7696 |
2023-10-16 12:50
|
investorlokibase64.txt.exe 548a3fa91d4c14218f61e38fdffaebe7 Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://investor.entracollc.top/_errorpages/investor/five/fre.php
|
2
investor.entracollc.top(172.67.209.96) 104.21.53.59
|
9
ET DNS Query to a *.top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET INFO HTTP Request to a *.top domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
|
6.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7697 |
2023-10-16 12:50
|
invkmc.jpg.vbs.exe 7d2913e9f825bd506141c69d609e50dd PE File DLL PE32 DNS |
|
1
131.153.76.130 - mailcious
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7698 |
2023-10-16 12:50
|
invkmc.jpg2.vbs.exe 4e6f8a41871bf79323253b90b9c938ff PE File PE32 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7699 |
2023-10-16 12:50
|
My2.exe df280925e135481b26e921dd1221e359 PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner |
|
4
pool.hashvault.pro(125.253.92.50) - mailcious 172.67.139.220 45.9.74.80 - malware 131.153.76.130 - mailcious
|
1
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
|
|
2.2 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7700 |
2023-10-16 12:44
|
toolspub2.exe c054b59d8acd94091def95ac0eb1b21d Malicious Library Malicious Packer AntiDebug AntiVM PE File PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself |
|
|
|
|
7.0 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7701 |
2023-10-16 12:38
|
x9.x9.x9.x0.x0.x0.doc 4263e519252b6b43dd6901b64f05133d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash Exploit DNS crashed |
1
http://107.175.3.22/9w9/sihost.exe
|
1
|
1
ET INFO Executable Download from dotted-quad Host
|
|
3.8 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7702 |
2023-10-16 12:04
|
looksoprettyundertheroof.vbs c6754754996c3347b6cafe44af0e7cdc Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://185.225.74.170/realonerealone.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 61.111.58.34 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7703 |
2023-10-16 12:04
|
kenspa.vbs a32b1ecc7fc8c489e23976d324d5c4aa Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://79.110.48.52/kenspa.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 121.254.136.74
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7704 |
2023-10-16 12:04
|
kenjkt.vbs 5029c7922f007aee3bba22e60cab46c6 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://79.110.48.52/kenjkt.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 121.254.136.18
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7705 |
2023-10-16 11:52
|
invlokiwedFile.vbs 2f91256fa60710cda18cc702684f78ab Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://193.42.33.63/investorlokibase64.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 121.254.136.74
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7706 |
2023-10-16 11:51
|
invkmc.jpg.vbs 7b47208b9424d4beff846d5942f6e384 Hide_EXE Antivirus VirusTotal Malware unpack itself crashed |
|
|
|
|
1.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7707 |
2023-10-16 11:51
|
investorlokiiiiiiFile.vbs dd13d2f6e0075f0b9bfa13f4493e6db2 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://193.42.33.63/investorlokibase64.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 121.254.136.9
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7708 |
2023-10-16 11:23
|
droiddfffffffffffffFile.vbs 81526bd6e81d8efbe8a8a364c2b30b1a Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://193.42.33.63/apamaaktivozebas364.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 61.111.58.35 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7709 |
2023-10-16 11:22
|
bulaeko.vbs 3e1ff6eefd4496936edf51fb46144380 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://79.110.48.52/bulak.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 61.111.58.35 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7710 |
2023-10-16 11:22
|
anykmc.txt.vbs 02de2b9fc44bc82bf8e627cca8058f0f Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://raw.githubusercontent.com/drax2020/drax/main/invkmc.jpg
|
2
raw.githubusercontent.com(185.199.108.133) - malware 185.199.110.133 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.0 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|