8431 |
2023-09-21 09:48
|
omob.vbs 51c03a309d16578fe5a97464df18cac9 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://79.110.48.52/omox.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 104.21.45.138 - malware
182.162.106.33 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8432 |
2023-09-21 09:47
|
eveningmmeddddFile.vbs 62154436f26a9ce3557b89b54e54fe16 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/613/515/original/rump_vbs_antivm.jpg?1695147255
http://193.42.33.63/mohammedfilebase64.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 23.43.165.66
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8433 |
2023-09-21 09:46
|
idex.vbs 3a386e7b334d9214f8d5fcf3f6876fd3 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://79.110.48.52/idesh.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 182.162.106.32
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8434 |
2023-09-21 09:45
|
aktivosssssssfileapamaFile.vbs cd664601408fb5dac516050fb44fe31c Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/614/536/original/rump_private.jpg?1695227110
http://193.42.33.63/mohammedfilebase64.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 121.254.136.18
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8435 |
2023-09-21 09:44
|
irrkt.exe f2b5bfad4a3b0efd8aff6cd50c4f4e4b PE File PE32 .NET EXE VirusTotal Malware Tofsee DNS |
1
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
|
5
cacerts.digicert.com(152.195.38.76) onedrive.live.com(13.107.42.13) - mailcious 101.32.68.183 - mailcious 152.195.38.76 13.107.42.13 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8436 |
2023-09-21 09:44
|
jokiulob.vbs ddf4bc91c949a6dfe97246d424ce6a2e Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://185.225.75.151/okokukosib.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 121.254.136.9
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8437 |
2023-09-21 09:43
|
wininit.exe d54ddeb1ceaa4b97d777db0335765e31 Formbook .NET framework(MSIL) PWS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder suspicious TLD Browser DNS |
13
http://www.edf23hravau.xyz/hcn4/ - rule_id: 36403 http://www.igrashka.net/hcn4/?knM=m30+Ki//Y8sL2zE0P61kdhvYOwqWFptCCmwU8vQq6zE1sjNGfZDnTyH3LHXrki/eEv4hHjHktamnN/oDf7D42Eqb/YZUuybaqZkYvtQ=&ye5Im=alq0Y2 - rule_id: 36402 http://www.jedidylan.com/hcn4/?knM=OEaMQIXzJ1y0Ti/BrjZfTQsudV+gIEPJKSCSuDa5GJUseBJeyfizYkge5InQO6hD9ZXOEPkPQpdLpgPCjm1/NgvgONU/CrlD65E5YMY=&ye5Im=alq0Y2 - rule_id: 36404 http://www.ssongg12497.cfd/hcn4/ - rule_id: 36407 http://www.shakcham.top/hcn4/ - rule_id: 36405 http://www.sqlite.org/2016/sqlite-dll-win32-x86-3130000.zip http://www.igrashka.net/hcn4/ - rule_id: 36402 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.shakcham.top/hcn4/?knM=VLrMamQnDTGMeMJgx6hkOx5BwaKLG+lWawKYC9Jql/bfu43cgRCDr21Ipw5nqE2MDIkIhr3bxwasMrx+aUmXse9uaxrLWLp/EVeQozE=&ye5Im=alq0Y2 - rule_id: 36405 http://www.jedidylan.com/hcn4/ - rule_id: 36404 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip http://www.edf23hravau.xyz/hcn4/?knM=THRJx5HoM4pxizf3tffVux/F1dnvdAzr5GPiuCoKifJxde7dkuco3WiYLQ8onutaznLrkvN96f0rnicV+F6qZ7Z7/ZoKrPI7mfac+KI=&ye5Im=alq0Y2 - rule_id: 36403
|
12
www.ekcc.xyz() - mailcious www.ssongg12497.cfd(101.32.68.183) - mailcious www.jedidylan.com(204.11.56.48) - mailcious www.edf23hravau.xyz(20.247.39.217) - mailcious www.shakcham.top(203.161.62.123) - mailcious www.igrashka.net(91.206.200.88) - mailcious 203.161.62.123 - mailcious 101.32.68.183 - mailcious 204.11.56.48 - phishing 20.247.39.217 - mailcious 45.33.6.223 91.206.200.88 - mailcious
|
2
ET DNS Query to a *.top domain - Likely Hostile ET INFO HTTP Request to a *.top domain
|
9
http://www.edf23hravau.xyz/hcn4/ http://www.igrashka.net/hcn4/ http://www.jedidylan.com/hcn4/ http://www.ssongg12497.cfd/hcn4/ http://www.shakcham.top/hcn4/ http://www.igrashka.net/hcn4/ http://www.shakcham.top/hcn4/ http://www.jedidylan.com/hcn4/ http://www.edf23hravau.xyz/hcn4/
|
11.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8438 |
2023-09-21 09:43
|
mohammmeddddFile.vbs ac706ae911a9abbe20f39aede390f201 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/597/236/original/rump_privada.jpg?1693847070
http://193.42.33.63/mohammedfilebase64.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 121.254.136.9
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8439 |
2023-09-21 09:41
|
GWA.vbs e2782eab20480b1650cd78de803acd82 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/613/515/original/rump_vbs_antivm.jpg?1695147255
http://94.156.161.167/tl/gr3424.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 222.122.182.234
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8440 |
2023-09-21 09:40
|
HVD.vbs 4a59ccc0ed465bacc7d52dfb498ad113 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/614/895/original/rump_vbs.jpg?1695246171
http://94.156.161.167/tl/ht4534.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 121.254.136.18
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8441 |
2023-09-21 09:39
|
1.exe 3e0fe762ff4de77422e0da2f8460431a Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
2.0 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8442 |
2023-09-21 09:37
|
TiWorker.hta 328e0141e999dfe62d9429c5685aabd2 Generic Malware Antivirus AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key |
1
http://107.175.113.216/pastor/retain.exe
|
|
|
|
7.0 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8443 |
2023-09-21 09:37
|
kellyzx.exe c9073e82ea54dc807fb8c89d205ef7f5 .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8444 |
2023-09-21 09:35
|
maxlobbing2.1.exe 8d7eea4fa1b573b722cac003a8aa205f NSIS Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
|
2
api.ipify.org(104.237.62.212) 104.237.62.212
|
4
ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
|
|
8.4 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8445 |
2023-09-21 09:35
|
Bitter.exe 17fa8319d0f676b0a4e69d629e3b46a3 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware Remote Code Execution crashed |
|
|
|
|
1.8 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|