109.153 - malware 83.137.149.10 - mailcious
|
|
6
http://www.scanourworld.com/nsag/ http://www.scanourworld.com/nsag/ http://www.glowtheblog.com/nsag/ http://www.usopencoverage.com/nsag/ http://www.usopencoverage.com/nsag/ http://www.glowtheblog.com/nsag/
|
6.2 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7091 |
2021-04-09 08:51
|
notabotnet.arc 320b2d861c20714d4fed68bbc64d77c3VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS |
|
|
|
|
5.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7092 |
2021-04-09 08:55
|
lv.exe 845615bf78874fa55758ce6fa4b36084 Glupteba Malicious Library VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed |
|
1
ntEcUNaDbasrbEJM.ntEcUNaDbasrbEJM()
|
|
|
8.4 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7093 |
2021-04-09 08:56
|
hkn.exe 5f968f612f82f74c96dd257793cf917d Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
9.6 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7094 |
2021-04-09 08:58
|
file.exe 3c541941aa60ce757626f3c7ef08ae6b Raccoon Stealer Glupteba VirusTotal Malware PDB unpack itself Windows Remote Code Execution DNS crashed |
|
|
|
|
3.6 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7095 |
2021-04-09 11:35
|
Six.exe 1a50df3a388ce5778e33c2d994edeb7dVirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
1.8 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|