7156 |
2023-11-11 16:48
|
r-3 4d2339ce6c18eca6fd0945de4d2ade61 Malicious Library Downloader UPX PE32 PE File DLL ZIP Format JPEG Format Malware download Malware Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://122.10.27.116:7800/1 http://122.10.27.116:7800/2 http://122.10.27.116:7800/3 http://122.10.27.116:7800/4
|
2
feetifu.net() - mailcious 122.10.27.116 - malware
|
6
ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/WSF Downloader Dec 08 2016 M7 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7157 |
2023-11-11 16:47
|
j-8 da257f4a293c128fb3b4172eecd865af Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://154.39.250.33:8000/3 http://154.39.250.33:8000/2 http://154.39.250.33:8000/1 http://154.39.250.33:8000/4
|
2
feetifu.net() - mailcious 154.39.250.33 - malware
|
6
ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/WSF Downloader Dec 08 2016 M7 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
8.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7158 |
2023-11-11 16:43
|
j-13 2d56b2af47d1e3575ccd27b406f59d03 Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://216.83.53.161:8000/2 http://216.83.53.161:8000/3 http://216.83.53.161:8000/1 http://216.83.53.161:8000/4
|
1
|
6
ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/WSF Downloader Dec 08 2016 M7 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7159 |
2023-11-11 16:43
|
build.exe ae2ea51f300a9e7227fbd00eb72862d1 Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows crashed |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7160 |
2023-11-11 16:42
|
j-25 26ea303f8ddc0412ae7f9a5ce6f85e5e Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://154.39.239.56:8000/1 http://154.39.239.56:8000/3 http://154.39.239.56:8000/2 http://154.39.239.56:8000/4
|
1
|
6
ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/WSF Downloader Dec 08 2016 M7 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7161 |
2023-11-11 16:40
|
siparis_listesi.pdf.jar e49231cd68ccb128e6f4a212c7398048 ZIP Format Check memory heapspray unpack itself Java |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7162 |
2023-11-11 16:39
|
mvpuspgqwk.exe d8a34898267e26baf617b17a93b2a8e7 Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows Remote Code Execution crashed |
|
|
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7163 |
2023-11-11 16:38
|
checnow.exe 0597f876d97f41d70b756bf8e386074f Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows Remote Code Execution crashed |
|
|
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7164 |
2023-11-11 16:38
|
wezg.vbs aab95e79e0cb76d5b9740c28b4b503edwscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious 172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7165 |
2023-11-11 16:37
|
appx.jpg.exe 2b4ce8a4efe44bca4f79f8ca5a9588d8 Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check PDB |
|
|
|
|
0.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7166 |
2023-11-11 16:36
|
cfyjsswdds.exe 9a39f83bf263a651eab2fed7cbabfb29 Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows Remote Code Execution crashed |
|
|
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7167 |
2023-11-11 16:35
|
1699458184-explorer(1).exe 8a388d87667cbbdfb74df1fb27cf242b PE File PE64 MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7168 |
2023-11-11 16:35
|
SIPARIS_62444520.PDF.jar c9000f0381622e97f6bdd056b9a30a8f ZIP Format Check memory Checks debugger WMI RWX flags setting unpack itself Windows utilities suspicious process Windows ComputerName crashed |
|
|
|
|
3.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7169 |
2023-11-11 16:34
|
AWB #150322019650021pdf.exe 9956c68ad442c6a67bff5b540c62b961 AgentTesla Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
|
4
api.ipify.org(173.231.16.77) smtp.yandex.com(77.88.21.158) 104.237.62.212 77.88.21.158
|
5
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup SURICATA Applayer Detect protocol only one direction ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7170 |
2023-11-11 16:34
|
1 25cb8a835938b25727100c2655bdbad1 Downloader UPX PE32 PE File Check memory crashed |
|
|
|
|
1.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|