| 7351 |
2023-10-31 18:01
|
JDS.vbs 16c6922f713e35f485266c858eeeb038
wscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7352 |
2023-10-31 17:59
|
 HTMLbrowserHistoryCleanerhta.d... a5e653641362ac4e0fae2c211a6fd38d
MS_RTF_Obfuscation_Objects RTF File doc RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data
|
|
1.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7353 |
2023-10-31 17:57
|
MSS.vbs 95ef971ad0bbdace8a049b8b59ddd0e8wscript.exe payload download Tofsee |
1
|
2
paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7354 |
2023-10-31 17:53
|
 skx0IG9.exe 622018aa5fdba418e8aac635cc49a57e
.NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7355 |
2023-10-31 17:51
|
HRE.vbs dd68aaf78901710759406c19281e1d6bVirusTotal Malware wscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7356 |
2023-10-31 17:49
|
 clip.exe b19c968d8ef12e145edacf8578f3440b
Themida Packer Generic Malware Malicious Library PE File PE64 VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
2.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7357 |
2023-10-31 17:47
|
 lowkeeeeeFile.hta 393385547048586dc9eac0ba496b5c6a
Generic Malware Antivirus AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
2
https://imageupload.io/ib/ekWgHWjP3arvUq7_1698166097.jpg
http://185.254.37.174/droidlokiiiiiiiiiiiibase64.txt
|
3
imageupload.io(104.21.83.102) - malware
185.196.8.176 - malware
104.21.83.102 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.6 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7358 |
2023-10-31 17:47
|
 pablozx.exe d1a01eb4380c0b5afecf2a8e2dc8902f
Formbook AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities AppData folder Windows |
2
http://www.alkemymedia.com/o6g2/?T6hH=TcJYskQeIEqvLoDqB2cxRl9kId57yTXFVFAzbVPo9SRnnSNvkE6PeNWURLP+oM0+OEqqsFHA&wPT=mf5T
http://www.maurice-paetzold.com/o6g2/?T6hH=MnMOobRyqH3XeIZSi0NOa/chdJyQ39ZlT6TVPdZ+J13HVMjUNzv4ngmdbhRoHvqCPt2c+K/j&wPT=mf5T
|
5
www.alkemymedia.com(3.33.152.147)
www.maurice-paetzold.com(81.169.145.151)
www.joannamulderlcpc.online()
81.169.145.151 - mailcious
3.33.152.147 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
11.2 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7359 |
2023-10-31 17:46
|
 XLARFQ77802578790.pdf.hta 9f5447784eb960df0833273eded3324c
Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
2
https://imageupload.io/ib/ekWgHWjP3arvUq7_1698166097.jpg
http://185.254.37.174/cuzinebase64bxjhgvhsj.txt
|
2
imageupload.io(104.21.83.102) - malware
104.21.83.102 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
11.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7360 |
2023-10-31 17:45
|
 abd.exe b6d627dcf04d04889b1f01a14ec12405
Amadey Browser Login Data Stealer Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL PE64 JPEG Format Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Windows Browser ComputerName DNS Software |
4
http://185.196.8.176/7jshasdS/Plugins/clip64.dll - rule_id: 37685
http://185.196.8.176/7jshasdS/Plugins/cred64.dll - rule_id: 37684
http://185.196.8.176/7jshasdS/index.php?scr=1 - rule_id: 37683
http://185.196.8.176/7jshasdS/index.php - rule_id: 37683
|
1
|
4
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET MALWARE Amadey Bot Activity (POST) M1
|
4
http://185.196.8.176/7jshasdS/Plugins/clip64.dll
http://185.196.8.176/7jshasdS/Plugins/cred64.dll
http://185.196.8.176/7jshasdS/index.php
http://185.196.8.176/7jshasdS/index.php
|
12.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7361 |
2023-10-31 17:44
|
 mtxJalD.exe fba616f5dc56b1cd9c463c0b9da86578
Hide_EXE PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows |
|
|
|
|
2.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7362 |
2023-10-31 17:43
|
 ekWgHWjP3arvUq7_1698166097.jpg... 84e9da19e54082f0f5d6215d4f846c7a
Malicious Library UPX .NET DLL PE File DLL PE32 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.4 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7363 |
2023-10-31 17:34
|
 XLARFQ77802578790.pdf.hta 9f5447784eb960df0833273eded3324c
Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
|
2
imageupload.io(172.67.222.26) - malware
104.21.83.102 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
11.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7364 |
2023-10-31 17:34
|
 HTMLbrowserHistoryCleanerhta.d... a5e653641362ac4e0fae2c211a6fd38d
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data
|
|
2.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7365 |
2023-10-31 17:32
|
 skx0IG9.exe 622018aa5fdba418e8aac635cc49a57e
.NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|