7936 |
2023-10-07 15:01
|
i0ioi0o0IOoiio00I00oOOo0i0I0IO... ac1981dfa38cdea35c6002762274915f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
http://103.182.16.23/250/2/HTMLcc.vbs
|
4
uploaddeimagens.com.br(172.67.215.45) - malware 103.182.16.23 - malware
23.67.53.17
104.21.45.138 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host VBS Request
|
|
4.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7937 |
2023-10-07 15:01
|
html.vbs 652db94281f8ba32aa8e7314453559aa Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://103.182.16.23/250/1/UFX.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 23.67.53.17
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7938 |
2023-10-07 14:59
|
updat3.exe 4452e402d114953030710ae7708537ba Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
1.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7939 |
2023-10-07 14:59
|
hhreexploit.vbs 561d5f4d8df4d135fbbd9effde8edf77 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://193.42.33.63/apamaaktivozebas364.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 182.162.106.33 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7940 |
2023-10-07 14:58
|
bkop.vbs f29c576dafde535cca1e48bc52efc6d9 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://193.42.33.91/nnannanwosu.txt
|
4
uploaddeimagens.com.br(104.21.45.138) - malware 23.67.53.17
121.254.136.9
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7941 |
2023-10-07 14:57
|
Emulation_of_the_installer.exe fb073c1e8e693469572835389d67317e RedLine stealer UPX .NET framework(MSIL) Malicious Library ScreenShot PWS AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)
|
|
12.2 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7942 |
2023-10-07 14:57
|
asca1ex123111.exe afeaa39b474fbc97ab20f75b90b340c1 Malicious Library PE File PE32 VirusTotal Malware |
|
|
|
|
1.6 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7943 |
2023-10-07 14:54
|
toolspub2.exe dde202b7adaadf9c8d422216dc3ebec7 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution |
|
|
|
|
6.6 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7944 |
2023-10-07 14:54
|
shedremko2.1.exe b80d6d5161b4f047ebb9f903822e2cd2 NSIS Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself AppData folder Windows DNS DDNS |
|
2
sheddy1122.ddns.net(103.212.81.151) 103.212.81.151
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
6.8 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7945 |
2023-10-07 14:52
|
IOI0OIOoioi0ooooi00IOIOoi0OoI0... 7284a3e9895de3839eeef2bf59e595ee MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
http://103.182.16.23/250/1/html.vbs http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
uploaddeimagens.com.br(104.21.45.138) - malware 103.182.16.23 - malware 121.254.136.18 104.21.45.138 - malware
|
2
ET INFO Dotted Quad Host VBS Request SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7946 |
2023-10-07 14:52
|
ioi0OIOoi0IOIOIoi0OIOIioI0IOio... 432af76c6e1aaf2f1848808a1ccb3f8b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c http://103.182.16.23/250/3/HtmlCent.vbs
|
4
uploaddeimagens.com.br(104.21.45.138) - malware 103.182.16.23 - malware 23.67.53.27 172.67.215.45 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host VBS Request
|
|
4.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7947 |
2023-10-07 14:50
|
UFG.txt.exe a413cbf395fa31f26a7f234248248a8e AgentTesla Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
smtp.tecnowares.com(35.186.223.180) 35.186.223.180 - mailcious
|
|
|
6.8 |
|
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7948 |
2023-10-07 14:50
|
build5555.exe 82eecea4083e39c33733428c2d845b15 Malicious Library UPX Malicious Packer Socket Http API ScreenShot Code injection Internet API AntiDebug AntiVM PE File PE64 OS Processor Check VirusTotal Malware Code Injection buffers extracted Creates executable files DNS |
|
1
|
|
|
9.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7949 |
2023-10-07 14:50
|
UXO.txt.exe 00b28f548f14de4f53abd6651bf78b98 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
mail.egyptscientific.com(192.185.51.90) api.ipify.org(173.231.16.77) 192.185.51.90 23.67.53.17 64.185.227.156
|
5
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Detect protocol only one direction
|
|
7.4 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7950 |
2023-10-07 14:48
|
ZBzdymFh.bat 44fbd58c401a7786da2e8b6a6291379e Suspicious_Script_Bin Downloader Malicious Library Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 ZIP For VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder malicious URLs WriteConsoleW crashed |
|
|
|
|
4.8 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|