| 7306 |
2021-04-16 10:06
|
orr7-10.exe 0fc5f7aa1cb8fe99a341fbcb61e453da
Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
8.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7307 |
2021-04-16 10:07
|
xxxx9-09.exe 437c33588f8d349c2875e0e537cdecaf
Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
|
|
|
8.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7308 |
2021-04-16 10:09
|
xxxx9-10.exe 36df7b55afe102a9359a270f8a38083d
Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
8.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7309 |
2021-04-16 10:10
|
orr7.exe 3e79bddc425da8d5bb1eb87f6721bfa6
Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
10.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7310 |
2021-04-16 10:14
|
 vbc.exe fb861097be51a4c1f963c83f6d6053fbFormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Checks debugger buffers extracted unpack itself Remote Code Execution DNS |
26
http://www.gritchiecharcoal.com/qjnt/?GVoxs=dVs14fUu2Ven2658hBFx9jliZTLZEVHuVQGBY3ziSv8BPTKHH6vE10KIv0y/hbAn0E72jEmA&5jr=UlSt - rule_id: 789
http://www.gailrichardson.com/qjnt/?GVoxs=cQpYuVHVGObCoOy3oJObHgw0bCNAclVj5U/7sRdD/qRSo/tXEB2YKGAusTd/rcUBeGIQZ61D&5jr=UlSt - rule_id: 797
http://www.startrekepisode.com/qjnt/?GVoxs=5+BnPckFTRrJGxaMVUv0BF1FKPa8eJDIfTmAxOSqxwEOI5f2tl64h5cJxkg2lQOsq3TBX7Br&5jr=UlSt - rule_id: 786
http://www.californiaredstate.com/qjnt/ - rule_id: 796
http://www.warriornotesgolbalprayer.com/qjnt/?GVoxs=NZEjDeTbQWI4t+jLVj6ckcPfHkTvqBwW1gJjjcociDWZiHYNHkrr42q5Qu5MGWq/DbzHTKzP&5jr=UlSt - rule_id: 787
http://www.eoapdj.com/qjnt/?GVoxs=tDoVZ8LrXdfM2UePKwC2rJ8resXPJc2dnDhd6WgKQtKZKBlahDoyQOcxbwTJkNKzfSZAVv0R&5jr=UlSt - rule_id: 963
http://www.graniteinaminute.com/qjnt/ - rule_id: 875
http://www.startrekepisode.com/qjnt/ - rule_id: 786
http://www.crochenista.com/qjnt/ - rule_id: 788
http://www.potviper.com/qjnt/
http://www.4608capaydrive.com/qjnt/?GVoxs=iLUFueU10hOppTwP3ag0TEkx55OWImdDKFK/X6WyCwcuL4AvnIYcIMaE+BFiiDsTNyxyLE8j&5jr=UlSt
http://www.crochenista.com/qjnt/?GVoxs=J6zJO2/PwCYDrPfd6ahXoqg8qe3TXVYRwNW46sX1F3TUCNiZ+HIDBehPRyNHfGKllpDSpMGn&5jr=UlSt - rule_id: 788
http://www.4608capaydrive.com/qjnt/
http://www.investiose.info/qjnt/?GVoxs=ZxcvZy8ZLczqtvfEla7uZ1L3KAM6BWVTFYDKbjT+DQ7ivFAcZk5kBU1oTK1xQfOK60beZP/V&5jr=UlSt - rule_id: 876
http://www.potviper.com/qjnt/?GVoxs=S2pLJQ56SFKSAj7UcVU/hxx54jK3fBRD9w/6371FREoT6cUtpaNEoawUGeYwfPT+9gmkOdMX&5jr=UlSt
http://www.sligogolfacademy.com/qjnt/ - rule_id: 791
http://www.gritchiecharcoal.com/qjnt/ - rule_id: 789
http://www.eoapdj.com/qjnt/ - rule_id: 963
http://www.graniteinaminute.com/qjnt/?GVoxs=Kc40ChrvGMsz5sDUgJdI1Tm80ndRwqOobrZe5CnH/KVtq0OHhWuXcnL+C6x+hGBLT8rXGqGg&5jr=UlSt - rule_id: 875
http://www.warriornotesgolbalprayer.com/qjnt/ - rule_id: 787
http://www.sembachtigers.info/qjnt/?GVoxs=+Yp94tLL6Z+72WMpgDjwP3Oyxs1A784iv/kiT+2T4sgwKfW7AAGEyVE3ppqLFrE+wMT4F9ry&5jr=UlSt
http://www.sembachtigers.info/qjnt/
http://www.gailrichardson.com/qjnt/ - rule_id: 797
http://www.sligogolfacademy.com/qjnt/?GVoxs=jW8pZHGrNu+IDaEzBY5u1VpwwzeNUmqGp5ujPvgX8FP3RhC0Cv3sVN1JA0V0HBZXOpjzOmY1&5jr=UlSt - rule_id: 791
http://www.californiaredstate.com/qjnt/?GVoxs=zQPqhV0zjwqOH7+4I463/IP/2KgA+kN0HIdOkui6XhPhedEq6pmyyx37MiuAH/2FJlIb70cd&5jr=UlSt - rule_id: 796
http://www.investiose.info/qjnt/ - rule_id: 876
|
25
www.graniteinaminute.com(182.50.132.242)
www.4608capaydrive.com(3.233.171.147)
www.crochenista.com(162.241.216.98)
www.startrekepisode.com(34.102.136.180)
www.gritchiecharcoal.com(94.136.40.51)
www.eoapdj.com(45.39.88.198)
www.bhcsva.com() - mailcious
www.potviper.com(50.118.250.118)
www.halostreams.net() - mailcious
www.sligogolfacademy.com(104.232.64.103)
www.investiose.info(34.102.136.180)
www.californiaredstate.com(34.102.136.180)
www.sembachtigers.info(172.217.175.243)
www.gailrichardson.com(52.58.78.16)
www.warriornotesgolbalprayer.com(34.102.136.180)
3.233.171.147
162.241.216.98 - mailcious
45.39.88.198 - mailcious
94.136.40.51 - mailcious
52.58.78.16 - mailcious
34.102.136.180 - mailcious
104.232.64.103 - mailcious
198.71.232.3 - mailcious
216.58.220.211
50.118.250.118
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
20
http://www.gritchiecharcoal.com/qjnt/
http://www.gailrichardson.com/qjnt/
http://www.startrekepisode.com/qjnt/
http://www.californiaredstate.com/qjnt/
http://www.warriornotesgolbalprayer.com/qjnt/
http://www.eoapdj.com/qjnt/
http://www.graniteinaminute.com/qjnt/
http://www.startrekepisode.com/qjnt/
http://www.crochenista.com/qjnt/
http://www.crochenista.com/qjnt/
http://www.investiose.info/qjnt/
http://www.sligogolfacademy.com/qjnt/
http://www.gritchiecharcoal.com/qjnt/
http://www.eoapdj.com/qjnt/
http://www.graniteinaminute.com/qjnt/
http://www.warriornotesgolbalprayer.com/qjnt/
http://www.gailrichardson.com/qjnt/
http://www.sligogolfacademy.com/qjnt/
http://www.californiaredstate.com/qjnt/
http://www.investiose.info/qjnt/
|
9.0 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7311 |
2021-04-16 14:59
|
 vbc.exe fb861097be51a4c1f963c83f6d6053fb
Generic Malware VirusTotal Malware suspicious privilege Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution |
|
|
|
|
7.2 |
M |
44 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7312 |
2021-04-16 18:03
|
 orr7-02.exe c1a7b6180d5dc3ab24df1d3a2a5532b9
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
11.6 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7313 |
2021-04-16 18:04
|
 winsdk.exe 35ab7b989418f63d814895500fe6617b
Process Kill FindFirstVolume CryptGenKey VirusTotal Cryptocurrency Miner Malware Cryptocurrency suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder suspicious TLD WriteConsoleW Tofsee Windows Tor ComputerName DNS |
1
|
9
pool.hashvault.pro(131.153.159.26) - mailcious
ezstat.ru(88.99.66.31) - mailcious
51.75.169.249
145.239.66.236
176.10.104.240 - mailcious
88.99.66.31 - mailcious
163.172.157.213 - mailcious
54.36.227.247
131.153.76.130 - mailcious
|
8
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 633
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 647
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 199
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 174
ET TOR Known Tor Exit Node Traffic group 20
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 20
ET POLICY Cryptocurrency Miner Checkin
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7314 |
2021-04-16 18:06
|
orr7-03.exe 3e79bddc425da8d5bb1eb87f6721bfa6
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
10.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7315 |
2021-04-16 18:07
|
file.txt 1f130569a8373dfae4f387d4757769cf
AsyncRAT backdoor Browser Info Stealer Malware download VirusTotal Malware IoC PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk suspicious TLD sandbox evasion VM Disk Size Check installed browsers check DiamondFox Windows Browser ComputerName Trojan DNS crashed |
6
http://vladisfoxlink.ru/support/enfr/gate.php?gpp=1
http://vladisfoxlink.ru/support/enfr/gate.php?ct=1
http://vladisfoxlink.ru/support/enfr/gate.php?1df=01A01720988C
http://vladisfoxlink.ru/support/enfr/gate.php?p=1
http://vladisfoxlink.ru/support/enfr/gate.php
http://vladisfoxlink.ru/support/enfr/gate.php?pl=1
|
4
vladisfoxlink.ru(45.85.90.7) - mailcious
45.85.90.7
88.99.66.31 - mailcious
131.153.76.130 - mailcious
|
5
ET MALWARE Generic gate[.].php GET with minimal headers
ET HUNTING Suspicious GET To gate.php with no Referer
ET MALWARE Trojan Generic - POST To gate.php with no referer
ET MALWARE Trojan Generic - POST To gate.php with no accept headers
ET MALWARE DiamondFox HTTP Post CnC Checkin M3
|
|
15.4 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7316 |
2021-04-16 18:08
|
 TinyTake_v_5_2_19.exe 6f6ef1b4659a3e4724c20f551541161b
VMProtect VirusTotal Malware Checks debugger ICMP traffic unpack itself DNS |
|
2
|
|
|
5.6 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7317 |
2021-04-16 18:08
|
 xxxx9-02.exe 4071c5e2f3e94a1276801d76c124b186
AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed |
|
|
|
|
5.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7318 |
2021-04-16 18:10
|
 winlog.exe e4c965e4ab3053c66ac8873a17935202
Glupteba VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
2.8 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7319 |
2021-04-16 18:12
|
wealthsecx.exe 412968efeaa2cb9312bd12f20b0938e7
AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
|
|
|
13.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7320 |
2021-04-16 18:51
|
 46911997163.exe 66e25d4c12fb491e0a5c5b8dcd9fa85aVulnerability VirusTotal Malware MachineGuid Check memory Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check human activity check |
|
|
|
|
4.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|