7531 |
2023-10-23 13:15
|
nigazxbb.vbs 4f67a35c1cef3eea2e6734e08beed57f Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://wallpapercave.com/uwp/uwp4082989.png
http://193.42.33.51/nigaxb.txt
|
2
wallpapercave.com(104.22.52.71) - malware 104.22.52.71
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.8 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7532 |
2023-10-23 13:14
|
kwen.vbs 6919d3ccefbb9391a2f2a4deb3e52e70 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://wallpapercave.com/uwp/uwp4082989.png
http://193.42.33.51/kngeeog.txt
|
2
wallpapercave.com(172.67.29.26) - malware 104.22.53.71
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.8 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7533 |
2023-10-23 12:18
|
adyfriday.vbs 288d724f6234e9a79e54451391e158fe Generic Malware Antivirus PWS KeyLogger AntiDebug AntiVM PowerShell Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee EXPLOIT_KIT Windows Exploit Browser Email ComputerName DNS Cryptographic key crashed |
2
http://94.156.253.236/fridayyyyyy.txt
https://imageupload.io/ib/ws8MAJ6eptiLfGu_1697738492.jpg
|
3
imageupload.io(172.67.222.26) - malware 172.67.222.26 - malware
94.156.253.236 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1
|
|
16.0 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7534 |
2023-10-23 12:18
|
droidwednesdayyyFile.vbs c6cc9287c08464bfe297be623543d72d Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://wallpapercave.com/uwp/uwp4082989.png
http://185.254.37.174/apamaaktivozdroidbase644.txt
|
2
wallpapercave.com(104.22.53.71) - malware 104.22.53.71
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7535 |
2023-10-23 12:18
|
abyx.vbs a4b27b7143e37f8c1c3d038e22fab7e5 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://wallpapercave.com/uwp/uwp4082989.png
http://193.42.33.51/aby.txt
|
2
wallpapercave.com(172.67.29.26) - malware 172.67.29.26 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.8 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7536 |
2023-10-23 09:43
|
audiodgse.exe df247bbfaf91dbe0da4d79a04cfb5ca3 Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
4
http://www.jizihao1.com/sy22/?GVW8=3PKlaCPIzU4vEpSTCliM62U/p7q8/wgFKC2xum1ddk3IfpDEo7oK1Mr0Jaw/Go0sFzx2J7Yb&uzuD=Zld0rPDHNj - rule_id: 36544 http://www.displayfridges.fun/sy22/?GVW8=aXg/rmbVwlFwwtnhCbViqZ1yX+MILNYt2xJKgyzLKbDp+5cOMXOnKyz8SWn7ESolc4/lQPeb&uzuD=Zld0rPDHNj - rule_id: 37104 http://www.podplugca.com/sy22/?GVW8=1SbEEVOB0X5p51zw8Y9tIyj0s4wRGWDD/YTF5BQf3aGuyUlv8rzVEk4tRHrNdM/Dikld30uR&uzuD=Zld0rPDHNj - rule_id: 36546 http://www.qixservice.online/sy22/?GVW8=VBKd4i1TBAeTlYBnm9tWLCP4ww2vn+XVFOQPMnsW4AFxqlBX+KApyR5y0aXQ0sSyxSIvT0ne&uzuD=Zld0rPDHNj - rule_id: 35938
|
8
www.podplugca.com(198.49.23.144) - mailcious www.qixservice.online(81.88.57.70) - mailcious www.jizihao1.com(39.101.169.136) - mailcious www.displayfridges.fun(64.225.91.73) - mailcious 81.88.57.70 - mailcious 39.101.169.136 - mailcious 198.185.159.144 - mailcious 64.225.91.73 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
4
http://www.jizihao1.com/sy22/ http://www.displayfridges.fun/sy22/ http://www.podplugca.com/sy22/ http://www.qixservice.online/sy22/
|
4.2 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7537 |
2023-10-23 09:42
|
fra.exe ba3cc252387fd4f90201c371bd3e0190 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key crashed |
|
1
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)
|
|
5.8 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7538 |
2023-10-23 09:36
|
chungzx.exe 1471855e22fc3165fffc6e371bc01feb Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Downloader Google Chrome User Data .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Interne VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities WriteConsoleW Windows |
|
|
|
|
10.8 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7539 |
2023-10-23 09:33
|
ca.exe 3963c955a34f058077d9010e4950c9b7 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key crashed |
|
1
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)
|
|
5.6 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7540 |
2023-10-23 09:31
|
HTMLcachies.dOC e8277a6ee73ffeb63f76e8343e1ac5e4 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://185.254.37.174/droidwednesdayyyFile.vbs
|
3
wallpapercave.com(104.22.52.71) - malware 185.254.37.174 - mailcious 104.22.52.71
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host VBS Request
|
|
4.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7541 |
2023-10-23 09:31
|
Aviso%20de%20Pago_Banco%20BCP_... 6f9a2815395092a00026fb6ef6ea6ba5 .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.2 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7542 |
2023-10-23 09:29
|
Veeam.Backup.Service.exe 03aa72059e81beaaf61c76488cbebd4c Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware Check memory crashed |
|
|
|
|
0.8 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7543 |
2023-10-23 09:28
|
msedge.exe 8deea0c4169b1d9d343201b39e8e1478 PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.8 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7544 |
2023-10-21 18:34
|
Tr4nsf3r.pcapng 910a772ad5925b5951830b85bbd96563 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
3.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7545 |
2023-10-20 18:43
|
7725eaa6592c80f8124e769b4e8a07... 55dcac727da37d5a80e10443624af68e Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
1.6 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|