7141 |
2021-04-12 08:04
|
chrome_elf.dll 98e44115d6f4faaa25524d66776c4eb7 VirusTotal Malware AutoRuns Check memory Checks debugger RWX flags setting unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Remote Code Execution DNS |
|
1
|
|
|
5.6 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7142 |
2021-04-12 10:11
|
1.dotm 33aaf4c68958e89ce690265369e151d6 VirusTotal Malware Code Injection unpack itself DNS |
2
http://dotnet.microsoft.com:88/Docs?dotnet=wac http://dotnet.microsoft.com:88/logo1.gif
|
1
|
|
|
5.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7143 |
2021-04-12 10:42
|
delete.exe fca72b6de6d5d9eeab811974eb6a1dbc Cryptocurrency Miner Cryptocurrency PDB suspicious privilege Code Injection Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Remote Code Execution DNS crashed |
|
|
|
|
8.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7144 |
2021-04-12 10:44
|
delete.exe fca72b6de6d5d9eeab811974eb6a1dbc Cryptocurrency Miner Cryptocurrency PDB suspicious privilege Code Injection Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Remote Code Execution DNS crashed |
|
1
|
|
|
8.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7145 |
2021-04-12 10:44
|
mazx.exe a7f014f4fe566e48e794b79661aef18e AsyncRAT backdoor VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName DNS |
3
http://asdcqwdwqx.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2C22351F713CEE29DFD4FCCADD4D4364.html - rule_id: 680 http://asdcqwdwqx.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A8DBD5B040DB5405A655876B8B321043.html - rule_id: 680 http://asdcqwdwqx.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E605B6C9826FFAFDD6E622A660B7F5DA.html - rule_id: 680
|
2
asdcqwdwqx.gq(104.21.15.11) - mailcious 172.67.160.253
|
|
3
http://asdcqwdwqx.gq/liverpool-fc-news/ http://asdcqwdwqx.gq/liverpool-fc-news/ http://asdcqwdwqx.gq/liverpool-fc-news/
|
4.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7146 |
2021-04-12 10:47
|
aXSz3.exe 6f504e4d2887038775a8636d246f38a1 Antivirus Browser Info Stealer FTP Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Interception Windows Browser ComputerName DNS Cryptographic key Software |
2
http://prtboss.com/collect.php
http://23.92.213.108/po/tai1.exe
|
3
prtboss.com(111.90.156.90) 23.92.213.108 - malware
111.90.156.90
|
|
|
17.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7147 |
2021-04-12 10:48
|
yugox.exe 367efadcea9adefd0ac04eda7446736a AsyncRAT backdoor Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName |
3
http://asdcqwdwqx.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B801112608DBB79D02282F43F064EA2C.html - rule_id: 680 http://asdcqwdwqx.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-D6CBA35C85D30C9F84051AB06A70D405.html - rule_id: 680 http://asdcqwdwqx.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-1CE101FF82FA78995C03665FD307D022.html - rule_id: 680
|
2
asdcqwdwqx.gq(172.67.160.253) - mailcious 172.67.160.253
|
|
3
http://asdcqwdwqx.gq/liverpool-fc-news/ http://asdcqwdwqx.gq/liverpool-fc-news/ http://asdcqwdwqx.gq/liverpool-fc-news/
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7148 |
2021-04-12 10:49
|
32a1.com ec052b150b112e80d0bfb4b8d0ff8eb9AutoRuns PDB Check memory Creates executable files unpack itself Check virtual network interfaces WriteConsoleW Windows Remote Code Execution Firmware DNS |
|
2
singapore01.hashvault.pro(131.153.76.130) - mailcious 131.153.76.130
|
|
|
5.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7149 |
2021-04-12 10:51
|
brasch.exe d035bf4abd2cebd5d851b425e02d9e83 Loki Azorult .NET framework AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software crashed |
1
http://becharnise.ir/fb8/fre.php - rule_id: 436
|
2
becharnise.ir(194.5.178.163) - mailcious 194.5.178.163
|
|
1
http://becharnise.ir/fb8/fre.php
|
13.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7150 |
2021-04-12 10:52
|
64a1.com 829c8b46d2fcfbcb7f5c2e3545a4c4a3 Antivirus VirusTotal Malware AutoRuns PDB Check memory Creates executable files unpack itself Auto service Check virtual network interfaces sandbox evasion Windows Browser ComputerName Remote Code Execution Firmware DNS |
|
2
pool.hashvault.pro(131.153.159.26) - mailcious 131.153.76.130
|
|
|
8.2 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7151 |
2021-04-12 10:53
|
aguerox.exe 99b84053fd2d502626a1f78394fbf8f2 AsyncRAT backdoor VirusTotal Malware |
|
1
myliverpoolnews.cf() - mailcious
|
|
|
1.2 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7152 |
2021-04-12 10:56
|
Echelon_protected.exe 4f96ba78b8078180158c591099449438Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces VMware anti-virtualization IP Check installed browsers check Windows Browser Email ComputerName Firmware Cryptographic key Software crashed |
10
http://ip-api.com/xml http://gfs270n073.userstorage.mega.co.nz/ul/xgaQneBEIRVzYwLED97KsQNhv0ditYBD6ozkZpk9FbMK1maOg8S-cDomTZW5nMP0Q9ErqqQDkJboBNWxgzPTDQ/0 https://g.api.mega.co.nz/cs?id=4201891159&ak=axhQiYyQ&sid=rYRikyRocb7u9afiHMeXJ2dseVJjSHBWUHlvBRXTQG5qA3UEnDh_YGMCFg https://g.api.mega.co.nz/cs?id=4201891154&ak=axhQiYyQ https://g.api.mega.co.nz/cs?id=4201891158&ak=axhQiYyQ&sid=rYRikyRocb7u9afiHMeXJ2dseVJjSHBWUHlvBRXTQG5qA3UEnDh_YGMCFg https://g.api.mega.co.nz/cs?id=4201891160&ak=axhQiYyQ&sid=rYRikyRocb7u9afiHMeXJ2dseVJjSHBWUHlvBRXTQG5qA3UEnDh_YGMCFg https://api.ipify.org/ https://g.api.mega.co.nz/cs?id=4201891157&ak=axhQiYyQ&sid=rYRikyRocb7u9afiHMeXJ2dseVJjSHBWUHlvBRXTQG5qA3UEnDh_YGMCFg https://g.api.mega.co.nz/cs?id=4201891156&ak=axhQiYyQ&sid=rYRikyRocb7u9afiHMeXJ2dseVJjSHBWUHlvBRXTQG5qA3UEnDh_YGMCFg https://g.api.mega.co.nz/cs?id=4201891155&ak=axhQiYyQ
|
8
gfs270n073.userstorage.mega.co.nz(89.44.168.214) api.ipify.org(50.19.96.218) g.api.mega.co.nz(66.203.125.11) ip-api.com(208.95.112.1) 66.203.125.11 23.21.252.4 89.44.168.214 208.95.112.1
|
|
|
12.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7153 |
2021-04-12 10:57
|
mbachux.exe eb00c33045168dfd28843d22e8038269 AsyncRAT backdoor VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName |
3
http://asdcqwdwqx.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-4FE149FB71B79E461BA0B66A88E0406F.html - rule_id: 680 http://asdcqwdwqx.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-30AF486201209BF684C18BE21C14C2A0.html - rule_id: 680 http://asdcqwdwqx.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-60F4F2B25784255F951461B3B3336EB7.html - rule_id: 680
|
2
asdcqwdwqx.gq(172.67.160.253) - mailcious 104.21.15.11 - mailcious
|
|
3
http://asdcqwdwqx.gq/liverpool-fc-news/ http://asdcqwdwqx.gq/liverpool-fc-news/ http://asdcqwdwqx.gq/liverpool-fc-news/
|
3.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7154 |
2021-04-12 10:57
|
DCRatBuild.exe 775b36643d8ded334c9411920713a711 AsyncRAT backdoor VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Windows ComputerName Remote Code Execution DNS crashed |
5
http://82.146.59.236/processorDefault.php?MlqRJsMa1QMYKi=JiLYs2Wrxn&Fz95wpigN=qS7WYrUCPZjp5FgbO&aabb8f74bac12735e9499cd9c6b8baf5=365da4edf7808b477a8d10cbf7405c61&f53d57fa5ca170272892cd3c6aa17be0=wY3AzM2ITM5YWNmljN3UDO4YDN5gjYjljMhZTO3M2YmZTOilTY2cjN&MlqRJsMa1QMYKi=JiLYs2Wrxn&Fz95wpigN=qS7WYrUCPZjp5FgbO http://82.146.59.236/processorDefault.php?MlqRJsMa1QMYKi=JiLYs2Wrxn&Fz95wpigN=qS7WYrUCPZjp5FgbO&8132fb67618ecd9be106ef9ba3717022=QM5EjZxU2YjdTZykDNwQjN3YzN2IDNjlTZ0UzYwYWY2YmMlRDN0MGM5cjNwcTN2gjM0QzNwkDN&f53d57fa5ca170272892cd3c6aa17be0=ANxYmZ0ETN3QzNhZ2MzQWZkRjM2UGOzU2N5I2YyEDZmNjZ0YjZ1kDZ&095b88682a67bcf69516cfbd401a51e6=u4iL5J3b0NWZylGZgcmbp5mbhN2U&c5c532831db1a7dab19172319a0ff14a=ANwMjZlBDM0MGMhJTOkVzNjlDOkRDZiRWO0MzM0EDMjNWZwQDNzEjN&c6dd1cba03876c3affd0f11b003ca4a6=QNwQDN2U2YiZGO2gTNyImZ5ITY4ATNiBjZ3kzYlJTYxATYwIzMzIjZ http://82.146.59.236/processorDefault.php?MlqRJsMa1QMYKi=JiLYs2Wrxn&Fz95wpigN=qS7WYrUCPZjp5FgbO&8132fb67618ecd9be106ef9ba3717022=QM5EjZxU2YjdTZykDNwQjN3YzN2IDNjlTZ0UzYwYWY2YmMlRDN0MGM5cjNwcTN2gjM0QzNwkDN&f53d57fa5ca170272892cd3c6aa17be0=ANxYmZ0ETN3QzNhZ2MzQWZkRjM2UGOzU2N5I2YyEDZmNjZ0YjZ1kDZ&daa9160ddf6ef6047103286e2afebca3=ANwMjZlBDM0MGMhJTOkVzNjlDOkRDZiRWO0MzM0EDMjNWZwQDNzEjN&10f2fa0bda69a6c3f898819a603f080d=wYhRjY4cjZ0M2M0IGO2EGMycTN1QDMiVWZiNDZ1YzMlV2N0U2N0MjZ&095b88682a67bcf69516cfbd401a51e6=9JicldWYuFWTg0WYyd2byBlI6IydvRmbpdFVDFkIsISWiojIulWbkF0cpJCLi4kI6ISbhNmYld1cpJCLiklI6ISZu9Gaw9mcjlWTzlmIsIiI6IyRBRlIsICdpJEI0YDIOtEIsFmbvl2czVmZvJHUgcDIzd3bk5WaXJiOiIXZW5WaXJCL9JCa0VXYn5WazNXat9CXvlmLvZmbpBXavw1LcpzcwRHdoJiOiUWbkFWZyJCLiwWdvV2UvwVYpNXQiojIl52b6VWbpRnIsIiN4EzMwIiOiwWY0N3bwJCLi02bjVGblRFIhVmcvtEI2YzN0MVQiojInJ3biwiI0gzN54iNyEDLwYjN14yNzIiOiM2bsJCLiI1SiojI5JHduV3bjJCLiwWdvV2UiojIu9WanVmciwiIsV3blNlI6ISe0l2YiwiIwUTMuQzMx4COwIjL1cTMiojIwlmI7pjIvZmbJBXSiwiIyIDdzVGdiojIl1WYOJXZzVlIsIyQQ1iMyQ1UFRlI6ISZtFmTDBlIsICOuAjL0IiOiIXZWJXZ2JXZTJCLiMyQiojIlBXeUJXZ2JXZTJye&c5c532831db1a7dab19172319a0ff14a=ANwMjZlBDM0MGMhJTOkVzNjlDOkRDZiRWO0MzM0EDMjNWZwQDNzEjN&c6dd1cba03876c3affd0f11b003ca4a6=QZ0gzYlVTY4YzN3QmMlRWNzQ2YxcjMhdTNmhDMkdTMlFTY5kjZ3gzM http://82.146.59.236/processorDefault.php?MlqRJsMa1QMYKi=JiLYs2Wrxn&Fz95wpigN=qS7WYrUCPZjp5FgbO&46203bcc475d4509a3a86d65325f8855=d0f20e2b176e1456ae89e4aa36cdd07d&MlqRJsMa1QMYKi=JiLYs2Wrxn&Fz95wpigN=qS7WYrUCPZjp5FgbO https://ipinfo.io/json
|
5
ipinfo.io(216.239.32.21) 82.146.59.236 216.239.36.21 - phishing 193.218.118.85 - mailcious 131.153.76.130
|
|
|
12.6 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7155 |
2021-04-12 10:58
|
tai1.exe 83a82cacf8a42eb833b95c0985095457Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic unpack itself sandbox evasion installed browsers check Interception Browser DNS Software |
1
http://prtboss.com/collect.php
|
2
prtboss.com(111.90.156.90) 111.90.156.90
|
|
|
6.8 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|