| 7156 |
2023-11-11 16:48
|
 r-3 4d2339ce6c18eca6fd0945de4d2ade61
Malicious Library Downloader UPX PE32 PE File DLL ZIP Format JPEG Format Malware download Malware Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://122.10.27.116:7800/1
http://122.10.27.116:7800/2
http://122.10.27.116:7800/3
http://122.10.27.116:7800/4
|
2
feetifu.net() - mailcious
122.10.27.116 - malware
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7157 |
2023-11-11 16:47
|
 j-8 da257f4a293c128fb3b4172eecd865af
Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://154.39.250.33:8000/3
http://154.39.250.33:8000/2
http://154.39.250.33:8000/1
http://154.39.250.33:8000/4
|
2
feetifu.net() - mailcious
154.39.250.33 - malware
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
8.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7158 |
2023-11-11 16:43
|
 j-13 2d56b2af47d1e3575ccd27b406f59d03
Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://216.83.53.161:8000/2
http://216.83.53.161:8000/3
http://216.83.53.161:8000/1
http://216.83.53.161:8000/4
|
1
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7159 |
2023-11-11 16:43
|
 build.exe ae2ea51f300a9e7227fbd00eb72862d1
Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows crashed |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7160 |
2023-11-11 16:42
|
 j-25 26ea303f8ddc0412ae7f9a5ce6f85e5e
Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://154.39.239.56:8000/1
http://154.39.239.56:8000/3
http://154.39.239.56:8000/2
http://154.39.239.56:8000/4
|
1
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7161 |
2023-11-11 16:40
|
siparis_listesi.pdf.jar e49231cd68ccb128e6f4a212c7398048
ZIP Format Check memory heapspray unpack itself Java |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7162 |
2023-11-11 16:39
|
 mvpuspgqwk.exe d8a34898267e26baf617b17a93b2a8e7
Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows Remote Code Execution crashed |
|
|
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7163 |
2023-11-11 16:38
|
 checnow.exe 0597f876d97f41d70b756bf8e386074f
Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows Remote Code Execution crashed |
|
|
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7164 |
2023-11-11 16:38
|
wezg.vbs aab95e79e0cb76d5b9740c28b4b503edwscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7165 |
2023-11-11 16:37
|
 appx.jpg.exe 2b4ce8a4efe44bca4f79f8ca5a9588d8
Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check PDB |
|
|
|
|
0.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7166 |
2023-11-11 16:36
|
 cfyjsswdds.exe 9a39f83bf263a651eab2fed7cbabfb29
Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows Remote Code Execution crashed |
|
|
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7167 |
2023-11-11 16:35
|
 1699458184-explorer(1).exe 8a388d87667cbbdfb74df1fb27cf242b
PE File PE64 MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7168 |
2023-11-11 16:35
|
 SIPARIS_62444520.PDF.jar c9000f0381622e97f6bdd056b9a30a8f
ZIP Format Check memory Checks debugger WMI RWX flags setting unpack itself Windows utilities suspicious process Windows ComputerName crashed |
|
|
|
|
3.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7169 |
2023-11-11 16:34
|
 AWB #150322019650021pdf.exe 9956c68ad442c6a67bff5b540c62b961
AgentTesla Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
|
4
api.ipify.org(173.231.16.77)
smtp.yandex.com(77.88.21.158)
104.237.62.212
77.88.21.158
|
5
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
SURICATA Applayer Detect protocol only one direction
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7170 |
2023-11-11 16:34
|
 1 25cb8a835938b25727100c2655bdbad1
Downloader UPX PE32 PE File Check memory crashed |
|
|
|
|
1.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|