| 8116 |
2024-07-04 11:31
|
 Update.js 616eae241a26b57cf9d5efc97ff8491f
VBScript wscript.exe payload download Tofsee crashed Dropper |
1
https://shryr.fans.smalladventureguide.com/orderReview
|
2
shryr.fans.smalladventureguide.com(162.252.175.117)
162.252.175.117 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8117 |
2024-07-04 11:29
|
 new-image_v.jpg.exe 9152c6d4256e91955c25bcdfa97fb9e0
Generic Malware PE File DLL PE32 .NET DLL VirusTotal Malware PDB |
|
|
|
|
1.0 |
|
29 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8118 |
2024-07-04 10:42
|
eveningfiledatinglover.vbs e69758681e577aa06dfa9425821283b6
Generic Malware Antivirus Hide_URL PowerShell Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Java ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://91.92.254.14/Users_API/negrocock/file_in0kfcuh.ojw.txt
|
2
91.92.254.14 - malware
91.92.254.194 - malware
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET MALWARE Malicious Base64 Encoded Payload In Image
ET MALWARE Base64 Encoded MZ In Image
ET WEB_CLIENT Obfuscated Javascript // ptth
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
10.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8119 |
2024-07-04 10:21
|
file_qzz145uz.kxq.txt.ps1 3680df3b272f4f5aa465a69ddbe763ed
Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8120 |
2024-07-04 10:17
|
file_20dp34d4.orr.txt.ps1 d95ef9e08e9db08a9722d77fb91c39df
Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://uploaddeimagens.com.br/images/004/807/737/original/new-image_j.jpg?1720020397 - rule_id: 40914
http://192.3.64.135/okeydookietrational.txt
|
2
uploaddeimagens.com.br(172.67.215.45) - malware
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://uploaddeimagens.com.br/images/004/807/737/original/new-image_j.jpg
|
4.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8121 |
2024-07-04 10:14
|
file_3e3wgwby.144.txt.ps1 f00fd53fc736d0735418600c428a6764
Generic Malware Antivirus Malware download VirusTotal Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.132/imge/new-image_j.jpg - rule_id: 40913
http://192.3.64.135/okeydookietrational.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.132/imge/new-image_j.jpg
|
5.4 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8122 |
2024-07-04 10:12
|
 new-image_j.jpg.exe f0fd5b8e5113d5a7afc164e15d732129
Malicious Library UPX PE File DLL PE32 OS Processor Check .NET DLL VirusTotal Malware PDB |
|
|
|
|
0.6 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8123 |
2024-07-04 10:08
|
 moon.txt.exe 076a4a72c5285c9d30401f1c3f7d0c45
Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory buffers extracted unpack itself human activity check Windows DNS keylogger |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50)
178.237.33.50
191.101.130.177
|
1
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
5.8 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8124 |
2024-07-04 10:06
|
 okeydookietrational.txt.exe 2788f9c24efc9877a9c58d751d4f73f7
AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Browser Email ComputerName crashed |
1
http://ip-api.com/line/?fields=hosting
|
4
ftp.horeca-bucuresti.ro(89.39.83.184)
ip-api.com(208.95.112.1)
89.39.83.184
208.95.112.1
|
2
ET POLICY External IP Lookup ip-api.com
SURICATA Applayer Detect protocol only one direction
|
|
6.0 |
|
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8125 |
2024-07-04 10:05
|
 streamer.exe 2502f2fb88c1ea569c0b4287ae0613f3
Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8126 |
2024-07-04 10:03
|
file_2n4kbwex.dbr.txt.ps1 8c1b03a6197614eeeb38e25f24e910b7
Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.4 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8127 |
2024-07-04 09:58
|
file_5jjhn5s1.zo4.txt.ps1 0bb85daee10c39c2eb3a05ebc874a585
Generic Malware Antivirus Malware download Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://23.95.235.16/55099/UGH.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8128 |
2024-07-04 09:55
|
file_iet2mvl3.idw.txt.ps1 35fc934c763040e9f35474eacffe3e34
Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8129 |
2024-07-04 09:53
|
file_01ntx0mv.bfk.txt.ps1 fdd6b3b4eafee0cdace6be04340d721d
Generic Malware Antivirus Malware download Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key |
2
http://91.92.254.194/imge/new-image_v.jpg - rule_id: 40890
http://198.46.178.144/madamwebbbbbbbas6444.txt
|
1
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET MALWARE Base64 Encoded MZ In Image
ET MALWARE Malicious Base64 Encoded Payload In Image
|
1
http://91.92.254.194/imge/new-image_v.jpg
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8130 |
2024-07-04 09:52
|
 new-image_v.jpg.exe 9152c6d4256e91955c25bcdfa97fb9e0
PE File DLL PE32 .NET DLL VirusTotal Malware PDB |
|
|
|
|
1.0 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|