8686 |
2023-11-29 14:30
|
supstrim.exe eace63ea1948f012941dd4a9b3ac3c94 AntiDebug AntiVM PE File PE64 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
7.8 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8687 |
2023-11-29 14:30
|
microsoftdeletedEdgehistorycac... 45cc2f78479e7eb29a063a5034a962c5 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed |
18
http://23.95.235.10/210/wlanext.exe
http://www.brucesalyers.com/qbnf/
http://www.luciengeorge.com/qbnf/
http://www.saudiarabia-invest.com/qbnf/
http://www.vaultedjewelry.com/qbnf/?i09Z8uP_=rgPWpHOmxKlSe7EHONYdVBrmOnLu4eF6eOSzvd7TZo3R3Fo4Dd2XRg3DbQYqSiNd5R8WYW2HfYo1oy4LJvVB6tvZDWfBfjfjeCKWam8=&pq4=B_bUHOuV
http://www.brightpathtechgroups.top/qbnf/
http://www.vaultedjewelry.com/qbnf/
http://www.saudiarabia-invest.com/qbnf/?i09Z8uP_=TQw86TlhZOZGhyrotGnGA9O38tw4CjcNLRp/p2VP3ufYpIvUmIv9kKzVdrLDClRgTF6URTvKEK1oO5gHY3jB8uOZGTzekB90rbc1k/w=&pq4=B_bUHOuV
http://www.mr-u-taste.com/qbnf/
http://www.infinite-7.com/qbnf/
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
http://www.brucesalyers.com/qbnf/?i09Z8uP_=pOaW0U2I6Oim8KKUbDqJDQhYI0+jOGca0ZkB2ClPUoj3GtGVG9J/gqWS9Mz6XkgBxNiuWxxBos74OtAK1fVYBccuSwjN1UL6AWuKPcU=&pq4=B_bUHOuV
http://www.luciengeorge.com/qbnf/?i09Z8uP_=0c7pTBUgqi7uIFOYjbT3SYstx1V9f1GJj9bVxgDbtFRASgICtVyP8zh8VQdSKB3ZTDJ9NwSYp2xAsrB2eli3KEKVX/ICehpktcwDvSA=&pq4=B_bUHOuV
http://www.54c7pv.top/qbnf/
http://www.brightpathtechgroups.top/qbnf/?i09Z8uP_=/XY8b2QuaMdFC0XpCgsh4GNYF4+K1Jee0ur1wuthWP34gEpbfUtO61S+Wmzh4wGYwfcaHPs6UkqbWuaiX2goUA52btrwqIRWjk6Aczs=&pq4=B_bUHOuV
http://www.54c7pv.top/qbnf/?i09Z8uP_=R40TEU5sRsOQoxxitOES9+hMTVh8b1wg2WgWpjzQt3scLF2RQpMS0y827zix4QRv7SCVfpbDXNdzS1tGlHHYZLiaPpoCE6jYgQr1YbY=&pq4=B_bUHOuV
http://www.infinite-7.com/qbnf/?i09Z8uP_=+6BF5kLU84F0bZC4snN7O//5RGhAAZcl02SXjZ/C8WDlleVZNjPdMeMs0Bth8cY5eBWoVtOkuOGyDcUeP7JOiDQXP7lXIFXFwa8Se1E=&pq4=B_bUHOuV
http://www.mr-u-taste.com/qbnf/?i09Z8uP_=mGR7ZmLmEt9yNzhj107em99ZnYgpgTedSLqstOtysWtmmDPutWYGQHPP7A/bNBdhcJI+eHBY4GrszbL+CPnGOgwl8ziMxMmXJyanig0=&pq4=B_bUHOuV
|
18
www.brucesalyers.com(91.195.240.117)
www.saudiarabia-invest.com(81.169.145.74)
www.charlotte-usa.site()
www.vaultedjewelry.com(91.195.240.19)
www.luciengeorge.com(108.128.72.146)
www.brightpathtechgroups.top(198.177.123.106)
www.infinite-7.com(91.195.240.19)
www.54c7pv.top(154.91.180.241) - mailcious
www.mr-u-taste.com(202.91.248.226) 91.195.240.19 - mailcious
202.91.248.226
91.195.240.117 - mailcious
81.169.145.74 - mailcious
154.91.180.241 - mailcious
198.177.123.106
23.95.235.10 - malware
108.128.72.146
45.33.6.223
|
7
ET INFO HTTP Request to a *.top domain ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET DNS Query to a *.top domain - Likely Hostile
|
|
4.8 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8688 |
2023-11-29 14:28
|
O.ini 15909167c6a125757e0a931c7c486269 Emotet AgentTesla Malicious Library Malicious Packer UPX PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
2
api.ipify.org(104.237.62.212) 173.231.16.77
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8689 |
2023-11-29 14:26
|
strim.exe 0d1e3266a1bc3b62f0523e10b5170337 PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8690 |
2023-11-29 14:24
|
Klkypmnqw.exe 6c9f3e248382f389d17d308ad5350d6d AntiDebug AntiVM PE File PE64 .NET EXE VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
8.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8691 |
2023-11-29 14:23
|
microsoftEdgedeletedentirehist... ad19c30e8fc0f89004a1f960b477707f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Exploit DNS crashed |
1
http://107.173.229.146/175/wlanext.exe
|
1
107.173.229.146 - malware
|
1
ET INFO Executable Download from dotted-quad Host
|
|
4.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8692 |
2023-11-29 11:27
|
wlanext.exe eb951bc883b87a58ffa82ab793d7e4b0 .NET framework(MSIL) PWS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder suspicious TLD Browser ComputerName DNS |
22
http://www.infinite-7.com/qbnf/?1qPpHsU-=+6BF5kLU84F0bZC4snN7O//5RGhAAZcl02SXjZ/C8WDlleVZNjPdMeMs0Bth8cY5eBWoVtOkuOGyDcUeP7JOiDQXP7lXIFXFwa8Se1E=&4wJ=L5inFf0cTItD http://www.brightpathtechgroups.top/qbnf/ http://www.54c7pv.top/qbnf/?1qPpHsU-=R40TEU5sRsOQoxxitOES9+hMTVh8b1wg2WgWpjzQt3scLF2RQpMS0y827zix4QRv7SCVfpbDXNdzS1tGlHHYZLiaPpoCE6jYgQr1YbY=&4wJ=L5inFf0cTItD http://www.saudiarabia-invest.com/qbnf/?1qPpHsU-=TQw86TlhZOZGhyrotGnGA9O38tw4CjcNLRp/p2VP3ufYpIvUmIv9kKzVdrLDClRgTF6URTvKEK1oO5gHY3jB8uOZGTzekB90rbc1k/w=&4wJ=L5inFf0cTItD http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip http://www.swiftricz.com/qbnf/ http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip http://www.mr-u-taste.com/qbnf/ http://www.brightpathtechgroups.top/qbnf/?1qPpHsU-=/XY8b2QuaMdFC0XpCgsh4GNYF4+K1Jee0ur1wuthWP34gEpbfUtO61S+Wmzh4wGYwfcaHPs6UkqbWuaiX2goUA52btrwqIRWjk6Aczs=&4wJ=L5inFf0cTItD http://www.vaultedjewelry.com/qbnf/?1qPpHsU-=rgPWpHOmxKlSe7EHONYdVBrmOnLu4eF6eOSzvd7TZo3R3Fo4Dd2XRg3DbQYqSiNd5R8WYW2HfYo1oy4LJvVB6tvZDWfBfjfjeCKWam8=&4wJ=L5inFf0cTItD http://www.brucesalyers.com/qbnf/ http://www.sqlite.org/2016/sqlite-dll-win32-x86-3110000.zip http://www.luciengeorge.com/qbnf/?1qPpHsU-=0c7pTBUgqi7uIFOYjbT3SYstx1V9f1GJj9bVxgDbtFRASgICtVyP8zh8VQdSKB3ZTDJ9NwSYp2xAsrB2eli3KEKVX/ICehpktcwDvSA=&4wJ=L5inFf0cTItD http://www.vaultedjewelry.com/qbnf/ http://www.brucesalyers.com/qbnf/?1qPpHsU-=pOaW0U2I6Oim8KKUbDqJDQhYI0+jOGca0ZkB2ClPUoj3GtGVG9J/gqWS9Mz6XkgBxNiuWxxBos74OtAK1fVYBccuSwjN1UL6AWuKPcU=&4wJ=L5inFf0cTItD http://www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip http://www.luciengeorge.com/qbnf/ http://www.saudiarabia-invest.com/qbnf/ http://www.54c7pv.top/qbnf/ http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip http://www.mr-u-taste.com/qbnf/?1qPpHsU-=mGR7ZmLmEt9yNzhj107em99ZnYgpgTedSLqstOtysWtmmDPutWYGQHPP7A/bNBdhcJI+eHBY4GrszbL+CPnGOgwl8ziMxMmXJyanig0=&4wJ=L5inFf0cTItD http://www.infinite-7.com/qbnf/
|
18
www.brucesalyers.com(91.195.240.117) www.luciengeorge.com(54.73.26.109) www.charlotte-usa.site() www.saudiarabia-invest.com(81.169.145.74) www.vaultedjewelry.com(91.195.240.19) www.swiftricz.com(91.195.240.117) www.brightpathtechgroups.top(198.177.123.106) www.infinite-7.com(91.195.240.19) www.54c7pv.top(154.91.180.241) - mailcious www.mr-u-taste.com(202.91.248.226) 91.195.240.19 - mailcious 202.91.248.226 81.169.145.74 - mailcious 154.91.180.241 - mailcious 54.73.26.109 198.177.123.106 91.195.240.117 - mailcious 45.33.6.223
|
2
ET DNS Query to a *.top domain - Likely Hostile ET INFO HTTP Request to a *.top domain
|
|
11.2 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8693 |
2023-11-29 11:25
|
build.exe 69a2817a41b97ee8f1917646723312bf Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself |
|
|
|
|
2.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8694 |
2023-11-29 11:25
|
wlanext.exe 09b88ab4bf59c36094bafec7a32bafed Formbook .NET framework(MSIL) PWS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder Browser ComputerName DNS |
16
http://www.brls.money/zqco/?8E8fDE=kJJUs3T9xo/faco/szFu0NbjBV/XWn0UwEs2UTEFdB9bg8qGS48Zihll1h6n106FVzSgHW/cbGOli2i8W1uBzVY1OSvzf5lm+SHpTzw=&VYr=gIPPDnH2f7x - rule_id: 38345 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip http://www.54c7pv.top/zqco/?8E8fDE=XV3W3W1bHvM399Du4uoMZ6VmM7juBhQ9XL1FfmdLfANGdpYh3tpg4K62NhqwFVpBYKsURc+EQi3NVVDNf+vTi2grpbzFJu9fs/bFcso=&VYr=gIPPDnH2f7x - rule_id: 38344 http://www.zz23xw.top/zqco/?8E8fDE=VoRUmMaSMr2kGXzG8DGzs0cy5P6qw2FvfeSWrzBmFVf4r1pcQgw7LosabWMBXohSSG87M+jYFIXYlgYqysxLRuA79T8FIpBWYkRSO2Y=&VYr=gIPPDnH2f7x - rule_id: 38337 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip http://www.ofupakoshi.com/zqco/?8E8fDE=oR8rxthcq91bDeb9vmLMA5uA0V6TVpHsZzEUlFltfnhRD4eEP3S8Ru2FP+uQ72DlNChyjz/yveiA7oMKQr7r0mPigqg1fcYUoRyODkg=&VYr=gIPPDnH2f7x - rule_id: 38341 http://www.ezus.life/zqco/?8E8fDE=u471bzHmixRgx8jG34/3521QRSoafTDA19WcHl++OFLBIVcH0DdbJeLxOpVlrYL99BmDVXWg0zcKhLFxNQar41PBegN+NBU9NC/0Y9c=&VYr=gIPPDnH2f7x - rule_id: 38339 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip http://www.speedbikesglobal.com/zqco/?8E8fDE=9kePTKggf4eP6/DCGbsdghdg+/LhYxsxm+U+B1ESzIz+TmizgBdCe1eXOmqUrZ0x2YkFTu0erOvA47Ha2c+EVc4yEgJLqy1Od5EFPsA=&VYr=gIPPDnH2f7x - rule_id: 38340 http://www.velvet-key-properties.top/zqco/?8E8fDE=3cujheEXCxTSONvEGgHYK3Ro6UrcWljFRITPND+osZObjxCf4likA3rqCl3sr+p4oSCTpecI3ocHZbRBmm9rhynO4PrZ/611WMrx7zI=&VYr=gIPPDnH2f7x - rule_id: 38342 http://www.stprov.biz/zqco/?8E8fDE=ogfkNg/1tCd9W0WeOmHDQCOqLPOGwiuWSgR6FQ2+VD8GhLug2Ctv0H3GE0eldR7xC4dFHEP3Eqt1pFBXCYATF7XInOdNSl+LOLADaFA=&VYr=gIPPDnH2f7x - rule_id: 38346 http://www.wearehydrant.com/zqco/?8E8fDE=yN+4vjoTZa2+2rQfpO28lQWMu+aZ3T74Wrnr375QTRpmINRbNSsldLaHn5rMvgmgz4hpMiEXqXqPXNl5+v6fM5IMtXKekPO/Z+VSq9A=&VYr=gIPPDnH2f7x - rule_id: 38343 http://www.oneillspubs.com/zqco/?8E8fDE=XdRd7IBdWEpb/jCY/gch7kg+lw27Z26x+D3ieONLL7CY8BddAHnhXbvHyElLQzrirdgR+wn8qaFBYv6gfz4EEy7O0ffUbALIB58FlQs=&VYr=gIPPDnH2f7x - rule_id: 38338 http://www.talknconvert.com/zqco/?8E8fDE=+y3ZRElHCLe7jmdKMp2JFPlUK9YT5bvGGHfUVKPtd2bXz9pNtTUvPUI0E2mMKKDMK40SLr9h4U0bLKuGzmPR68kee6xzU8cXih09j6g=&VYr=gIPPDnH2f7x - rule_id: 38336 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.talknconvert.com/zqco/ - rule_id: 38336
|
24
www.ofupakoshi.com(118.27.125.154) - mailcious www.talknconvert.com(34.120.137.41) - mailcious www.velvet-key-properties.top(162.0.222.119) - mailcious www.cardsfinanse.online() - mailcious www.brls.money(76.76.21.164) - mailcious www.wearehydrant.com(216.40.34.41) - mailcious www.oneillspubs.com(199.59.243.225) - mailcious www.stprov.biz(208.91.197.132) - mailcious www.speedbikesglobal.com(207.244.126.150) - mailcious www.zz23xw.top(198.44.187.121) - mailcious www.54c7pv.top(154.91.180.241) - mailcious www.ezus.life(34.96.147.60) - mailcious 34.96.147.60 - mailcious 198.44.187.121 - mailcious 207.244.126.150 - mailcious 154.91.180.241 - mailcious 199.59.243.225 - mailcious 216.40.34.41 - mailcious 45.33.6.223 208.91.197.132 - mailcious 34.120.137.41 - mailcious 118.27.125.154 - mailcious 76.76.21.98 - mailcious 162.0.222.119 - mailcious
|
5
ET DNS Query to a *.top domain - Likely Hostile ET INFO HTTP Request to a *.top domain ET INFO Observed DNS Query to .biz TLD ET INFO HTTP Request to Suspicious *.life Domain ET INFO Observed DNS Query to .life TLD
|
12
http://www.brls.money/zqco/ http://www.54c7pv.top/zqco/ http://www.zz23xw.top/zqco/ http://www.ofupakoshi.com/zqco/ http://www.ezus.life/zqco/ http://www.speedbikesglobal.com/zqco/ http://www.velvet-key-properties.top/zqco/ http://www.stprov.biz/zqco/ http://www.wearehydrant.com/zqco/ http://www.oneillspubs.com/zqco/ http://www.talknconvert.com/zqco/ http://www.talknconvert.com/zqco/
|
10.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8695 |
2023-11-29 11:23
|
wininit.exe 8ec1ce0895188a09e0f43d999cf34cac PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.6 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8696 |
2023-11-29 11:21
|
kung.exe 2b1319e5ae1ed2c33f766c482d2b68e2 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
3.2 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8697 |
2023-11-29 11:19
|
build.exe d013d961e6b71c1d844589c7efef0f36 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself |
|
|
|
|
2.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8698 |
2023-11-29 00:11
|
.rels 69984e911a8e36d7f6eab75bf36c6d01 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8699 |
2023-11-29 00:10
|
.rels 69984e911a8e36d7f6eab75bf36c6d01 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8700 |
2023-11-29 00:10
|
[Content_Types].xml 10720bd1e11273d47d78cc6f2d215894 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
|
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|