7966 |
2023-10-06 13:55
|
ReklamX.ps1 05931e59a873435df1111513cc67eb0c Generic Malware Antivirus Check memory unpack itself Windows Cryptographic key |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7967 |
2023-10-06 13:55
|
vc.js 9c334d578b33e9df286d5973198f7344Malware download Wshrat NetWireRC VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Windows Houdini ComputerName DNS DDNS Dropper |
1
http://chongmei33.publicvm.com:7045/is-ready - rule_id: 28328
|
2
chongmei33.publicvm.com(103.47.144.38) - mailcious 103.47.144.38 - mailcious
|
4
ET MALWARE WSHRAT CnC Checkin ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com)
|
1
http://chongmei33.publicvm.com:7045/is-ready
|
10.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7968 |
2023-10-06 13:54
|
UGFH.txt.exe 3c3580dfbc1f06636fe5696879cbdd85 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
|
2
api.ipify.org(64.185.227.156) 104.237.62.212
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.4 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7969 |
2023-10-06 13:40
|
okl.vbs 41ae735bd929dfe448cc75d19fed57a2 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://79.110.48.52/okilo.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 182.162.106.32
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7970 |
2023-10-06 13:39
|
powerwinner.ps1 d56818ec2778b8a3b3b13e2c7e88dc63 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://torna.ydns.eu/on/bsv/Wblxhuaksujvhq.exe
|
|
|
|
4.8 |
M |
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7971 |
2023-10-06 13:39
|
HTMLcode.vbs 49bad06e91f748e94a260cbfdb0fffed Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://103.182.16.23/900/UGFH.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 23.67.53.17
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7972 |
2023-10-06 13:28
|
d9e1c3_0ec2df3125b34e10ad269f8... 5e63744a4fad5be640aa0a7a2e444a3d Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7973 |
2023-10-06 13:28
|
castororiginbase64.txt.exe e94f7fd09efeb9e90655b64a6e4fced7 AgentTesla Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed |
|
|
|
|
3.8 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7974 |
2023-10-06 13:28
|
2022 1040 (Cornelius Morgan G)... c7daf9fd5c8718275c25494e3dba8982 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://taxnewmon.blogspot.com/////////////////////////////////atom.xml
|
|
|
|
5.2 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7975 |
2023-10-06 10:22
|
mtxrI8N.exe ecdf7acb35e4268bcafb03b8af12f659 UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
3.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7976 |
2023-10-06 10:21
|
skxeYqr.exe 20bb118569b859e64feaaf30227e04b8 UPX .NET framework(MSIL) Socket DNS persistence AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
9.6 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7977 |
2023-10-06 10:18
|
updat2.exe 2353ef140fcfb38add13c74b388b710d Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7978 |
2023-10-06 10:16
|
i0ioi0iooioo0IOI0OIOIOiooioi00... 9f6c58103198c1158277e4e0a8137006 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Tofsee Exploit crashed |
1
|
2
i8.ae(172.67.198.4) 104.21.60.158
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7979 |
2023-10-06 10:14
|
i0iioi0IOIOi0ioiioi0ioI0IOI0I9... b033c79a643e692668723f11af0e9484 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed |
1
http://192.3.101.8/270/audiodg.exe
|
1
|
5
ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7980 |
2023-10-06 10:14
|
vc.js 9c334d578b33e9df286d5973198f7344Malware download Wshrat NetWireRC VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download Creates executable files unpack itself AntiVM_Disk VM Disk Size Check Windows Houdini ComputerName DNS DDNS Dropper |
2
http://chongmei33.publicvm.com:7045/is-processes http://chongmei33.publicvm.com:7045/is-ready - rule_id: 28328
|
2
chongmei33.publicvm.com(103.47.144.38) - mailcious 103.47.144.38
|
6
ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com) ET MALWARE WSHRAT CnC Checkin ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm/WSHRAT Checkin 1 ET INFO DYNAMIC_DNS HTTP Request to a *.publicvm .com Domain ET HUNTING Suspicious Possible Process Dump in POST body ET HUNTING Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration
|
1
http://chongmei33.publicvm.com:7045/is-ready
|
10.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|