8356 |
2021-05-26 17:48
|
edjpx01.zip 78b7c12458b63f284b2b0b4386351ddd VirusTotal Malware DNS |
|
|
|
|
1.4 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8357 |
2021-05-26 17:49
|
Lammer.exe 49545f0af79ded22054bfd851bb3d864 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself WriteConsoleW DNS DDNS |
|
2
pegarvitimas2021wr.duckdns.org(45.186.199.29) 45.186.199.29
|
1
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
5.8 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8358 |
2021-05-26 17:50
|
vbc.exe 893f73e3c8296eb13964494da6157511 AsyncRAT backdoor PWS .NET framework Malicious Library SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
9.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8359 |
2021-05-26 17:53
|
bmw1.exe e566e9b44e24135623225c6626391307 PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows DNS crashed |
|
|
|
|
2.8 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8360 |
2021-05-26 17:57
|
vbc.exe 9fda9bae06e1705bc0baafb7ae723257 Malicious Packer PE File PE32 VirusTotal Malware Check memory RWX flags setting unpack itself |
|
|
|
|
2.0 |
M |
37 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8361 |
2021-05-26 17:57
|
0BwVRYsmMqnmVek1UbU9tQnRjS28 d9b498a75f204feb90dbe7e6da25ea11 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8362 |
2021-05-27 07:50
|
Zaplata.exe 4fd2df0f767d5db670bc28f9fff6b1f4 PE File OS Processor Check PE32 Browser Info Stealer VirusTotal Malware PDB Browser |
|
|
|
|
1.8 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8363 |
2021-05-27 09:03
|
PO 7080027.xls f1fcca46fd7af3f90aa67654250e7a05 VBA_macro MSOffice File VirusTotal Malware ICMP traffic unpack itself Tofsee |
10
https://bellaloveboutique.com/wp-content/themes/salient/includes/partials/tgTzKdqzGivuZ9.php
https://forwei.com/image/cache/data/Varios/Cables/0YGwrERy.php
https://surustore.com/image/cache/catalog/demo/banners/h0dD8T2aNRz.php
https://ootashop.com/catalog/language/ar/extension/captcha/Iz40CaCFx.php
https://bycec.in/wp-includes/js/tinymce/plugins/charmap/1MRWRA8z2S2Ajv.php
https://marcoislandguidebook.com/wp-includes/js/tinymce/plugins/charmap/xltGrJWiK.php
https://labrie-sabette.com/wp-includes/sodium_compat/namespaced/Core/ChaCha20/gp5yHrBp.php
https://brandsites.gunwebhosting.com.au/site/wp-includes/Text/Diff/Engine/eUhebviTSOzDZ.php
https://dinratnews.net/wp-content/uploads/2020/05/thumbnails/brCyRumj.php
https://enlazador.com.es/wp-content/themes/twentynineteen/sass/blocks/mLrfH3gL5MqmI.php
|
20
marcoislandguidebook.com(192.185.79.55)
brandsites.gunwebhosting.com.au(122.201.118.64)
ootashop.com(199.188.205.57)
forwei.com(217.160.0.5) - mailcious
labrie-sabette.com(173.230.252.50) - mailcious
enlazador.com.es(51.77.67.181)
surustore.com(192.158.238.23)
dinratnews.net(103.237.38.215)
bycec.in(208.91.198.106)
bellaloveboutique.com(107.180.58.44) 122.201.118.64
51.77.67.181
217.160.0.5 - malware
192.158.238.23
107.180.58.44 - mailcious
103.237.38.215 - mailcious
173.230.252.50 - mailcious
199.188.205.57
208.91.198.106 - malware
192.185.79.55 - mailcious
|
4
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic
|
|
4.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8364 |
2021-05-27 09:18
|
Document%20777622.xls a7b63000938bbeb31722acac4a96b004 VBA_macro MSOffice File VirusTotal Malware unpack itself Tofsee |
10
https://supereclinica.com.br/gestor/ckfinder/plugins/fileeditor/codemirror/Mad1mAVF6Vla1IY.php
https://www.ktateeb.vision-building.com/public/graph/uploads/200x300/content_images/CByVubhIO51.php
https://smtp.computeraccess.co.in/8Lj6KntHS.php
https://donboscoschoolbd.com/fdoMMqJznv.php
https://coeniglich.de/oVWjOr1Z3Z.php
https://bypuzzle.com.br/avada/wp-content/themes/twentyfifteen/css/5clwWvDJgRsTKvW.php
https://proterra.med.br/wp-includes/js/tinymce/themes/advanced/Zg1TbiK17uVn.php
https://agentsv2.ivm.mv/user_guide/_static/css/rjWMenNTq.php
https://clinicasaludmasculina.com/phone/css/AvGj1IrWszA5cUW.php
https://bonsventosnautica.com.br/xhpxAHxeWeE6lH3.php
|
19
supereclinica.com.br(162.241.203.185) - mailcious
donboscoschoolbd.com(138.201.27.66) - mailcious
proterra.med.br(192.185.217.211) - mailcious
smtp.computeraccess.co.in(192.185.154.138) - mailcious
coeniglich.de(172.104.152.37) - mailcious
clinicasaludmasculina.com(192.185.131.33) - mailcious
bonsventosnautica.com.br(162.241.203.116) - mailcious
agentsv2.ivm.mv(192.185.36.231) - mailcious
www.ktateeb.vision-building.com()
bypuzzle.com.br(192.185.215.103) - mailcious 192.185.131.33 - malware
192.185.217.211 - mailcious
138.201.27.66 - mailcious
192.185.36.231 - mailcious
162.241.203.185 - malware
192.185.215.103 - mailcious
162.241.203.116 - mailcious
192.185.154.138 - mailcious
172.104.152.37 - mailcious
|
4
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic
|
|
2.8 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8365 |
2021-05-27 09:18
|
covid.exe a7a8c3e6b8854ab03b71a5b128d7b9ce Malicious Library DNS AntiDebug AntiVM .NET EXE PE File PE32 Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS |
|
2
wekeepworking.sytes.net(185.140.53.40) 185.140.53.40
|
|
|
13.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8366 |
2021-05-27 09:20
|
vbc.exe 81fbda3909166d5283aa85295b8c3394 AsyncRAT backdoor PWS .NET framework Malicious Library .NET EXE PE File OS Processor Check PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.2 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8367 |
2021-05-27 09:20
|
file23.exe 4c9bb1adf101943c077c224a224ed490 PE64 PE File VirusTotal Malware unpack itself DNS |
|
|
|
|
3.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8368 |
2021-05-27 09:54
|
file19.exe 131296e016a70ea67760fa6eec3dca8f Anti_VM PE File PE32 VirusTotal Malware unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization Tofsee Windows Firmware DNS crashed |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
2
api.faceit.com(104.17.62.50) 104.17.62.50
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8369 |
2021-05-27 09:56
|
file1.exe a21e5912c536d5fde51b5269bcfb356b PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
2.0 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8370 |
2021-05-27 09:56
|
z9rNC7mJo4hH 24c28c9b3777b278fb4f05fbd7241a16 VBA_macro MSOffice File Vulnerability VirusTotal Malware Malicious Traffic unpack itself DNS |
6
http://everhappen.com/wp-content/ja/
http://susumiller.com/wp-admin/1/
http://leadercleverinvestissement.com/wp-admin/Ud/
http://www.leadercleverinvestissement.com/wp-admin/Ud/
http://laladiwanchandmodernwrestlingandyogacentre.com/wp-content/yuI/
http://kavensports.com/wp-includes/o/
|
14
susumiller.com(91.195.240.13) - malware
kavensports.com(173.212.251.233) - malware
laladiwanchandmodernwrestlingandyogacentre.com(68.66.226.86) - malware
wordpress-330097-1043717.cloudwaysapps.com()
www.leadercleverinvestissement.com(46.182.4.120)
everhappen.com(165.22.107.214) - malware
leadercleverinvestissement.com(46.182.4.120) - malware
ec2-52-56-233-157.eu-west-2.compute.amazonaws.com(52.56.233.157) - malware 68.66.226.86 - malware
91.195.240.13 - phishing
46.182.4.120 - malware
52.56.233.157 - malware
165.22.107.214 - malware
173.212.251.233 - mailcious
|
|
|
5.0 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|