| 8671 |
2023-09-14 07:44
|
 centralimac2.1.exe 3d0b5853a55bbeea47f1f6f82729e96f
NSIS UPX Malicious Library PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
|
2
api.ipify.org(104.237.62.212)
104.237.62.212
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8672 |
2023-09-14 07:44
|
 get3.exe 55cd0ace56d09766e3a8e22f94815bd6
Malicious Library PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
1.8 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8673 |
2023-09-14 07:42
|
 1.exe e8eedfa9c23d565850e4b712c469dc96
UPX Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Http API PWS HTTP ScreenShot Internet API AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
10.0 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8674 |
2023-09-14 07:42
|
 cryptedBB.exe 3dd01710d9d6f58e5588ad656f0441a1
UPX Malicious Library PE File PE32 OS Processor Check VirusTotal Malware WriteConsoleW |
|
|
|
|
2.0 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8675 |
2023-09-14 07:40
|
 StealerClient_Sharp.exe 08bcf92194154a68f92533a9b7ebf0c4
Confuser .NET PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW ComputerName Remote Code Execution |
|
|
|
|
3.0 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8676 |
2023-09-14 07:39
|
 StealerClient_Cpp.exe a2a68318da5737ff0327f6d53438be60
UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8677 |
2023-09-14 07:38
|
 igccu.exe c233db256a3353f1b23b55b8a16662f8
Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
12.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8678 |
2023-09-14 07:37
|
 igccu.exe bbbddd889f262cf35677421c6bda3a75
.NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8679 |
2023-09-14 07:35
|
 Gen.exe d0fa181e7c69e0b03b243c2190910ddd
AgentTesla RedLine Infostealer UltraVNC UPX Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
2
http://194.180.49.211/D/gerenciaa.txt
http://194.180.49.211/D/DLLL.txt
|
3
api.ipify.org(104.237.62.212)
194.180.49.211 - malware
64.185.227.156
|
5
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING EXE Base64 Encoded potential malware
|
|
11.8 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8680 |
2023-09-14 07:35
|
 smss.exe a7b72e56ebab2dfa91a8b738724506f7
Formbook .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
2
http://www.holzleisten24.shop/ro12/?ATRlddq=YvLwEHT8dFuKpJLsd4JhBcwDYJ3uuNfwUz2wQ6/Fy2txHMel0oHlxc/BdHQb6Vhi/z8z67rB&DxoTK=VDKTtFOx_dip6pX
http://www.one45.vip/ro12/?ATRlddq=Zg7IXJepYYHIcsKaQoHhL1/V4j4C4Pb3dF6fc4AkNYCnbF989AFVMYXREkmUQu75oh06LO4h&DxoTK=VDKTtFOx_dip6pX
|
4
www.one45.vip(172.67.168.52)
www.holzleisten24.shop(130.185.109.77)
130.185.109.77
172.67.168.52
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.4 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8681 |
2023-09-13 17:24
|
 Ascend.exe 779e78a9daf5514cac0965855f8c364e
UPX .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces DNS |
1
http://ascend.macronator.biz/bot/hash.crc
|
2
ascend.macronator.biz(16.182.36.201) - mailcious
3.5.25.172
|
1
ET INFO Observed DNS Query to .biz TLD
|
|
5.2 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8682 |
2023-09-13 17:24
|
 z9lupld56bdv.exe 2c7463cfe3d7089951dde9eccdf037bf
UPX Malicious Library PWS SMTP AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound)
ET MALWARE Redline Stealer Activity (Response)
|
|
11.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8683 |
2023-09-13 17:06
|
 Setup_pass1234.zip d6333d9f2326da7b78144d52fa20a05c
PrivateLoader Stealc Amadey ZIP Format RedLine Malware download Amadey Dridex Malware c&c Microsoft Telegram Malicious Traffic ICMP traffic suspicious TLD IP Check PrivateLoader Tofsee Lumma Stealc Stealer Windows Browser RisePro Trojan DNS Downloader |
48
http://45.9.74.80/opaa37.exe
http://hugersi.com/dl/6523.exe - rule_id: 32660
http://87.121.221.58/g.exe - rule_id: 35764
http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911
http://worldtopnews.fun/
http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe - rule_id: 36358
http://colisumy.com/dl/build2.exe - rule_id: 31026
http://45.9.74.80/super.exe - rule_id: 36063
http://45.15.156.229/api/tracemap.php - rule_id: 33783
http://5.42.92.211/loghub/master - rule_id: 36282
http://ji.alie3ksgbb.com/m/ela205.exe - rule_id: 36360
http://45.15.156.229/api/firegate.php - rule_id: 36052
http://zexeq.com/files/1/build3.exe - rule_id: 27913
http://116.203.7.16/7b01483643983171e949f923c5bc80e7
http://45.9.74.80/31839b57a4f11171d6abc8bbc4451ee4.exe - rule_id: 36201
http://116.203.7.16/
http://94.142.138.131/api/firegate.php - rule_id: 32650
http://charlesjones.top/e9c345fc99a4e67e.php - rule_id: 36283
http://77.91.68.238/love/no230.exe - rule_id: 36359
http://94.142.138.131/api/tracemap.php - rule_id: 28311
http://45.9.74.80/0bjdn2Z/index.php - rule_id: 26790
http://116.203.7.16/htdocs.zip
http://171.22.28.208/download/Services.exe
http://worldtopnews.fun/login
http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=LHNMv561Ao9oyPaxqTAOF0Ae.exe&platform=0009&osver=5&isServer=0
http://176.113.115.84:8080/4.php - rule_id: 34795
http://45.9.74.80/ummaa.exe - rule_id: 36186
http://apps.identrust.com/roots/dstrootcax3.p7c
http://45.9.74.80/toolspub2.exe - rule_id: 36066
http://worldtopnews.fun/c2conf
http://williecampbell.top/calc2.exe - rule_id: 36362
https://sun6-23.userapi.com/c909328/u44017378/docs/d42/899872c35d72/BottClient.bmp?extra=7B_OrPq1kMJpKpU7Rrq-3WvxeXHPEz4A_JiKNweZAEbH6C3hrq8WC9Y6uww1t8xYlzYqcYdsDkXyICD53rigA_siFPMJTJC5COTUew0WnhO42M6ssRQgNTvC-a6uLFX3tMHI9cyZu49a-5Yt
https://db-ip.com/demo/home.php?s=175.208.134.152
https://sun6-23.userapi.com/c909218/u17799268/docs/d56/c3e409803ba2/deluxe_crypted.bmp?extra=GRXXFXl5hs6qKc2oTNeNbZabyhRErvV9i7w4yu2Mor6fdrgHIzKkCogIMG6LyZkta06QOXjobPsItw5FUV_MCjbxh9Ezbijg7-6iXGOD57ERI0MdAdzyAYqyWSfRh7JIr3kt-a20Yh6GOLqB
https://sun6-21.userapi.com/c236331/u44017378/docs/d17/0cb048202b81/test2.bmp?extra=1Z4SkXT15ewB-UA3sFqN7g8-pGRPBmHUxDc7mOUzzckJf0vnNywnckSgPgETcI68TPa1hHTz6venXZc0d25yILYNDtXVUYrb671M_1Q5gngn8dxEey7xbFXNAr9MzoXeWv8HqjRyqYSShMt7
https://steamcommunity.com/profiles/76561199550790047
https://preconcert.pw/setup294.exe - rule_id: 36162
https://sun6-20.userapi.com/c909628/u17799268/docs/d42/394ac12e1f34/asca1ex.bmp?extra=Nn4hYr7tnXNZZ7LDLvbU1rSSLUXCn-M157dB_N2zZbvxIJXU-s2CkT9fJsNnQ-wJKfLwlR45wy_ednBtypvZDvnn-i5cAyOHtd9nGm_2XJBLZcbe78raXMo9Yfh0VU3s7QrB7fG0cfxAPlvA
https://vk.com/doc17799268_667301259?hash=mz2nLKvo6dt1uE06v4jRORCgXO1tbK1pSlJhEfMFJco&dl=vkt89M90dzWpJZ9hvFWUTeZuZHqaxeSpP8mP7ffY8Z0&api=1&no_preview=1
https://api.myip.com/
https://sun6-23.userapi.com/c235131/u44017378/docs/d30/967fe3fc2ef3/RisePro_0_6.bmp?extra=fCMNoFyOc7enNdFTnnGhjJ9jovfZ0mMROPwFREaAqWboltaIPZdcP_dIqrizV6yOjKq30uHvRMolq-F_2Hpyxg0TezcFJ8SSm0bMWdfNeg7hd0DvCAOl6OyNPRiOzrjGNYBVqtSlXKW8w2lx
https://vk.com/doc17799268_667305233?hash=IwZ8VZSm1R6poDSVmCjMBWvPwtTOZjN00hLIt20AnZP&dl=X47BBpvy39XAmpGvpAPzZxZ3QV8ZssYZktFDfFk2wpg&api=1&no_preview=1#cryp
https://sun6-21.userapi.com/c235131/u17799268/docs/d34/20a2f6c4d3f4/d3232adg.bmp?extra=suUcIL34C8tZuA415Q8lnsWylAKtf3SORQHWwTtRCAhor9Xh31vJ6M2BmK67YddRXGwiLAW0jvq_FoA4Id_CzGfizeXTtd7lsFd1NrUnyhtFzoxZ9_XyQPBa1ZY9ol22CvDvWfKJysaOOqpn
https://sun6-23.userapi.com/c240331/u44017378/docs/d9/fa52acca0a25/PL_Client.bmp?extra=Gtk0NulK_t0Vg_w76xxYbYgKgQDrBcgCJoJgl3o3wL4Soyf9yXoN4y9JRWHxgfaYJkwVs046jyfvzE55PAyXiea2WR-q86s-1lM-sAnMQ1mOToUwfIvm5gd_Npnk_8d9vqhFfiSPARmxkQGX
https://vk.com/doc17799268_667311648?hash=s3oUYZKI5aNSuInKy4BDLkFtjdygeDOMqfkbCpHaJtT&dl=3IzXh7BEz71lxp7j7y0p9JlCZth8IcFgVjQw3D577ks&api=1&no_preview=1#as
https://transfer.sh/get/uTWorMyudp/hgjjhlkgkl.exe
https://vk.com/doc17799268_667281004?hash=xOqcu1ZGarivubW5PP3sEBGynm7PLhU3P4kzSjNpUgz&dl=BDGaIhRFJdbZh0HkjSHVN3oPAh2dusZaaZGmKdcx4h8&api=1&no_preview=1#1
https://sun6-20.userapi.com/c237331/u17799268/docs/d32/20d06de2d171/crypted.bmp?extra=Ix6P6PHPTaU-Y3IcBr-4XYzVARL6dIIfwVgGD1PgAHnQ8YE8I6mxpzvBb8ZC-5spd3ReZ1Yx-dQbztud3MKZLNEYdKKzb49L34FiqbZHziCi8D6pAzz-wEYZ9qJs6eJrhDDttVXq_XHjBjXh
|
70
worldtopnews.fun(172.67.133.72)
db-ip.com(172.67.75.166)
agsnv.com(181.214.31.34) - malware
vanaheim.cn(185.39.205.39) - mailcious
t.me(149.154.167.99) - mailcious
ipinfo.io(34.117.59.81)
sun6-23.userapi.com(95.142.206.3)
preconcert.pw(172.67.197.101) - malware
charlesjones.top(51.250.21.16) - mailcious
zexeq.com(175.119.10.231) - malware
learn.microsoft.com(104.75.33.236)
api.2ip.ua(162.0.217.254)
steamcommunity.com(184.50.42.33) - mailcious
iplogger.org(148.251.234.83) - mailcious
z.nnnaajjjgc.com(156.236.72.121) - malware
sun6-20.userapi.com(95.142.206.0) - mailcious
sun6-21.userapi.com(95.142.206.1) - mailcious
ji.alie3ksgbb.com(172.67.200.102) - mailcious
bitbucket.org(104.192.141.1) - malware
230907161118223.nmr.xrm42.top(94.156.35.76) - malware
williecampbell.top(51.250.21.16) - malware
transfer.sh(144.76.136.153) - malware
colisumy.com(189.186.80.218) - malware
iplis.ru(148.251.234.93) - mailcious
hugersi.com(91.215.85.147) - malware
vk.com(87.240.132.78) - mailcious
api.myip.com(172.67.75.163)
148.251.234.93 - mailcious
194.169.175.128 - mailcious
181.214.31.34 - malware
104.192.141.1 - mailcious
91.215.85.147 - malware
77.91.68.238 - malware
104.26.5.15
184.50.42.33
104.21.13.218
5.42.92.211 - mailcious
149.154.167.99 - mailcious
45.9.74.80 - malware
185.39.205.39
95.142.206.1 - mailcious
51.38.95.107
94.156.35.76 - malware
87.240.132.78 - mailcious
23.67.53.27
171.22.28.208
162.0.217.254
176.113.115.84 - mailcious
148.251.234.83
104.26.8.59
104.21.90.117 - malware
51.250.21.16 - malware
104.21.84.222 - malware
34.117.59.81
94.142.138.131 - mailcious
144.76.136.153 - mailcious
185.225.73.32 - mailcious
156.236.72.121 - mailcious
45.15.156.229 - mailcious
201.124.224.61
95.142.206.3
116.203.7.16
182.162.106.33 - malware
95.142.206.0 - mailcious
184.30.187.53
31.41.244.27 - mailcious
87.121.221.58 - malware
211.181.24.133
87.240.132.72 - mailcious
104.75.33.236
|
57
ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET)
SURICATA Applayer Mismatch protocol both directions
ET DNS Query to a *.pw domain - Likely Hostile
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING Suspicious services.exe in URI
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET INFO HTTP Request to a *.top domain
ET DNS Query to a *.top domain - Likely Hostile
ET DROP Spamhaus DROP Listed Traffic Inbound group 19
ET MALWARE Single char EXE direct download likely trojan (multiple families)
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO TLS Handshake Failure
ET DROP Spamhaus DROP Listed Traffic Inbound group 7
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET INFO EXE - Served Attached HTTP
ET HUNTING Possible EXE Download From Suspicious TLD
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)
ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST)
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Configuration Request Attempt
ET POLICY External IP Address Lookup DNS Query (2ip .ua)
ET POLICY IP Check Domain (iplogger .org in DNS Lookup)
ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)
ET POLICY IP Check Domain (iplogger .org in TLS SNI)
ET DROP Spamhaus DROP Listed Traffic Inbound group 1
ET MALWARE Redline Stealer Activity (Response)
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key
ET INFO Observed Telegram Domain (t .me in TLS SNI)
ET MALWARE Win32/Filecoder.STOP Variant Public Key Download
ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
ET MALWARE Win32/Vodkagats Loader Requesting Payload
ET INFO Dotted Quad Host ZIP Request
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound)
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)
ET INFO Packed Executable Download
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh)
ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup)
ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)
ET POLICY Observed File Transfer Service SSL/TLS Certificate (transfer .sh)
SURICATA HTTP unable to match response to request
|
22
http://hugersi.com/dl/6523.exe
http://87.121.221.58/g.exe
http://zexeq.com/test2/get.php
http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe
http://colisumy.com/dl/build2.exe
http://45.9.74.80/super.exe
http://45.15.156.229/api/tracemap.php
http://5.42.92.211/loghub/master
http://ji.alie3ksgbb.com/m/ela205.exe
http://45.15.156.229/api/firegate.php
http://zexeq.com/files/1/build3.exe
http://45.9.74.80/31839b57a4f11171d6abc8bbc4451ee4.exe
http://94.142.138.131/api/firegate.php
http://charlesjones.top/e9c345fc99a4e67e.php
http://77.91.68.238/love/no230.exe
http://94.142.138.131/api/tracemap.php
http://45.9.74.80/0bjdn2Z/index.php
http://176.113.115.84:8080/4.php
http://45.9.74.80/ummaa.exe
http://45.9.74.80/toolspub2.exe
http://williecampbell.top/calc2.exe
https://preconcert.pw/setup294.exe
|
5.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8684 |
2023-09-13 15:41
|
 snake.exe a338043c6b5260df6b7ce4c4ec3d1b80
WhiteSnakeStealer Downloader .NET framework(MSIL) Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW Ransomware Windows ComputerName |
|
|
|
|
7.6 |
|
55 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8685 |
2023-09-13 14:05
|
KOREAN~1.LNK eaa5aa78668cfe6e6194fce6f2358ca8
Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.0 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|