736 |
2024-08-22 18:08
|
2.exe 7cb00da13fecc6e830750d67c836766d Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check |
|
|
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
737 |
2024-08-22 17:02
|
Setup-240821.exe a935bb3143363c1e83dbb323f42b66f0 Emotet Gen1 Generic Malware Malicious Library Malicious Packer ASPack UPX Anti_VM PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware Check memory Remote Code Execution |
|
|
|
|
2.0 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
738 |
2024-08-22 16:52
|
Setup-240821.exe a935bb3143363c1e83dbb323f42b66f0 Emotet Gen1 Generic Malware Malicious Library Malicious Packer ASPack UPX Anti_VM PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware Remote Code Execution crashed |
|
|
|
|
2.0 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
739 |
2024-08-22 16:48
|
API481f.zip 7eef93fde222e77a58d38870e177cda1 ZIP Format Remcos VirusTotal Malware Malicious Traffic DNS |
1
http://geoplugin.net/json.gp
|
5
geoplugin.net(178.237.33.50) p13n.adobe.io(23.22.254.206) 52.5.13.197 178.237.33.50 195.26.87.40
|
1
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
1.8 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
740 |
2024-08-22 16:43
|
integration.pdf.lnk ffde299028d48cb2258d274f44d56766 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://2.58.56.124/API481f.zip
|
|
|
|
6.8 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
741 |
2024-08-22 16:36
|
vbs.jpg.exe d783b01173fc303ec28a741b88fe1a3d Malicious Library Malicious Packer UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.4 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
742 |
2024-08-22 16:36
|
sihost.exe cf7c1cb71ad11a8c4ab07ffc3afa2f67 Suspicious_Script_Bin UPX PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Windows ComputerName DNS Cryptographic key DDNS keylogger |
1
http://checkip.dyndns.org/
|
2
checkip.dyndns.org(193.122.130.0) 132.226.8.169
|
3
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check
|
|
5.4 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
743 |
2024-08-22 16:09
|
yummysweetbutterbunlipsonher.t... 5dfe754cec96b83b86cd4cbc339bc30e Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
744 |
2024-08-22 16:08
|
yummybutterbuneatingsweetnessg... c994f36be9228faccc886825b56e5a64 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
745 |
2024-08-22 16:08
|
weknowsmoothbuttersmoothbun.tI... 313f41a7e8c49e0d8a800be8f5363d3a Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
746 |
2024-08-22 16:07
|
mugcackecholocatebutterburnmix... f5f4974a1897bc2d46696e9cfb83ac43 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
747 |
2024-08-22 15:55
|
inetcloud.hta 80c3a4c5c220adce769d0e8c2dff063d Generic Malware Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed |
1
http://192.3.193.155/M1908T/csrss.exe
|
1
192.3.193.155 - mailcious
|
4
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious csrss.exe in URI
|
|
12.0 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
748 |
2024-08-22 15:54
|
file.cmd 2d52690f8f97f525409e6e2ffb0b8199 Generic Malware Downloader Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI heapspray RWX flags setting exploit crash unpack itself Windows utilities malicious URLs WriteConsoleW installed browsers check Tofsee Ransomware Windows Exploit Firefox Browser ComputerName crashed |
|
2
crash-reports.mozilla.com(34.49.45.138) 34.49.45.138
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.8 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
749 |
2024-08-22 15:54
|
icreamnet.hta 126e60b91cfe9668d55982489a68d58a Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows Exploit ComputerName DNS Cryptographic key crashed |
1
http://45.66.231.209/350/sihost.exe
|
1
45.66.231.209 - mailcious
|
3
ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
12.2 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
750 |
2024-08-22 15:53
|
coupecakebutterbuncakecreamyyu... 471dd33f5e7c5a9dffd327bf5ab4a52e Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|