7306 |
2021-04-16 10:06
|
orr7-10.exe 0fc5f7aa1cb8fe99a341fbcb61e453da Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
8.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7307 |
2021-04-16 10:07
|
xxxx9-09.exe 437c33588f8d349c2875e0e537cdecaf Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
|
|
|
8.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7308 |
2021-04-16 10:09
|
xxxx9-10.exe 36df7b55afe102a9359a270f8a38083d Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
8.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7309 |
2021-04-16 10:10
|
orr7.exe 3e79bddc425da8d5bb1eb87f6721bfa6 Azorult .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
10.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7310 |
2021-04-16 10:14
|
vbc.exe fb861097be51a4c1f963c83f6d6053fbFormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Checks debugger buffers extracted unpack itself Remote Code Execution DNS |
26
http://www.gritchiecharcoal.com/qjnt/?GVoxs=dVs14fUu2Ven2658hBFx9jliZTLZEVHuVQGBY3ziSv8BPTKHH6vE10KIv0y/hbAn0E72jEmA&5jr=UlSt - rule_id: 789 http://www.gailrichardson.com/qjnt/?GVoxs=cQpYuVHVGObCoOy3oJObHgw0bCNAclVj5U/7sRdD/qRSo/tXEB2YKGAusTd/rcUBeGIQZ61D&5jr=UlSt - rule_id: 797 http://www.startrekepisode.com/qjnt/?GVoxs=5+BnPckFTRrJGxaMVUv0BF1FKPa8eJDIfTmAxOSqxwEOI5f2tl64h5cJxkg2lQOsq3TBX7Br&5jr=UlSt - rule_id: 786 http://www.californiaredstate.com/qjnt/ - rule_id: 796 http://www.warriornotesgolbalprayer.com/qjnt/?GVoxs=NZEjDeTbQWI4t+jLVj6ckcPfHkTvqBwW1gJjjcociDWZiHYNHkrr42q5Qu5MGWq/DbzHTKzP&5jr=UlSt - rule_id: 787 http://www.eoapdj.com/qjnt/?GVoxs=tDoVZ8LrXdfM2UePKwC2rJ8resXPJc2dnDhd6WgKQtKZKBlahDoyQOcxbwTJkNKzfSZAVv0R&5jr=UlSt - rule_id: 963 http://www.graniteinaminute.com/qjnt/ - rule_id: 875 http://www.startrekepisode.com/qjnt/ - rule_id: 786 http://www.crochenista.com/qjnt/ - rule_id: 788 http://www.potviper.com/qjnt/ http://www.4608capaydrive.com/qjnt/?GVoxs=iLUFueU10hOppTwP3ag0TEkx55OWImdDKFK/X6WyCwcuL4AvnIYcIMaE+BFiiDsTNyxyLE8j&5jr=UlSt http://www.crochenista.com/qjnt/?GVoxs=J6zJO2/PwCYDrPfd6ahXoqg8qe3TXVYRwNW46sX1F3TUCNiZ+HIDBehPRyNHfGKllpDSpMGn&5jr=UlSt - rule_id: 788 http://www.4608capaydrive.com/qjnt/ http://www.investiose.info/qjnt/?GVoxs=ZxcvZy8ZLczqtvfEla7uZ1L3KAM6BWVTFYDKbjT+DQ7ivFAcZk5kBU1oTK1xQfOK60beZP/V&5jr=UlSt - rule_id: 876 http://www.potviper.com/qjnt/?GVoxs=S2pLJQ56SFKSAj7UcVU/hxx54jK3fBRD9w/6371FREoT6cUtpaNEoawUGeYwfPT+9gmkOdMX&5jr=UlSt http://www.sligogolfacademy.com/qjnt/ - rule_id: 791 http://www.gritchiecharcoal.com/qjnt/ - rule_id: 789 http://www.eoapdj.com/qjnt/ - rule_id: 963 http://www.graniteinaminute.com/qjnt/?GVoxs=Kc40ChrvGMsz5sDUgJdI1Tm80ndRwqOobrZe5CnH/KVtq0OHhWuXcnL+C6x+hGBLT8rXGqGg&5jr=UlSt - rule_id: 875 http://www.warriornotesgolbalprayer.com/qjnt/ - rule_id: 787 http://www.sembachtigers.info/qjnt/?GVoxs=+Yp94tLL6Z+72WMpgDjwP3Oyxs1A784iv/kiT+2T4sgwKfW7AAGEyVE3ppqLFrE+wMT4F9ry&5jr=UlSt http://www.sembachtigers.info/qjnt/ http://www.gailrichardson.com/qjnt/ - rule_id: 797 http://www.sligogolfacademy.com/qjnt/?GVoxs=jW8pZHGrNu+IDaEzBY5u1VpwwzeNUmqGp5ujPvgX8FP3RhC0Cv3sVN1JA0V0HBZXOpjzOmY1&5jr=UlSt - rule_id: 791 http://www.californiaredstate.com/qjnt/?GVoxs=zQPqhV0zjwqOH7+4I463/IP/2KgA+kN0HIdOkui6XhPhedEq6pmyyx37MiuAH/2FJlIb70cd&5jr=UlSt - rule_id: 796 http://www.investiose.info/qjnt/ - rule_id: 876
|
25
www.graniteinaminute.com(182.50.132.242) www.4608capaydrive.com(3.233.171.147) www.crochenista.com(162.241.216.98) www.startrekepisode.com(34.102.136.180) www.gritchiecharcoal.com(94.136.40.51) www.eoapdj.com(45.39.88.198) www.bhcsva.com() - mailcious www.potviper.com(50.118.250.118) www.halostreams.net() - mailcious www.sligogolfacademy.com(104.232.64.103) www.investiose.info(34.102.136.180) www.californiaredstate.com(34.102.136.180) www.sembachtigers.info(172.217.175.243) www.gailrichardson.com(52.58.78.16) www.warriornotesgolbalprayer.com(34.102.136.180) 3.233.171.147 162.241.216.98 - mailcious 45.39.88.198 - mailcious 94.136.40.51 - mailcious 52.58.78.16 - mailcious 34.102.136.180 - mailcious 104.232.64.103 - mailcious 198.71.232.3 - mailcious 216.58.220.211 50.118.250.118
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
20
http://www.gritchiecharcoal.com/qjnt/ http://www.gailrichardson.com/qjnt/ http://www.startrekepisode.com/qjnt/ http://www.californiaredstate.com/qjnt/ http://www.warriornotesgolbalprayer.com/qjnt/ http://www.eoapdj.com/qjnt/ http://www.graniteinaminute.com/qjnt/ http://www.startrekepisode.com/qjnt/ http://www.crochenista.com/qjnt/ http://www.crochenista.com/qjnt/ http://www.investiose.info/qjnt/ http://www.sligogolfacademy.com/qjnt/ http://www.gritchiecharcoal.com/qjnt/ http://www.eoapdj.com/qjnt/ http://www.graniteinaminute.com/qjnt/ http://www.warriornotesgolbalprayer.com/qjnt/ http://www.gailrichardson.com/qjnt/ http://www.sligogolfacademy.com/qjnt/ http://www.californiaredstate.com/qjnt/ http://www.investiose.info/qjnt/
|
9.0 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7311 |
2021-04-16 14:59
|
vbc.exe fb861097be51a4c1f963c83f6d6053fb Generic Malware VirusTotal Malware suspicious privilege Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution |
|
|
|
|
7.2 |
M |
44 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7312 |
2021-04-16 18:03
|
orr7-02.exe c1a7b6180d5dc3ab24df1d3a2a5532b9 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
11.6 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7313 |
2021-04-16 18:04
|
winsdk.exe 35ab7b989418f63d814895500fe6617b Process Kill FindFirstVolume CryptGenKey VirusTotal Cryptocurrency Miner Malware Cryptocurrency suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder suspicious TLD WriteConsoleW Tofsee Windows Tor ComputerName DNS |
1
|
9
pool.hashvault.pro(131.153.159.26) - mailcious ezstat.ru(88.99.66.31) - mailcious 51.75.169.249 145.239.66.236 176.10.104.240 - mailcious 88.99.66.31 - mailcious 163.172.157.213 - mailcious 54.36.227.247 131.153.76.130 - mailcious
|
8
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 633 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 647 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 199 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 174 ET TOR Known Tor Exit Node Traffic group 20 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 20 ET POLICY Cryptocurrency Miner Checkin SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7314 |
2021-04-16 18:06
|
orr7-03.exe 3e79bddc425da8d5bb1eb87f6721bfa6 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
10.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7315 |
2021-04-16 18:07
|
file.txt 1f130569a8373dfae4f387d4757769cf AsyncRAT backdoor Browser Info Stealer Malware download VirusTotal Malware IoC PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk suspicious TLD sandbox evasion VM Disk Size Check installed browsers check DiamondFox Windows Browser ComputerName Trojan DNS crashed |
6
http://vladisfoxlink.ru/support/enfr/gate.php?gpp=1 http://vladisfoxlink.ru/support/enfr/gate.php?ct=1 http://vladisfoxlink.ru/support/enfr/gate.php?1df=01A01720988C http://vladisfoxlink.ru/support/enfr/gate.php?p=1 http://vladisfoxlink.ru/support/enfr/gate.php http://vladisfoxlink.ru/support/enfr/gate.php?pl=1
|
4
vladisfoxlink.ru(45.85.90.7) - mailcious 45.85.90.7 88.99.66.31 - mailcious 131.153.76.130 - mailcious
|
5
ET MALWARE Generic gate[.].php GET with minimal headers ET HUNTING Suspicious GET To gate.php with no Referer ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE Trojan Generic - POST To gate.php with no accept headers ET MALWARE DiamondFox HTTP Post CnC Checkin M3
|
|
15.4 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7316 |
2021-04-16 18:08
|
TinyTake_v_5_2_19.exe 6f6ef1b4659a3e4724c20f551541161b VMProtect VirusTotal Malware Checks debugger ICMP traffic unpack itself DNS |
|
2
|
|
|
5.6 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7317 |
2021-04-16 18:08
|
xxxx9-02.exe 4071c5e2f3e94a1276801d76c124b186 AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key crashed |
|
|
|
|
5.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7318 |
2021-04-16 18:10
|
winlog.exe e4c965e4ab3053c66ac8873a17935202 Glupteba VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
2.8 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7319 |
2021-04-16 18:12
|
wealthsecx.exe 412968efeaa2cb9312bd12f20b0938e7 AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
|
|
|
13.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7320 |
2021-04-16 18:51
|
46911997163.exe 66e25d4c12fb491e0a5c5b8dcd9fa85aVulnerability VirusTotal Malware MachineGuid Check memory Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check human activity check |
|
|
|
|
4.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|