7816 |
2023-10-11 14:00
|
W8vQdbz8.exe 63c85f130b60b2c292e0eaf9794fe897 PE File PE64 ftp VirusTotal Malware unpack itself |
|
|
|
|
2.0 |
M |
56 |
malware123
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7817 |
2023-10-11 13:57
|
LogonFile.exe bff3120685dafe9e31206887df290c02 Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.6 |
|
50 |
malware123
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7818 |
2023-10-11 13:48
|
DS.exe 5dd5dcb6da07a09fa38ceb7257e6d777 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DllRegisterServer dll OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself AntiVM_Disk anti-virtualization VM Disk Size Check Remote Code Execution DNS |
|
1
|
|
|
5.6 |
|
57 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7819 |
2023-10-11 13:43
|
soft.exe 4e8f34a4c631073808c74481f456e357 Generic Malware Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.4 |
M |
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7820 |
2023-10-11 11:38
|
vpn_2.41_x86.exe e9f6a165d0e416dc8b7bd49465a3fa5c Emotet Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB buffers extracted unpack itself sandbox evasion Browser ComputerName DNS |
|
1
|
|
|
4.6 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7821 |
2023-10-11 11:38
|
Run.exe 1f5ce1bd1c533fcc0066c163f6c20cb6 UPX PE File PE64 OS Processor Check VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key |
1
https://files.catbox.moe/kxoths.pdf
|
2
files.catbox.moe(108.181.20.35) - malware 108.181.20.35 - mailcious
|
2
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.4 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7822 |
2023-10-11 11:34
|
pew.EXE 6b34210f067d66503d97a9fe6925a4cf Gen1 Emotet Generic Malware Malicious Library UPX Antivirus PE File PE64 CAB VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities WriteConsoleW Windows ComputerName Remote Code Execution Cryptographic key |
|
|
|
|
5.8 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7823 |
2023-10-11 11:33
|
jinglebello.vbs 27bdf0b81793b0047531dcd59ca2f72f Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://95.214.27.121/oshandokij.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 23.67.53.18
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7824 |
2023-10-11 11:32
|
Informazioni.url 71f0e30a7451930cd63fe6b7438489b8 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://62.173.146.73/scarica/archivio.exe
|
1
62.173.146.73 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
5.8 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7825 |
2023-10-11 11:31
|
Documenti.url 605a545fcf4bdb9f72cccce6f96c3b00 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
http://62.173.146.72/scarica/impresa.exe
|
1
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7826 |
2023-10-11 11:30
|
disruptive.lnk 70964a6ad358b8e1ed36b1d6ebd3a03b PDF unpack itself Windows utilities Windows |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7827 |
2023-10-11 11:29
|
Azienda.url 7d41622bb8e2d0cc1e148b9d536c792b AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection RWX flags setting unpack itself Windows utilities Tofsee Windows DNS |
1
http://62.173.145.25/scarica/unito.exe
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7828 |
2023-10-11 11:27
|
ReklamX.ps1 89e77fe3f7bc59200ede7741097bd7e4 Generic Malware Antivirus VirusTotal Malware Check memory unpack itself Windows Cryptographic key |
|
|
|
|
1.2 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7829 |
2023-10-11 11:27
|
Report6.msi 08b7acfc53290cda3cc74fcef70f6e65 DarkGate Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces AntiVM_Disk VM Disk Size Check Windows ComputerName |
5
http://prestige-castom.com:2351/hnbidn - rule_id: 37159 http://prestige-castom.com:2351/dflqow - rule_id: 37159 http://prestige-castom.com:2351/ - rule_id: 37159 http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt
|
5
www.ssl.com(54.174.96.153) vintagecarsforlife.com(162.33.179.65) prestige-castom.com(162.33.179.65) - mailcious 162.33.179.65 - mailcious 54.236.82.84
|
3
ET POLICY curl User-Agent Outbound ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
3
http://prestige-castom.com:2351/ http://prestige-castom.com:2351/ http://prestige-castom.com:2351/
|
5.2 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7830 |
2023-10-11 11:18
|
ebd.zip 6e1bfdcf1577db9886dd1440808ed4f2 DarkGate ZIP Format Windows |
4
http://secure.globalsign.com/cacert/codesigningrootr45.crt http://prestige-castom.com:2351/ - rule_id: 37159 http://prestige-castom.com:2351/msirzgnzamg - rule_id: 37159 http://prestige-castom.com:2351/gqcsfd - rule_id: 37159
|
5
secure.globalsign.com(104.18.21.226) vintagecarsforlife.com(162.33.179.65) prestige-castom.com(162.33.179.65) - mailcious 162.33.179.65 - mailcious 104.18.20.226
|
3
ET POLICY curl User-Agent Outbound ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP
|
3
http://prestige-castom.com:2351/ http://prestige-castom.com:2351/ http://prestige-castom.com:2351/
|
1.4 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|