| 8446 |
2021-06-01 17:41
|
 svch.exe e5e99249a71ae209175217256edd30c0
Antivirus Malicious Packer Escalate priviledges KeyLogger ScreenShot Downloader persistence AntiDebug AntiVM PE File PE32 VirusTotal Malware |
|
|
|
|
1.0 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8447 |
2021-06-02 07:50
|
 FNH.exe 616f7519c2af317844666eab115e219f
PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS crashed |
|
|
|
|
2.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8448 |
2021-06-02 07:52
|
 EHH.exe 979555d563632cad528a128a3af233bb
PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS crashed |
|
|
|
|
2.2 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8449 |
2021-06-02 09:20
|
 po8703.exe ec901f509871709b2038cfa53a72f577
AsyncRAT backdoor PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8450 |
2021-06-02 09:21
|
 cc200-077.exe ffb41067c3ba0fcfbcdefea7ad536443
AsyncRAT backdoor PWS .NET framework Malicious Library PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key |
|
|
|
|
6.0 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8451 |
2021-06-02 09:23
|
bug.xlsx 7fd41119cd2f2bd6fe13aa60eafd534d
MSOffice File Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed Downloader |
1
http://192.3.13.56/dashboard/docs/images/new.exe
|
1
|
2
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
|
|
3.8 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8452 |
2021-06-02 09:23
|
 MAERSK INVOICE, BL, & AWB.doc 4f9bf95254ac818ee13e8c4915a23aa0
RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Windows Exploit DNS crashed |
2
http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
https://update.googleapis.com/service/update2?cup2key=10:3327672849&cup2hreq=052f4fe1376d892301ddcc9da78e0130a0d9987d20d1c21c33cdbfabd555c6fb
|
4
edgedl.me.gvt1.com(34.104.35.123)
bit.ly(67.199.248.10) - mailcious
34.104.35.123
67.199.248.10 - phishing
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
5.2 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8453 |
2021-06-02 09:25
|
 cc200.exe 2d3ca3ef781f7ae9d4db875d2f106bd1
AsyncRAT backdoor PWS .NET framework Anti_VM Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
7.4 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8454 |
2021-06-02 09:25
|
PO_20880536,pdf.7z a98deab6a48941d96e070a75fcbc56d5
Escalate priviledges KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself DNS |
|
1
|
|
|
2.8 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8455 |
2021-06-02 09:27
|
 freeold.exe 5108b268343f682e45b04f1af1dab2e3
Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key |
|
|
|
|
8.4 |
|
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8456 |
2021-06-02 09:30
|
 n.dot 5a7858fdfd59904990a6a5f019c80b80
RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Check memory exploit crash unpack itself Windows Exploit DNS DDNS crashed Downloader |
1
http://gaag.ddns.net/imo/six.exe
|
4
ararat.mangospot.net(185.140.53.216)
gaag.ddns.net(23.95.122.53)
23.95.122.53 - mailcious
185.140.53.216
|
3
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
5.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8457 |
2021-06-02 09:30
|
 cc200-07.exe e3aa230134fe078f662113eeb7ccc173
PWS .NET framework Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder Windows DNS |
|
|
|
|
11.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8458 |
2021-06-02 09:31
|
 ConsoleApp18.exe 30467fd98253f96d877581e5af9c18f9
AsyncRAT backdoor SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS crashed |
|
1
|
|
|
9.4 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8459 |
2021-06-02 09:32
|
 cc200-08.exe 958b46473acadafb02ea38355ec436c2
AsyncRAT backdoor PWS .NET framework Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8460 |
2021-06-02 09:36
|
 free-09.exe f35cee5adee51bfe480b060aa4b3ca92
AsyncRAT backdoor PWS .NET framework Malicious Packer ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
20
http://www.aideliveryrobot.com/p2io/?MvZXHps=xikLqsON4SLys5Ctbg8c4HdBraEMa/77ZWZXTseglAkSxnPi++5EYLyVZkm9Sn2R1rpOJsEg&GdS0=wN98ghVpC
http://www.bigplatesmallwallet.com/p2io/?MvZXHps=O674xtRxkGNoF6c3kGCKbVIXJyLg/Uv1kE5kvfYRu46mJjBrOhkzeBS5wyL3I0uQtRm1X0si&GdS0=wN98ghVpC - rule_id: 1563
http://www.alfenas.info/p2io/?MvZXHps=qSqSgno9cBloRqN5VLtR5zfvl4qKeuO7jrdOV5f2r4ZX0X85kelskx3YtL4YRmLXGzhxb6Nv&GdS0=wN98ghVpC - rule_id: 1547
http://www.dmgt4m2g8y2uh.net/p2io/ - rule_id: 1571
http://www.adultpeace.com/p2io/ - rule_id: 1554
http://www.alfenas.info/p2io/ - rule_id: 1547
http://www.hiddenwholesale.com/p2io/
http://www.brunoecatarina.com/p2io/?MvZXHps=OHUffbgvv2IRIzjH29fk0Sz2RAv4pH8VLsbDGAU3/+1JsitNqq1vDtXSpGXNdq06DpgCyNqt&GdS0=wN98ghVpC
http://www.aideliveryrobot.com/p2io/
http://www.sonderbach.net/p2io/?MvZXHps=2ax3GqWpRrSdWZvs+TKAK3bdHNL66UJyZbfAdtPO/FaZGfOa/v3aE89kJzgFOPU2QDwHTbD5&GdS0=wN98ghVpC
http://www.dmgt4m2g8y2uh.net/p2io/?MvZXHps=QtqXFq7HS/X4MIE9GXms050Yi4WsLwGmbpvB1Cdjo9kEhb/cEuRUaHG+vgNP8VkCpLdNveMs&GdS0=wN98ghVpC - rule_id: 1571
http://www.vectoroutlines.com/p2io/ - rule_id: 1549
http://www.adultpeace.com/p2io/?MvZXHps=4oufm6g7w9cVhgu+mDBWoA8I6Q2bNaX51teMhl/6i5f1woTl8Y4Ohfe29cQ9y7IaJQfIj0iK&GdS0=wN98ghVpC - rule_id: 1554
http://www.sonderbach.net/p2io/
http://www.malcorinmobiliaria.com/p2io/
http://www.hiddenwholesale.com/p2io/?MvZXHps=es7Y2j6fi7ykzyYZtmEK+cycNhd4T49F/AgpmDgn764GP1PGHDawcWJ0S7F8IUbT02LeJAjO&GdS0=wN98ghVpC
http://www.bigplatesmallwallet.com/p2io/ - rule_id: 1563
http://www.malcorinmobiliaria.com/p2io/?MvZXHps=X0EtArFEUual2LrizL+JDvaaIJih4TPXrew0ftkRNgE5xhBEnMYnqlEM9Znbjzoaa6WF3j6b&GdS0=wN98ghVpC
http://www.vectoroutlines.com/p2io/?MvZXHps=RfOK6jKjejKyxd8Ge5LTyAppaXreGCTFIzs53vHZyU46XfbA28pKG3jMmZvEd1BBCDsLyI+Y&GdS0=wN98ghVpC - rule_id: 1549
http://www.brunoecatarina.com/p2io/
|
21
www.malcorinmobiliaria.com(160.121.176.84)
www.vectoroutlines.com(198.54.126.105)
www.aideliveryrobot.com(52.58.78.16)
www.adultpeace.com(163.44.239.73)
www.tricqr.com() - mailcious
www.bigplatesmallwallet.com(66.235.200.147)
www.alfenas.info(34.102.136.180)
www.sonderbach.net(66.206.3.38)
www.hiddenwholesale.com(44.227.76.166)
www.brunoecatarina.com(54.85.86.211)
www.dmgt4m2g8y2uh.net(103.120.12.102)
44.227.76.166 - mailcious
52.58.78.16 - mailcious
160.121.176.84
66.235.200.147 - phishing
163.44.239.73 - mailcious
198.54.126.105 - mailcious
66.206.3.38
103.120.12.117
34.102.136.180 - mailcious
54.85.86.211
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 17
ET MALWARE FormBook CnC Checkin (GET)
|
10
http://www.bigplatesmallwallet.com/p2io/
http://www.alfenas.info/p2io/
http://www.dmgt4m2g8y2uh.net/p2io/
http://www.adultpeace.com/p2io/
http://www.alfenas.info/p2io/
http://www.dmgt4m2g8y2uh.net/p2io/
http://www.vectoroutlines.com/p2io/
http://www.adultpeace.com/p2io/
http://www.bigplatesmallwallet.com/p2io/
http://www.vectoroutlines.com/p2io/
|
8.8 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|