| 7846 |
2023-12-07 17:10
|
 dll.jpg.exe c0b7ffa3b6b89673fab5638e395cd4f5
Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB |
|
|
|
|
0.6 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7847 |
2023-12-07 17:10
|
 dll.jpg.exe c0b7ffa3b6b89673fab5638e395cd4f5
Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB |
|
|
|
|
0.6 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7848 |
2023-12-07 16:41
|
 1701610814-Dvnzfr.exe 6e1e844cd8cb843eacc4840a825f7cba
PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself |
|
|
|
|
2.8 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7849 |
2023-12-07 16:40
|
 line.exe fcfc4a3e70883dc993ee49241e40c393
Emotet Gen1 SmokeLoader Generic Malware Malicious Library UPX Malicious Packer PE32 PE File CAB OS Processor Check Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB MachineGuid Check memory Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Remote Code Execution DNS Software crashed |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
5
ipinfo.io(34.117.59.81)
db-ip.com(104.26.5.15)
193.233.132.51 - mailcious
104.26.4.15
34.117.59.81
|
6
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Suspected RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Activity)
ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)
|
|
15.2 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7850 |
2023-12-07 16:39
|
 Fbibh.exe 1fbdf8bbc90d441b4e22b46b1ce09a6c
.NET framework(MSIL) PE32 PE File .NET EXE Check memory Checks debugger unpack itself Check virtual network interfaces DNS |
|
1
91.92.240.144 - mailcious
|
|
|
2.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7851 |
2023-12-07 16:35
|
envifa.vbs 18bb62e29138d9c8dd098e5be9a4c13c
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/682/796/original/dll.jpg?1701793965
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.9
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7852 |
2023-12-07 16:35
|
sostener.vbs 6b28299322157cbfd18c65db5e060c1f
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/682/796/original/dll.jpg?1701793965
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.9
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7853 |
2023-12-07 11:48
|
 libcurl.exe 10b4dbfc7d9c04e82aff9f6845eabdc7
PE32 PE File VirusTotal Malware AutoRuns Check memory RWX flags setting Windows DNS |
|
1
|
|
|
4.0 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7854 |
2023-12-07 11:47
|
 Application.exe 3ba788943ce69ebe9bbd218606fd8547
Malicious Library UPX PE32 PE File OS Processor Check .NET EXE VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Checks Bios suspicious process WriteConsoleW anti-virtualization Windows Email ComputerName DNS Cryptographic key |
3
http://91.92.247.96/async.exe
http://91.92.247.161/zhark/api.php?id=b98311500ce6100fb01cd1be7ad4b7db&us=test22&mn=TEST22-PC&os=Windows%207%20Professional%20N&bld=1.0.3B
http://91.92.247.161/zhark/api.php?id=b98311500ce6100fb01cd1be7ad4b7db&us=test22&mn=TEST22-PC&os=Windows%207%20Professional%20N&bld=1.0.3B&tsk=29
|
2
91.92.247.96
91.92.247.161
|
5
ET POLICY curl User-Agent Outbound
ET INFO Executable Download from dotted-quad Host
ET HUNTING curl User-Agent to Dotted Quad
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
12.4 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7855 |
2023-12-07 11:45
|
 build.exe 6aaf4093cc7a18c1b3635f6078993bc7
RedlineStealer RedLine Infostealer RedLine stealer .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://91.92.243.247:1334/
https://api.ip.sb/geoip
|
3
api.ip.sb(104.26.13.31)
91.92.243.247 - malware
104.26.13.31
|
5
ET MALWARE RedLine Stealer - CheckConnect Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound
ET MALWARE Redline Stealer Family Activity (Response)
SURICATA HTTP unable to match response to request
|
|
7.4 |
M |
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7856 |
2023-12-07 06:54
|
 GameCenter.exe 054c92c15c2574860d1fe07b9fad1b23
HermeticWiper Gen1 PhysicalDrive Generic Malware Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) ASPack Antivirus UPX Anti_VM PE32 PE File MZP Format OS Processor Check MachineGuid Check memory unpack itself Check virtual network interfaces AntiVM_Disk suspicious TLD VM Disk Size Check Tofsee Firmware crashed |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
3
stat.gc.vkplay.ru(95.163.41.136)
95.163.41.136
23.67.53.27
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7857 |
2023-12-06 12:57
|
 HSBC Payment Advice.xls 3a4eb467c8ee5a0661b005aa8f728c7a
VBA_macro Generic Malware MSOffice File VirusTotal Malware Malicious Traffic unpack itself DNS |
1
http://172.245.208.126/SSH/MicrosfotEdgedeletedhistorycachecookieentirethingsfromthepc.Doc
|
1
|
2
ET INFO Dotted Quad Host DOC Request
ET HUNTING Suspicious Request for Doc to IP Address with Terse Headers
|
|
2.6 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7858 |
2023-12-06 12:30
|
 you.cmd 2977c8c94af8bc95f2c71f6b1b1f2633
Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://3.75.162.63/ducky.ps1
|
1
|
1
ET INFO PS1 Powershell File Request
|
|
10.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7859 |
2023-12-06 12:26
|
 cred64.dll 1afaa1fcda6635e17dce5b5bf27f3c79
Malicious Library UPX PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Malicious Traffic Checks debugger unpack itself Windows utilities sandbox evasion installed browsers check Windows Browser Email DNS Software |
2
http://brodoyouevenlift.co.za/jjuhhsa73/index.php
http://185.196.8.195/u6vhSc3PPq/index.php
|
4
brodoyouevenlift.co.za(89.191.234.91) - mailcious
yeahweliftbro.cz() - mailcious
185.196.8.195 - malware
89.191.234.91
|
|
|
8.0 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7860 |
2023-12-06 12:23
|
 Ennytypip.exe eb71493b8c138d52c8baea7adaae0a22
.NET framework(MSIL) PWS SMTP DNS AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key |
|
1
213.139.207.234 - mailcious
|
|
|
10.8 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|