| 7366 |
2023-10-31 17:32
|
 mtxJalD.exe fba616f5dc56b1cd9c463c0b9da86578
Hide_EXE PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself Windows |
|
|
|
|
2.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7367 |
2023-10-31 09:53
|
 ReklamX.ps1 15f778e9091034d027697f084a993745
Generic Malware Antivirus VirusTotal Malware Check memory unpack itself Windows Cryptographic key |
|
|
|
|
1.2 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7368 |
2023-10-31 09:52
|
hash.ps1 e2de940fab2b14c512499006bbe5cd0a
Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7369 |
2023-10-31 09:42
|
 eyqhjsvbrw.txt.ps1 2fb5f07b2c106f877b8b476e6784bd45
Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key |
1
http://185.81.157.248:222/mc.jpg
|
|
|
|
1.2 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7370 |
2023-10-31 09:42
|
Dash.ps1 528a5f5edfe25fd728b5ce082b107dca
Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7371 |
2023-10-31 09:40
|
 n.txt.ps1 234efa19ef4c4c09d112a8e3e77849ad
Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
1
http://185.81.157.24:222/n.jpg
|
|
|
|
1.4 |
M |
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7372 |
2023-10-31 09:39
|
 bRbg.exe 2f730ad313cf99a13514a37ff64aab61
Malicious Packer Downloader PE File PE32 VirusTotal Malware Windows DNS DDNS keylogger |
|
3
salwanazeeze.duckdns.org(172.111.167.99) - mailcious
salwanazeeze.ddns.net()
172.111.167.99 - mailcious
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
5.0 |
|
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7373 |
2023-10-31 09:39
|
 bRbb.exe 5b876bd9a2608e8de84f55b15079837b
Malicious Packer Downloader PE File PE32 VirusTotal Malware Windows DNS DDNS keylogger |
|
3
salwanazeeze.duckdns.org(172.111.167.99) - mailcious
salwanazeeze.ddns.net()
172.111.167.99 - mailcious
|
3
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
5.0 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7374 |
2023-10-31 09:31
|
hash.ps1 e2de940fab2b14c512499006bbe5cd0a
Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7375 |
2023-10-31 09:24
|
 DOC757869856647.js fdfd15e9fad07371318a7a30e8d9646e
Gen1 Browser Login Data Stealer Generic Malware UPX Malicious Library Admin Tool (Sysinternals etc ...) ASPack Malicious Packer Anti_VM PE File DLL PE32 OS Processor Check ZIP Format DllRegisterServer dll ftp VirusTotal Malware AutoRuns Check memory buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder human activity check Windows Java ComputerName DNS DDNS crashed |
1
http://wshsoft.company/jv/jrex.zip
|
10
repo1.maven.org(199.232.196.209)
github.com(20.200.245.247) - mailcious
wshsoft.company(185.232.14.169) - malware
50kteam.dynamic-dns.net(185.222.58.83)
objects.githubusercontent.com(185.199.109.133) - malware
185.222.58.83
151.101.40.209
185.232.14.169
185.199.110.133 - malware
20.200.245.247 - malware
|
|
|
8.8 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7376 |
2023-10-31 07:55
|
 more_page.hta 27201c15277b2147ec45620e60e73833
Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
4.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7377 |
2023-10-31 07:48
|
 jujukhanis2.1.exe 4dca2433d6524869e26cda42d6aac35a
NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
4
http://www.umertazkeer.com/ju29/?0nGP-6=qL/w1+MBvm8GoMYX5IhFQmgMppJTUe9u/duKotMyUJF4p+ww3IubNw5rhrvFOtNFijYs9Y2C&JXULWR=RX0xlPZ8UPmL7V6P
http://www.glocraze.com/ju29/?0nGP-6=gDkZXs7NveHu4EW0skg7wBT+4b2V8qQlIvFf+hRei/lqZM1GklKH3GG4bPd4M6MmprPp+Vw1&JXULWR=RX0xlPZ8UPmL7V6P
http://www.gaming-chairs-vn-vi-2885437.fyi/ju29/?0nGP-6=jZmXybCgFR2uD0ejxMDWyZKNvc7QdVfFN8JL5WlE97s3Bg4Qi+fVSOqduvGFqlRkfw/fGckr&JXULWR=RX0xlPZ8UPmL7V6P
http://www.sklm888.com/ju29/?0nGP-6=n8Crfq8u97ohQJzT+GN2bIuprmrMns3qA2cyB53CLK5Nkn3ik8XJfCdpmXkpj8M2YodcTKUz&JXULWR=RX0xlPZ8UPmL7V6P
|
8
www.sklm888.com(108.186.24.175)
www.umertazkeer.com(103.224.212.216)
www.gaming-chairs-vn-vi-2885437.fyi(104.17.157.1)
www.glocraze.com(15.197.148.33)
15.197.148.33
103.224.212.216
104.17.157.1
108.186.24.175
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7378 |
2023-10-31 07:47
|
 sorta.exe 18db9adba53b6a650a413dce3dde8677
Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
|
|
5.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7379 |
2023-10-31 07:46
|
 macsilon2.1.exe acae22d54a60cda3e945eb605b2e0d79
Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
4
http://www.ssongg13026.cfd/t6tg/?hB9=Nmqux/666XlLtJ3WEKzUk3EHj+ftlkJxJixPq7eQ/k8b2WLLehoT1axEI2nKmBLwOwlBSnRz&lN68=VTRPbxUh6tHTgV - rule_id: 37346
http://www.g7bety.com/t6tg/?hB9=tJCug8916Nk3qwpVWxazfba7U2UvaJXJwG1WTz0cOvag2M7/5zn5sibdV7VYkPm4YwuRNFZo&lN68=VTRPbxUh6tHTgV
http://www.lobby138.monster/t6tg/?hB9=3b8u1mK8VHbHBfK/UsLoDkPDaVA31KqbuvBNGor4kXVmAL21gM7ZM3KDEr8Jm2Spn741Hpzt&lN68=VTRPbxUh6tHTgV
http://www.fem-studio.com/t6tg/?hB9=wO01AVbbXSVLf6qO03SX5K+SMOPGPZyPLFmMZ0U48re65Y/5ubB6fIycEVvycH59j+ia3nP/&lN68=VTRPbxUh6tHTgV
|
9
www.ssongg13026.cfd(101.32.68.183) - mailcious
www.abstractcertify.com() - mailcious
www.lobby138.monster(91.195.240.123)
www.g7bety.com(172.67.171.189)
www.fem-studio.com(192.0.78.211)
101.32.68.183 - mailcious
91.195.240.123 - mailcious
172.67.171.189
192.0.78.185
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
1
http://www.ssongg13026.cfd/t6tg/
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7380 |
2023-10-31 07:44
|
 timeSync.exe fdb2e9bda9e3a6b19c2b7246b8b6eb57
Malicious Library UPX PE File PE32 OS Processor Check unpack itself |
|
|
|
|
0.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|