| 7696 |
2023-10-16 12:50
|
 investorlokibase64.txt.exe 548a3fa91d4c14218f61e38fdffaebe7
Malicious Packer PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://investor.entracollc.top/_errorpages/investor/five/fre.php
|
2
investor.entracollc.top(172.67.209.96)
104.21.53.59
|
9
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET INFO HTTP Request to a *.top domain
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
6.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7697 |
2023-10-16 12:50
|
 invkmc.jpg.vbs.exe 7d2913e9f825bd506141c69d609e50dd
PE File DLL PE32 DNS |
|
1
131.153.76.130 - mailcious
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7698 |
2023-10-16 12:50
|
 invkmc.jpg2.vbs.exe 4e6f8a41871bf79323253b90b9c938ff
PE File PE32 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7699 |
2023-10-16 12:50
|
 My2.exe df280925e135481b26e921dd1221e359
PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner |
|
4
pool.hashvault.pro(125.253.92.50) - mailcious
172.67.139.220
45.9.74.80 - malware
131.153.76.130 - mailcious
|
1
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
|
|
2.2 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7700 |
2023-10-16 12:44
|
 toolspub2.exe c054b59d8acd94091def95ac0eb1b21d
Malicious Library Malicious Packer AntiDebug AntiVM PE File PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself |
|
|
|
|
7.0 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7701 |
2023-10-16 12:38
|
 x9.x9.x9.x0.x0.x0.doc 4263e519252b6b43dd6901b64f05133d
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash Exploit DNS crashed |
1
http://107.175.3.22/9w9/sihost.exe
|
1
|
1
ET INFO Executable Download from dotted-quad Host
|
|
3.8 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7702 |
2023-10-16 12:04
|
looksoprettyundertheroof.vbs c6754754996c3347b6cafe44af0e7cdc
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://185.225.74.170/realonerealone.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
61.111.58.34 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7703 |
2023-10-16 12:04
|
kenspa.vbs a32b1ecc7fc8c489e23976d324d5c4aa
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://79.110.48.52/kenspa.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.74
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7704 |
2023-10-16 12:04
|
kenjkt.vbs 5029c7922f007aee3bba22e60cab46c6
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://79.110.48.52/kenjkt.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.18
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7705 |
2023-10-16 11:52
|
invlokiwedFile.vbs 2f91256fa60710cda18cc702684f78ab
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://193.42.33.63/investorlokibase64.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.74
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7706 |
2023-10-16 11:51
|
 invkmc.jpg.vbs 7b47208b9424d4beff846d5942f6e384
Hide_EXE Antivirus VirusTotal Malware unpack itself crashed |
|
|
|
|
1.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7707 |
2023-10-16 11:51
|
investorlokiiiiiiFile.vbs dd13d2f6e0075f0b9bfa13f4493e6db2
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://193.42.33.63/investorlokibase64.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.9
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7708 |
2023-10-16 11:23
|
droiddfffffffffffffFile.vbs 81526bd6e81d8efbe8a8a364c2b30b1a
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://193.42.33.63/apamaaktivozebas364.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
61.111.58.35 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7709 |
2023-10-16 11:22
|
bulaeko.vbs 3e1ff6eefd4496936edf51fb46144380
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://79.110.48.52/bulak.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
61.111.58.35 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7710 |
2023-10-16 11:22
|
 anykmc.txt.vbs 02de2b9fc44bc82bf8e627cca8058f0f
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://raw.githubusercontent.com/drax2020/drax/main/invkmc.jpg
|
2
raw.githubusercontent.com(185.199.108.133) - malware
185.199.110.133 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.0 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|