7366 |
2023-10-31 17:32
|
mtxJalD.exe fba616f5dc56b1cd9c463c0b9da86578 Hide_EXE PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows |
|
|
|
|
2.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7367 |
2023-10-31 09:53
|
ReklamX.ps1 15f778e9091034d027697f084a993745 Generic Malware Antivirus VirusTotal Malware Check memory unpack itself Windows Cryptographic key |
|
|
|
|
1.2 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7368 |
2023-10-31 09:52
|
hash.ps1 e2de940fab2b14c512499006bbe5cd0a Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7369 |
2023-10-31 09:42
|
eyqhjsvbrw.txt.ps1 2fb5f07b2c106f877b8b476e6784bd45 Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key |
1
http://185.81.157.248:222/mc.jpg
|
|
|
|
1.2 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7370 |
2023-10-31 09:42
|
Dash.ps1 528a5f5edfe25fd728b5ce082b107dca Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7371 |
2023-10-31 09:40
|
n.txt.ps1 234efa19ef4c4c09d112a8e3e77849ad Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
1
http://185.81.157.24:222/n.jpg
|
|
|
|
1.4 |
M |
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7372 |
2023-10-31 09:39
|
bRbg.exe 2f730ad313cf99a13514a37ff64aab61 Malicious Packer Downloader PE File PE32 VirusTotal Malware Windows DNS DDNS keylogger |
|
3
salwanazeeze.duckdns.org(172.111.167.99) - mailcious salwanazeeze.ddns.net() 172.111.167.99 - mailcious
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
5.0 |
|
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7373 |
2023-10-31 09:39
|
bRbb.exe 5b876bd9a2608e8de84f55b15079837b Malicious Packer Downloader PE File PE32 VirusTotal Malware Windows DNS DDNS keylogger |
|
3
salwanazeeze.duckdns.org(172.111.167.99) - mailcious salwanazeeze.ddns.net() 172.111.167.99 - mailcious
|
3
ET POLICY DNS Query to DynDNS Domain *.ddns .net ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
5.0 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7374 |
2023-10-31 09:31
|
hash.ps1 e2de940fab2b14c512499006bbe5cd0a Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7375 |
2023-10-31 09:24
|
DOC757869856647.js fdfd15e9fad07371318a7a30e8d9646e Gen1 Browser Login Data Stealer Generic Malware UPX Malicious Library Admin Tool (Sysinternals etc ...) ASPack Malicious Packer Anti_VM PE File DLL PE32 OS Processor Check ZIP Format DllRegisterServer dll ftp VirusTotal Malware AutoRuns Check memory buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder human activity check Windows Java ComputerName DNS DDNS crashed |
1
http://wshsoft.company/jv/jrex.zip
|
10
repo1.maven.org(199.232.196.209) github.com(20.200.245.247) - mailcious wshsoft.company(185.232.14.169) - malware 50kteam.dynamic-dns.net(185.222.58.83) objects.githubusercontent.com(185.199.109.133) - malware 185.222.58.83 151.101.40.209 185.232.14.169 185.199.110.133 - malware 20.200.245.247 - malware
|
|
|
8.8 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7376 |
2023-10-31 07:55
|
more_page.hta 27201c15277b2147ec45620e60e73833 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
4.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7377 |
2023-10-31 07:48
|
jujukhanis2.1.exe 4dca2433d6524869e26cda42d6aac35a NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
4
http://www.umertazkeer.com/ju29/?0nGP-6=qL/w1+MBvm8GoMYX5IhFQmgMppJTUe9u/duKotMyUJF4p+ww3IubNw5rhrvFOtNFijYs9Y2C&JXULWR=RX0xlPZ8UPmL7V6P http://www.glocraze.com/ju29/?0nGP-6=gDkZXs7NveHu4EW0skg7wBT+4b2V8qQlIvFf+hRei/lqZM1GklKH3GG4bPd4M6MmprPp+Vw1&JXULWR=RX0xlPZ8UPmL7V6P http://www.gaming-chairs-vn-vi-2885437.fyi/ju29/?0nGP-6=jZmXybCgFR2uD0ejxMDWyZKNvc7QdVfFN8JL5WlE97s3Bg4Qi+fVSOqduvGFqlRkfw/fGckr&JXULWR=RX0xlPZ8UPmL7V6P http://www.sklm888.com/ju29/?0nGP-6=n8Crfq8u97ohQJzT+GN2bIuprmrMns3qA2cyB53CLK5Nkn3ik8XJfCdpmXkpj8M2YodcTKUz&JXULWR=RX0xlPZ8UPmL7V6P
|
8
www.sklm888.com(108.186.24.175) www.umertazkeer.com(103.224.212.216) www.gaming-chairs-vn-vi-2885437.fyi(104.17.157.1) www.glocraze.com(15.197.148.33) 15.197.148.33 103.224.212.216 104.17.157.1 108.186.24.175
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7378 |
2023-10-31 07:47
|
sorta.exe 18db9adba53b6a650a413dce3dde8677 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)
|
|
5.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7379 |
2023-10-31 07:46
|
macsilon2.1.exe acae22d54a60cda3e945eb605b2e0d79 Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
4
http://www.ssongg13026.cfd/t6tg/?hB9=Nmqux/666XlLtJ3WEKzUk3EHj+ftlkJxJixPq7eQ/k8b2WLLehoT1axEI2nKmBLwOwlBSnRz&lN68=VTRPbxUh6tHTgV - rule_id: 37346 http://www.g7bety.com/t6tg/?hB9=tJCug8916Nk3qwpVWxazfba7U2UvaJXJwG1WTz0cOvag2M7/5zn5sibdV7VYkPm4YwuRNFZo&lN68=VTRPbxUh6tHTgV http://www.lobby138.monster/t6tg/?hB9=3b8u1mK8VHbHBfK/UsLoDkPDaVA31KqbuvBNGor4kXVmAL21gM7ZM3KDEr8Jm2Spn741Hpzt&lN68=VTRPbxUh6tHTgV http://www.fem-studio.com/t6tg/?hB9=wO01AVbbXSVLf6qO03SX5K+SMOPGPZyPLFmMZ0U48re65Y/5ubB6fIycEVvycH59j+ia3nP/&lN68=VTRPbxUh6tHTgV
|
9
www.ssongg13026.cfd(101.32.68.183) - mailcious www.abstractcertify.com() - mailcious www.lobby138.monster(91.195.240.123) www.g7bety.com(172.67.171.189) www.fem-studio.com(192.0.78.211) 101.32.68.183 - mailcious 91.195.240.123 - mailcious 172.67.171.189 192.0.78.185
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
1
http://www.ssongg13026.cfd/t6tg/
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7380 |
2023-10-31 07:44
|
timeSync.exe fdb2e9bda9e3a6b19c2b7246b8b6eb57 Malicious Library UPX PE File PE32 OS Processor Check unpack itself |
|
|
|
|
0.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|