| 8416 |
2023-09-22 07:50
|
jk.dll 61422a35afb21b453b824c22f44501ac
Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware |
|
|
|
|
0.4 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8417 |
2023-09-22 07:47
|
 kus.exe 64ed1a8846afa8dc286cc753f0b8b6f8
Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Malware PDB Code Injection buffers extracted |
|
|
|
|
6.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8418 |
2023-09-22 07:46
|
 panor.exe d77223437f0f975dd0cb6d65a9f13fdf
Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check DLL VirusTotal Malware PDB Code Injection Checks debugger Creates executable files unpack itself AppData folder Remote Code Execution |
|
|
|
|
4.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8419 |
2023-09-21 18:19
|
HP_099333DDW.vbs 878b00995ad5c6ab937cbab9e9b40c06
Generic Malware Antivirus PWS SMTP KeyLogger Hide_URL AntiDebug AntiVM PowerShell Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee EXPLOIT_KIT Windows Exploit Browser Email ComputerName DNS Cryptographic key Software crashed |
1
https://firebasestorage.googleapis.com/v0/b/server-555e5.appspot.com/o/rumpe.txt?alt=media&token=21f4cafe-e9ac-408c-a2cd-b2f926f8094a - rule_id: 36632
|
3
firebasestorage.googleapis.com(142.250.206.202) - phishing
172.217.31.10
198.46.178.152 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1
|
1
https://firebasestorage.googleapis.com/v0/b/server-555e5.appspot.com/o/rumpe.txt
|
16.6 |
M |
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8420 |
2023-09-21 18:17
|
 money.exe 0e7b53dca579f5526e521db1e75005b5
Admin Tool (Sysinternals etc ...) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
2
api.ipify.org(104.237.62.212)
173.231.16.77
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8421 |
2023-09-21 18:16
|
 7RVuMkLvXuAoxru.exe b19d7259f18dc6881b79c875c08c6abd
.NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8422 |
2023-09-21 18:14
|
 foto7447.exe 80d85ad1d3d69763537f3c1a75cc7390
RedLine stealer Gen1 Emotet Malicious Library UPX AntiDebug AntiVM PE File PE32 CAB Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
1
http://5.42.92.211/loghub/master - rule_id: 36282
|
3
91.235.128.141
77.91.124.82 - mailcious
5.42.92.211 - mailcious
|
7
ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST)
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
|
1
http://5.42.92.211/loghub/master
|
15.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8423 |
2023-09-21 18:14
|
 exto.exe 27e81eda70881f1875c07fb6a9da8a5e
Malicious Library UPX PWS AntiDebug AntiVM PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Code Injection Malicious Traffic buffers extracted unpack itself WriteConsoleW Stealc Browser DNS |
1
http://5.42.92.211/loghub/master - rule_id: 36282
|
1
|
2
ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST)
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
|
1
http://5.42.92.211/loghub/master
|
8.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8424 |
2023-09-21 18:13
|
 TiWorker.exe 5c6c71c7d5550896ed29fceb19e76649
Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
4
http://www.gk84.com/sy22/?kDHl=EZXT1couL1SMJvG2qeg6eanykcNOwoSwRkeI+9JF3ekTKFJ8rStu/JDK0lzRposG9gxESXnb&KtxD=PnCTGx9Pf - rule_id: 36323
http://www.gracefullytouchedartistry.com/sy22/?kDHl=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&KtxD=PnCTGx9Pf - rule_id: 35940
http://www.sarthaksrishticreation.com/sy22/?kDHl=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&KtxD=PnCTGx9Pf - rule_id: 35905
http://www.giallozafferrano.com/sy22/?kDHl=e3Wc7AYKmxnABbA5XplRDASPAW2hX0g2E4j6p3U7Sf2osunLtU3wLL64mGQYR58Cg+KdkSKM&KtxD=PnCTGx9Pf
|
8
www.gk84.com(107.148.223.82) - mailcious
www.sarthaksrishticreation.com(119.18.49.69) - mailcious
www.giallozafferrano.com(62.149.128.45)
www.gracefullytouchedartistry.com(34.149.87.45) - mailcious
62.149.128.45 - mailcious
119.18.49.69 - mailcious
107.148.223.82 - mailcious
34.149.87.45 - phishing
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
3
http://www.gk84.com/sy22/
http://www.gracefullytouchedartistry.com/sy22/
http://www.sarthaksrishticreation.com/sy22/
|
4.2 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8425 |
2023-09-21 18:12
|
 spacezx.exe f00db5f7d365a7a8236a34cb9e9ce590
.NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Browser Email ComputerName Software crashed |
|
2
cp5ua.hyperhost.ua(91.235.128.141)
91.235.128.141
|
2
SURICATA Applayer Detect protocol only one direction
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8426 |
2023-09-21 13:41
|
 gametools.exe 19a0306a4a57683c3e14dc5ec13e89ed
Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
1.6 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8427 |
2023-09-21 13:33
|
 netTime.exe 927783a38772fd607fb4dfbf34dceaf3
UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Remote Code Execution |
|
|
|
|
2.8 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8428 |
2023-09-21 10:29
|
 Akjnagosfmwanr.exe 047324921fcd5ca64134a367d389e900
Malicious Library UPX PE File PE32 MZP Format VirusTotal Malware RWX flags setting unpack itself crashed |
|
1
|
|
|
2.6 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8429 |
2023-09-21 10:20
|
 55aa5e.exe 56c197e493f74f9233a16cdefab3109f
Emotet Malicious Library UPX VMProtect PE File PE32 OS Processor Check VirusTotal Malware Check memory RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows Remote Code Execution |
|
|
|
|
4.4 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8430 |
2023-09-21 09:49
|
EGU.vbs 87340d35d75234ff3dcde21240b08f9e
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
https://yorkrefrigerent.md/public/cvb/yay.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.18
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|