| 7441 |
2023-10-27 10:07
|
 getclient.exe 8a91f3743fe18864ce449301ba6c7cfd
Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7442 |
2023-10-27 07:40
|
 timeSync.exe 555b5b941485801baec85945db27bb86
Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
1.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7443 |
2023-10-27 07:38
|
 EasySup.exe 0630254696658572f31b822013f00a6a
Malicious Library UPX Malicious Packer MPRESS PE File PE32 OS Processor Check URL Format PE64 VirusTotal Malware Malicious Traffic DNS crashed |
1
http://185.236.76.77/cmd.php?hwid=7C6024AD&reff=onebuild&cpu=Intel(R)%20Core(TM)%20i5-8400%20CPU%20@%202.80GHz%20...%20test22
|
1
|
|
|
3.4 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7444 |
2023-10-27 07:38
|
 202.exe 7102d2f457071b2c66c6c0ec3035ae7e
Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory buffers extracted unpack itself Collect installed applications sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Firmware |
1
|
3
bluepablo.fun(172.67.180.92)
172.67.180.92
104.21.18.41
|
2
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In
|
|
7.8 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7445 |
2023-10-27 03:58
|
 main.js dda272d9991575c784d93deca75a14d8crashed |
|
|
|
|
0.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7446 |
2023-10-27 00:09
|
 winrar-x64-700b1.exe ec258c62501e30c84217db59cd156e84
Emotet Gen1 Malicious Library UPX Malicious Packer Antivirus PE File PE64 OS Processor Check CHM Format DLL PE32 VirusTotal Malware PDB Check memory Creates executable files RWX flags setting unpack itself Remote Code Execution |
|
|
|
|
2.8 |
|
2 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7447 |
2023-10-26 17:40
|
 setup.exe 8a22c4b4e8b911a51322dfd78fe799c4
Themida Packer PE File PE64 VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
3.0 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7448 |
2023-10-26 17:22
|
VIBINVES.vbs 0b92e010b599dc8280e4ab32c1ed02ed
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/644/749/original/new_image.jpg?1698084523
http://193.42.33.121/investorbase64.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
23.67.53.27
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7449 |
2023-10-26 17:21
|
HTMLcachesIE.vbs b70068430fab03962b3fe2d15588c894
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/644/749/original/new_image.jpg?1698084523
http://192.3.64.154/windows/HTR.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
23.67.53.17
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7450 |
2023-10-26 17:20
|
privateexploiteveningFile.vbs 5dc2c5a74a18f3b1e8d24101e8bac3cc
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/644/749/original/new_image.jpg?1698084523
http://185.254.37.174/mohammeddroidupdatedfilebase64.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
182.162.106.32
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7451 |
2023-10-26 17:19
|
 sbinzx.exe fc8b3a3005cdc80ce19af33a57010fa8
Formbook .NET framework(MSIL) PWS AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
2
http://www.wzmatics.com/4hc5/?ETUTzJu=ZiyK7zNAvHInllj0cd7rkvUuUvXCAzs8N7im8yG2jaA0EmIYIWtmNG/kZbe9TfEQka9v17XU&DxoHW=VDKPcDdPwnEd1V
http://www.sagemarlin.com/4hc5/?ETUTzJu=tnE9MOQ00nvUG52k2PEJ6LCN/o5/DE1FN6NfjKIUkwnk1cDdV9wwqkCICz01rybBvk+yXrcK&DxoHW=VDKPcDdPwnEd1V
|
6
www.329.bio(154.211.4.240)
www.sagemarlin.com(144.172.65.58)
www.wzmatics.com(142.250.207.115)
144.172.65.58
172.217.24.115
154.211.4.240
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7452 |
2023-10-26 17:16
|
pvtHTMLbroswer.dOC 541a8be00b26a27ed851731d47a0ae31
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
2
http://185.254.37.174/privateexploiteveningFile.vbs
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
uploaddeimagens.com.br(104.21.45.138) - malware
182.162.106.32
185.254.37.174 - mailcious
104.21.45.138 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host VBS Request
|
|
4.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7453 |
2023-10-26 17:16
|
 autolog.exe 5a7848fdbc0ca7bab05257e730497197
Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
3
http://www.sarthaksrishticreation.com/sy22/?tZUT=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&9r48E=FdC4E0Y - rule_id: 35905
http://www.dryadai.com/sy22/?tZUT=T4nku/U6fUoiT4V699ActYtDMjyavvK02m+fxEC1q0+DSMs1WUMajGSqA4Kum2DGC179VQvP&9r48E=FdC4E0Y - rule_id: 36541
http://www.sunspotplumbing.com/sy22/?tZUT=d6AqkGJ7bunbgmizHHRyxSnS+cE7N+DoqWC4nPxnpUsdFYm3pr534s62tX1C6jkDEl4YnzCY&9r48E=FdC4E0Y - rule_id: 36914
|
7
www.dryadai.com(3.64.163.50) - mailcious
www.fuhouse.link()
www.sunspotplumbing.com(15.197.148.33) - mailcious
www.sarthaksrishticreation.com(119.18.49.69) - mailcious
3.64.163.50 - mailcious
3.33.130.190 - phishing
119.18.49.69 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
3
http://www.sarthaksrishticreation.com/sy22/
http://www.dryadai.com/sy22/
http://www.sunspotplumbing.com/sy22/
|
4.2 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7454 |
2023-10-26 17:16
|
 audiodgse.exe 699b84a4a3c73a574bc51f461ad209db
.NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder Browser |
16
http://www.bradslinkard.com/oqhk/?bako0dX=N4ucd4g4l1dZ2qGFTw7idyXvyaW+Ee16SQSADc8X19YTlucSrBjmFKf/w61t+cVDZF+Cv3nXd37ImMhdkLLkqGCWD7dYz7Y/PDlK8E0=&greuv=_l0UeH-j
http://www.mantap89.online/oqhk/?bako0dX=S2m6rfkUSom5w0b7Ipxh2DNk1m9IPJXz3fqcnXIby6Ndme1p43G34NGcdGAoCpYc86T+rPxS+KXiNPcERtIPtWsYq4ye6AkIsFSj9I4=&greuv=_l0UeH-j
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip
http://www.lesresort.shop/oqhk/
http://www.bradslinkard.com/oqhk/
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
http://www.lesresort.shop/oqhk/?bako0dX=ff4ZaO4z0LwhFY634jl7gcCh+ZETZf8CF+luNTd+hEDA5tqtaOX6gCfC+V0Se8kHkKwe9I+4UGuDQOYQqBkPDKNc7C4IxytBHGBC2MU=&greuv=_l0UeH-j
http://www.viteview.com/oqhk/?bako0dX=eG34oexJxfnLxzWwFjfA8qxnzIyhxwbIg0NkFT4wXzFcXqEyizbaCmhnbj96/dF1qfqKIUS0mD3JGP9hvWi/zxGK9PvSMu57UFl2s1E=&greuv=_l0UeH-j
http://www.hotelunivers84.com/oqhk/
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
http://www.mantap89.online/oqhk/
http://www.hotelunivers84.com/oqhk/?bako0dX=ny2+kNq0TTwUQoT+yWcRsV0rrofOZAprZEjYBUSORFlkl7yyw3wHAwikv9M/XIb7Vb9CydmgU81jxMUJpZZfGxmCA4effnpQvUqRpws=&greuv=_l0UeH-j
http://www.dulcestipicos.madrid/oqhk/
http://www.viteview.com/oqhk/
http://www.dulcestipicos.madrid/oqhk/?bako0dX=/ThYvMNrvRucvt4J1E9RqsGocIgAqtVW1h5dNoGQzRAGxYBOFkp+4ID6/OO1Kr6OXXhhFgVnaqvWabqpbYkKzr+Ho2WxC82XWJdkzHw=&greuv=_l0UeH-j
|
14
www.hotelunivers84.com(38.60.119.195)
www.viteview.com(91.195.240.19)
www.mantap89.online(104.21.68.166)
www.yektakhodro.com(94.130.16.79)
www.dulcestipicos.madrid(217.76.128.47)
www.lesresort.shop(195.24.68.17)
www.bradslinkard.com(192.64.119.8)
91.195.240.19 - mailcious
217.76.128.47 - mailcious
192.64.119.8
38.60.119.195
195.24.68.17
45.33.6.223
172.67.196.229 - phishing
|
1
ET INFO Namecheap URL Forward
|
|
11.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7455 |
2023-10-26 17:14
|
 updates_installer.exe 898cb4fca84ad5e7009d15b2ec04f3a6
UPX Malicious Library Http API ScreenShot Internet API AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Tofsee Ransomware Lumma Stealer Windows Browser ComputerName Firmware Cryptographic key |
1
|
4
newsproks.fun(172.67.203.23)
whitecatcorn.com(8.29.155.210)
172.67.203.23
8.29.155.210
|
4
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In
|
|
15.8 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|