8446 |
2021-06-01 17:41
|
svch.exe e5e99249a71ae209175217256edd30c0 Antivirus Malicious Packer Escalate priviledges KeyLogger ScreenShot Downloader persistence AntiDebug AntiVM PE File PE32 VirusTotal Malware |
|
|
|
|
1.0 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8447 |
2021-06-02 07:50
|
FNH.exe 616f7519c2af317844666eab115e219f PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS crashed |
|
|
|
|
2.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8448 |
2021-06-02 07:52
|
EHH.exe 979555d563632cad528a128a3af233bb PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS crashed |
|
|
|
|
2.2 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8449 |
2021-06-02 09:20
|
po8703.exe ec901f509871709b2038cfa53a72f577 AsyncRAT backdoor PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8450 |
2021-06-02 09:21
|
cc200-077.exe ffb41067c3ba0fcfbcdefea7ad536443 AsyncRAT backdoor PWS .NET framework Malicious Library PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key |
|
|
|
|
6.0 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8451 |
2021-06-02 09:23
|
bug.xlsx 7fd41119cd2f2bd6fe13aa60eafd534d MSOffice File Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed Downloader |
1
http://192.3.13.56/dashboard/docs/images/new.exe
|
1
|
2
ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
|
|
3.8 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8452 |
2021-06-02 09:23
|
MAERSK INVOICE, BL, & AWB.doc 4f9bf95254ac818ee13e8c4915a23aa0 RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Windows Exploit DNS crashed |
2
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:3327672849&cup2hreq=052f4fe1376d892301ddcc9da78e0130a0d9987d20d1c21c33cdbfabd555c6fb
|
4
edgedl.me.gvt1.com(34.104.35.123) bit.ly(67.199.248.10) - mailcious 34.104.35.123 67.199.248.10 - phishing
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
5.2 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8453 |
2021-06-02 09:25
|
cc200.exe 2d3ca3ef781f7ae9d4db875d2f106bd1 AsyncRAT backdoor PWS .NET framework Anti_VM Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
7.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8454 |
2021-06-02 09:25
|
PO_20880536,pdf.7z a98deab6a48941d96e070a75fcbc56d5 Escalate priviledges KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself DNS |
|
1
|
|
|
2.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8455 |
2021-06-02 09:27
|
freeold.exe 5108b268343f682e45b04f1af1dab2e3 Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
8.4 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8456 |
2021-06-02 09:30
|
n.dot 5a7858fdfd59904990a6a5f019c80b80 RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Check memory exploit crash unpack itself Windows Exploit DNS DDNS crashed Downloader |
1
http://gaag.ddns.net/imo/six.exe
|
4
ararat.mangospot.net(185.140.53.216) gaag.ddns.net(23.95.122.53) 23.95.122.53 - mailcious 185.140.53.216
|
3
ET POLICY DNS Query to DynDNS Domain *.ddns .net ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP
|
|
5.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8457 |
2021-06-02 09:30
|
cc200-07.exe e3aa230134fe078f662113eeb7ccc173 PWS .NET framework Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder Windows DNS |
|
|
|
|
11.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8458 |
2021-06-02 09:31
|
ConsoleApp18.exe 30467fd98253f96d877581e5af9c18f9 AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS crashed |
|
1
|
|
|
9.4 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8459 |
2021-06-02 09:32
|
cc200-08.exe 958b46473acadafb02ea38355ec436c2 AsyncRAT backdoor PWS .NET framework Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8460 |
2021-06-02 09:36
|
free-09.exe f35cee5adee51bfe480b060aa4b3ca92 AsyncRAT backdoor PWS .NET framework Malicious Packer ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
20
http://www.aideliveryrobot.com/p2io/?MvZXHps=xikLqsON4SLys5Ctbg8c4HdBraEMa/77ZWZXTseglAkSxnPi++5EYLyVZkm9Sn2R1rpOJsEg&GdS0=wN98ghVpC http://www.bigplatesmallwallet.com/p2io/?MvZXHps=O674xtRxkGNoF6c3kGCKbVIXJyLg/Uv1kE5kvfYRu46mJjBrOhkzeBS5wyL3I0uQtRm1X0si&GdS0=wN98ghVpC - rule_id: 1563 http://www.alfenas.info/p2io/?MvZXHps=qSqSgno9cBloRqN5VLtR5zfvl4qKeuO7jrdOV5f2r4ZX0X85kelskx3YtL4YRmLXGzhxb6Nv&GdS0=wN98ghVpC - rule_id: 1547 http://www.dmgt4m2g8y2uh.net/p2io/ - rule_id: 1571 http://www.adultpeace.com/p2io/ - rule_id: 1554 http://www.alfenas.info/p2io/ - rule_id: 1547 http://www.hiddenwholesale.com/p2io/ http://www.brunoecatarina.com/p2io/?MvZXHps=OHUffbgvv2IRIzjH29fk0Sz2RAv4pH8VLsbDGAU3/+1JsitNqq1vDtXSpGXNdq06DpgCyNqt&GdS0=wN98ghVpC http://www.aideliveryrobot.com/p2io/ http://www.sonderbach.net/p2io/?MvZXHps=2ax3GqWpRrSdWZvs+TKAK3bdHNL66UJyZbfAdtPO/FaZGfOa/v3aE89kJzgFOPU2QDwHTbD5&GdS0=wN98ghVpC http://www.dmgt4m2g8y2uh.net/p2io/?MvZXHps=QtqXFq7HS/X4MIE9GXms050Yi4WsLwGmbpvB1Cdjo9kEhb/cEuRUaHG+vgNP8VkCpLdNveMs&GdS0=wN98ghVpC - rule_id: 1571 http://www.vectoroutlines.com/p2io/ - rule_id: 1549 http://www.adultpeace.com/p2io/?MvZXHps=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&GdS0=wN98ghVpC - rule_id: 1554 http://www.sonderbach.net/p2io/ http://www.malcorinmobiliaria.com/p2io/ http://www.hiddenwholesale.com/p2io/?MvZXHps=es7Y2j6fi7ykzyYZtmEK+cycNhd4T49F/AgpmDgn764GP1PGHDawcWJ0S7F8IUbT02LeJAjO&GdS0=wN98ghVpC http://www.bigplatesmallwallet.com/p2io/ - rule_id: 1563 http://www.malcorinmobiliaria.com/p2io/?MvZXHps=X0EtArFEUual2LrizL+JDvaaIJih4TPXrew0ftkRNgE5xhBEnMYnqlEM9Znbjzoaa6WF3j6b&GdS0=wN98ghVpC http://www.vectoroutlines.com/p2io/?MvZXHps=RfOK6jKjejKyxd8Ge5LTyAppaXreGCTFIzs53vHZyU46XfbA28pKG3jMmZvEd1BBCDsLyI+Y&GdS0=wN98ghVpC - rule_id: 1549 http://www.brunoecatarina.com/p2io/
|
21
www.malcorinmobiliaria.com(160.121.176.84) www.vectoroutlines.com(198.54.126.105) www.aideliveryrobot.com(52.58.78.16) www.adultpeace.com(163.44.239.73) www.tricqr.com() - mailcious www.bigplatesmallwallet.com(66.235.200.147) www.alfenas.info(34.102.136.180) www.sonderbach.net(66.206.3.38) www.hiddenwholesale.com(44.227.76.166) www.brunoecatarina.com(54.85.86.211) www.dmgt4m2g8y2uh.net(103.120.12.102) 44.227.76.166 - mailcious 52.58.78.16 - mailcious 160.121.176.84 66.235.200.147 - phishing 163.44.239.73 - mailcious 198.54.126.105 - mailcious 66.206.3.38 103.120.12.117 34.102.136.180 - mailcious 54.85.86.211
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 17 ET MALWARE FormBook CnC Checkin (GET)
|
10
http://www.bigplatesmallwallet.com/p2io/ http://www.alfenas.info/p2io/ http://www.dmgt4m2g8y2uh.net/p2io/ http://www.adultpeace.com/p2io/ http://www.alfenas.info/p2io/ http://www.dmgt4m2g8y2uh.net/p2io/ http://www.vectoroutlines.com/p2io/ http://www.adultpeace.com/p2io/ http://www.bigplatesmallwallet.com/p2io/ http://www.vectoroutlines.com/p2io/
|
8.8 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|