8701 |
2021-06-08 20:13
|
http://regalosfreaks.blogspot.... d808b4bbb918207dd54b242b2339afec AgentTesla CoinHive Cryptocurrency Http API Internet API ScreenShot DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Steal credential Downloader P2P persistence AntiDebug AntiVM PNG Format JPE VirusTotal Malware Code Injection heapspray Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
86
http://regalosfreaks.blogspot.com/2012/12/sable-laser-de-anakin-skywalker-con.html http://4.bp.blogspot.com/-uDFM1qVRXq0/UOsC8wSEXNI/AAAAAAAADy0/EOpZ5qSl1mU/w72-h72-p-k-no-nu/Pack+Completo+Friends.jpg http://translate.googleapis.com/element/TE_20210503_00/e/js/element/element_main.js http://www.tqlkg.com/if116o26v0zKRPPLTPTKMLOROORN http://rcm-eu.amazon-adsystem.com/e/cm?t=regalosfreaks-21&o=30&p=42&l=ur1&category=amazon_es&banner=0R3J1Y4B94F3QYQB7VR2&f=ifr http://regalosfreaks.blogspot.com/favicon.ico http://rcm-eu.amazon-adsystem.com/e/cm?t=regalosfreaks-21&o=30&p=11&l=ur1&category=generico&banner=1HWYNRB8SN6CQ3VANYG2&f=ifr http://www.yceml.net/0589/10782285-1571238489933 http://translate.googleapis.com/translate_static/js/element/main_ko.js http://track.webgains.com/link.html?wglinkid=66911&wgcampaignid=127033&js=0 http://2.bp.blogspot.com/-XHbl-XvHCxI/ULRLWMjeXoI/AAAAAAAACzE/dMnUHfJWhpE/w72-h72-p-k-no-nu/Fraggle+Rock+-+Peluche+Matt.jpg http://track.webgains.com/link.html?wglinkid=201293&wgcampaignid=127033 http://3.bp.blogspot.com/-9B4mlAETTLg/UN8XtCe4OwI/AAAAAAAADYI/PX7EE3w_CE4/w72-h72-p-k-no-nu/Big+Bang+Theory+Cabezones+Pack.jpg http://4.bp.blogspot.com/-PGjaJ8a4p3Y/UMY_-UsVBRI/AAAAAAAADGA/uwwflgTsig4/w72-h72-p-k-no-nu/Darksiders+Replica+ChaosEater.jpg http://contadores.miarroba.es/ver.php?id=668184 http://1.bp.blogspot.com/-FO23MXFAcVY/UNHuslTEzDI/AAAAAAAADNk/sq2dfI1DGaw/w72-h72-p-k-no-nu/Futurama+Gorros.jpg http://pagead2.googlesyndication.com/pagead/js/google_top_exp.js http://4.bp.blogspot.com/-3KkqiCraQPM/UHRczqY0xYI/AAAAAAAAB4c/KRGz6p5dngU/w72-h72-p-k-no-nu/Busto+Spiderman+Zombie.jpg http://platform.twitter.com/widgets.js http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit http://fonts.gstatic.com/s/play/v12/6aez4K2oVqwIvtU2Gw.eot http://www.linkwithin.com/pixel.png http://track.webgains.com/link.html?wglinkid=185916&wgcampaignid=127033 http://3.bp.blogspot.com/-k_qBTbsvAzM/UMJQMv_XYTI/AAAAAAAADBQ/56lqTThDv1U/s320/Star+Wars+Espada+Anakin+Skywalker+Con+Hoja+Extra%C3%ADble.jpg http://translate.googleapis.com/translate_static/css/translateelement.css http://www.yceml.net/0482/10363362-1602900629265 http://3.bp.blogspot.com/--K7q8enmwJw/UMc_cWHStAI/AAAAAAAADI8/N-iG1c6RsIQ/w72-h72-p-k-no-nu/Hulk+Marvel+Select+Figura.jpg http://4.bp.blogspot.com/-FuCHHEKmJnA/UN8mtRNZxaI/AAAAAAAADag/Gbp34bRp7fQ/w72-h72-p-k-no-nu/Dragon+Ball+Z+-+Figura+Articulada+SonGoku+SuperSaiyan.jpg http://www.awltovhc.com/1a107r6Az42OVTTPXTXOQPWXRRXU http://www.linkwithin.com/widget.js http://1.bp.blogspot.com/-4sfU6WuB5A4/TkmSvzgV1GI/AAAAAAAAAVM/55OaLN4L-es/s1600/facebook_argim.jpg https://resources.blogblog.com/img/navbar/icons_peach.png https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://www.blogger.com/static/v1/jsbin/1114208092-comment_from_post_iframe.js https://rcm-eu.amazon-adsystem.com/e/cm?t=regalosfreaks-21&o=30&p=42&l=ur1&category=amazon_es&banner=0R3J1Y4B94F3QYQB7VR2&f=ifr https://resources.blogblog.com/img/icon_feed12.png https://images-eu.ssl-images-amazon.com/images/G/30/associates/mariti/banner/uk_associates_14-07-2015_amazon-logo_de-assoc_3_234x60.jpg https://www.blogger.com/static/v1/widgets/1147971663-widgets.js https://apis.google.com/js/platform:gapi.iframes.style.common.js https://fls-eu.amazon-adsystem.com/1/associates-ads/1/OP/?cb=1623150087682&p=%7B%22program%22%3A%2230%22%2C%22tag%22%3A%22regalosfreaks-21%22%2C%22linkCode%22%3A%22ur1%22%2C%22refUrl%22%3A%22http%3A%2F%2Fregalosfreaks.blogspot.com%2F2012%2F12%2Fsable-laser-de-anakin-skywalker-con.html%22%2C%22panda%22%3Atrue%7D https://resources.blogblog.com/img/widgets/arrow_dropdown.gif https://fls-eu.amazon-adsystem.com/1/associates-ads/1/OP/?cb=1623150078052&p=%7B%22program%22%3A%2230%22%2C%22tag%22%3A%22regalosfreaks-21%22%2C%22linkCode%22%3A%22ur1%22%2C%22refUrl%22%3A%22http%3A%2F%2Fregalosfreaks.blogspot.com%2F2012%2F12%2Fsable-laser-de-anakin-skywalker-con.html%22%2C%22panda%22%3Atrue%7D https://contadores.miarroba.com/ver.php?id=668184 https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D9109980527255485708%26postID%3D4647081066964754927%26blogspotRpcToken%3D1963275%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D9109980527255485708%26postID%3D4647081066964754927%26blogspotRpcToken%3D1963275%26bpli%3D1&passive=true&go=true https://www.google.com/js/bg/FfCPi2TMnNz6Sf8yzawZ-WtZthvCzb7ioWpphmPTQrs.js https://www.blogger.com/img/share_buttons_20_3.png https://ws-eu.assoc-amazon.com/widgets/cm?t=regalosfreaks-21&o=30&p=42&l=ur1&category=amazon_es&banner=0R3J1Y4B94F3QYQB7VR2&f=ifr https://www.blogger.com/comment-iframe.g?blogID=9109980527255485708&postID=4647081066964754927&blogspotRpcToken=1963275 https://resources.blogblog.com/img/anon36.png https://www.blogger.com/static/v1/jsbin/2624012622-lbx__es.js https://rcm-eu.amazon-adsystem.com/e/cm?t=regalosfreaks-21&o=30&p=11&l=ur1&category=generico&banner=1HWYNRB8SN6CQ3VANYG2&f=ifr https://images-eu.ssl-images-amazon.com/images/G/30/associates/mariti/banner/ES_Assoc_Generic_120x600.jpg https://fls-eu.amazon-adsystem.com/1/associates-ads/1/OP/?cb=1623150089682&p=%7B%22program%22%3A%2230%22%2C%22tag%22%3A%22regalosfreaks-21%22%2C%22linkCode%22%3A%22ur1%22%2C%22refUrl%22%3A%22http%3A%2F%2Fregalosfreaks.blogspot.com%2F2012%2F12%2Fsable-laser-de-anakin-skywalker-con.html%22%2C%22panda%22%3Atrue%7D https://resources.blogblog.com/img/widgets/s_bottom.png https://apis.google.com/js/plusone.js https://resources.blogblog.com/img/blank.gif https://fls-eu.amazon-adsystem.com/1/associates-ads/1/OP/r/json?cb=1623150083514&logType=banner_impressions&p=%7B%22mobile_supported%22%3A%22true%22%2C%22action%22%3A%22onload%22%2C%22adunit_type%22%3A%22banners%22%2C%22adunit_properties%22%3A%7B%22height%22%3A%22%24%7Bheight%7D%22%2C%22width%22%3A%22%24%7Bwidth%7D%22%2C%22category%22%3A%22%24%7Bcampaigns%7D%22%2C%22marketplace%22%3A%22amazon%22%2C%22link_id%22%3A%22%24%7Blinkid%7D%22%2C%22region%22%3A%22ES%22%7D%2C%22logType%22%3A%22banner_impressions%22%7D https://fls-eu.amazon-adsystem.com/1/associates-ads/1/OP/r/json?cb=1623150087682&logType=banner_impressions&p=%7B%22mobile_supported%22%3A%22true%22%2C%22action%22%3A%22onload%22%2C%22adunit_type%22%3A%22banners%22%2C%22adunit_properties%22%3A%7B%22height%22%3A%22%24%7Bheight%7D%22%2C%22width%22%3A%22%24%7Bwidth%7D%22%2C%22category%22%3A%22%24%7Bcampaigns%7D%22%2C%22marketplace%22%3A%22amazon%22%2C%22link_id%22%3A%22%24%7Blinkid%7D%22%2C%22region%22%3A%22ES%22%7D%2C%22logType%22%3A%22banner_impressions%22%7D https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/followers.g?blogID%3D9109980527255485708%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMyMjIyMjIiByMyMjg4YmIqByNmZmZmZmYyByMwMDAwMDA6ByMyMjIyMjJCByMyMjg4YmJKByM5OTk5OTlSByMyMjg4YmJaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D4647081066964754927%26origin%3Dhttp://regalosfreaks.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/apps-static/_/js/k%253Doz.gapi.ko.WgTOIxoySQQ.O/am%253DAQ/d%253D1/rs%253DAGLTcCPr8pJzx73KJCRugZ418iKGzF4Nkg/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D9109980527255485708%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMyMjIyMjIiByMyMjg4YmIqByNmZmZmZmYyByMwMDAwMDA6ByMyMjIyMjJCByMyMjg4YmJKByM5OTk5OTlSByMyMjg4YmJaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D4647081066964754927%26origin%3Dhttp://regalosfreaks.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/apps-static/_/js/k%253Doz.gapi.ko.WgTOIxoySQQ.O/am%253DAQ/d%253D1/rs%253DAGLTcCPr8pJzx73KJCRugZ418iKGzF4Nkg/m%253D__features__%26bpli%3D1&passive=true&go=true https://fls-eu.amazon-adsystem.com/1/associates-ads/1/OP/r/json?cb=1623150078049&logType=banner_impressions&p=%7B%22mobile_supported%22%3A%22true%22%2C%22action%22%3A%22onload%22%2C%22adunit_type%22%3A%22banners%22%2C%22adunit_properties%22%3A%7B%22height%22%3A%22%24%7Bheight%7D%22%2C%22width%22%3A%22%24%7Bwidth%7D%22%2C%22category%22%3A%22%24%7Bcampaigns%7D%22%2C%22marketplace%22%3A%22amazon%22%2C%22link_id%22%3A%22%24%7Blinkid%7D%22%2C%22region%22%3A%22ES%22%7D%2C%22logType%22%3A%22banner_impressions%22%7D https://resources.blogblog.com/img/widgets/s_top.png https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://resources.blogblog.com/img/navbar/arrows-light.png https://www.blogger.com/static/v1/v-css/1050234869-lightbox_bundle.css https://www.blogger.com/comment-iframe.g?blogID=9109980527255485708&postID=4647081066964754927&blogspotRpcToken=1963275&bpli=1 https://fls-eu.amazon-adsystem.com/1/associates-ads/1/OP/r/json?cb=1623150089682&logType=banner_impressions&p=%7B%22mobile_supported%22%3A%22true%22%2C%22action%22%3A%22onload%22%2C%22adunit_type%22%3A%22banners%22%2C%22adunit_properties%22%3A%7B%22height%22%3A%22%24%7Bheight%7D%22%2C%22width%22%3A%22%24%7Bwidth%7D%22%2C%22category%22%3A%22%24%7Bcampaigns%7D%22%2C%22marketplace%22%3A%22amazon%22%2C%22link_id%22%3A%22%24%7Blinkid%7D%22%2C%22region%22%3A%22ES%22%7D%2C%22logType%22%3A%22banner_impressions%22%7D https://ws-eu.assoc-amazon.com/widgets/cm?t=regalosfreaks-21&o=30&p=11&l=ur1&category=generico&banner=1HWYNRB8SN6CQ3VANYG2&f=ifr https://resources.blogblog.com/img/widgets/subscribe-yahoo.png https://www.blogger.com/static/v1/jsbin/2575565767-cmt__es.js https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.ko.WgTOIxoySQQ.O/m=gapi_iframes,gapi_iframes_style_common/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPr8pJzx73KJCRugZ418iKGzF4Nkg/cb=gapi.loaded_1 https://www.blogger.com/followers.g?blogID=9109980527255485708&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMyMjIyMjIiByMyMjg4YmIqByNmZmZmZmYyByMwMDAwMDA6ByMyMjIyMjJCByMyMjg4YmJKByM5OTk5OTlSByMyMjg4YmJaC3RyYW5zcGFyZW50&pageSize=21&postID=4647081066964754927&origin=http%3A%2F%2Fregalosfreaks.blogspot.com%2F&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.ko.WgTOIxoySQQ.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPr8pJzx73KJCRugZ418iKGzF4Nkg%2Fm%3D__features__&bpli=1 https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css https://www.blogger.com/static/v1/jsbin/3775400722-ieretrofit.js https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://www.blogger.com/dyn-css/authorization.css?targetBlogID=9109980527255485708&zx=ba21ca9f-52ef-4f71-9a5e-873f64399f9b https://resources.blogblog.com/img/widgets/subscribe-netvibes.png https://www.blogger.com/navbar.g?targetBlogID=9109980527255485708&blogName=Regalos+Freaks&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=https://regalosfreaks.blogspot.com/search&blogLocale=es&v=2&homepageUrl=http://regalosfreaks.blogspot.com/&targetPostID=4647081066964754927&blogPostOrPageUrl=http://regalosfreaks.blogspot.com/2012/12/sable-laser-de-anakin-skywalker-con.html&vt=8248516631269504934&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.ko.WgTOIxoySQQ.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPr8pJzx73KJCRugZ418iKGzF4Nkg%2Fm%3D__features__ https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.ko.WgTOIxoySQQ.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPr8pJzx73KJCRugZ418iKGzF4Nkg/cb=gapi.loaded_0 https://resources.blogblog.com/img/icon18_wrench_allbkg.png https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.ko.WgTOIxoySQQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPr8pJzx73KJCRugZ418iKGzF4Nkg/cb=gapi.loaded_0 https://www.blogger.com/followers.g?blogID=9109980527255485708&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMyMjIyMjIiByMyMjg4YmIqByNmZmZmZmYyByMwMDAwMDA6ByMyMjIyMjJCByMyMjg4YmJKByM5OTk5OTlSByMyMjg4YmJaC3RyYW5zcGFyZW50&pageSize=21&postID=4647081066964754927&origin=http://regalosfreaks.blogspot.com/&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.ko.WgTOIxoySQQ.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCPr8pJzx73KJCRugZ418iKGzF4Nkg%2Fm%3D__features__ https://contadores.miarroba.com/view.php?tipo=invisible&zona=0&contadorid=668184&ts=1623150074&cd=aea07c31fd7a7e1a23077e810c85ee58&unica=si&sesion=si&nueva=si&domain=regalosfreaks.blogspot.com&referer=&os=win&osv=seven&browser=ie&browserv=9.0&screen=1365x1024&depth=24&lang=ko&cookies=si&java=si&flash=2&flashv=13&quick=0&search=&sengine=&google=&url=http%3A%2F%2Fregalosfreaks.blogspot.com%2F2012%2F12%2Fsable-laser-de-anakin-skywalker-con.html&agent= https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.ko.WgTOIxoySQQ.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPr8pJzx73KJCRugZ418iKGzF4Nkg/cb=gapi.loaded_1 https://fls-eu.amazon-adsystem.com/1/associates-ads/1/OP/?cb=1623150083515&p=%7B%22program%22%3A%2230%22%2C%22tag%22%3A%22regalosfreaks-21%22%2C%22linkCode%22%3A%22ur1%22%2C%22refUrl%22%3A%22http%3A%2F%2Fregalosfreaks.blogspot.com%2F2012%2F12%2Fsable-laser-de-anakin-skywalker-con.html%22%2C%22panda%22%3Atrue%7D https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&bgint=FfCPi2TMnNz6Sf8yzawZ-WtZthvCzb7ioWpphmPTQrs
|
53
translate.googleapis.com(172.217.175.10) 1.bp.blogspot.com(172.217.175.225) 2.bp.blogspot.com(172.217.175.225) - compromised static.ak.connect.facebook.com() www.yceml.net(104.84.174.49) ws-eu.assoc-amazon.com(52.95.118.186) apis.google.com(172.217.161.78) accounts.google.com(142.250.196.109) authedmine.com() - mailcious track.webgains.com(46.236.13.147) platform.twitter.com(192.229.237.25) contadores.miarroba.com(104.26.13.114) www.linkwithin.com(3.19.188.212) translate.google.com(172.217.175.78) contadores.miarroba.es(172.67.70.74) www.blogger.com(172.217.25.105) 3.bp.blogspot.com(172.217.175.225) - compromised www.awltovhc.com(159.127.40.144) pagead2.googlesyndication.com(172.217.174.98) - mailcious zbox.zanox.com() rcm-eu.amazon-adsystem.com(52.95.124.70) regalosfreaks.blogspot.com(172.217.161.33) - compromised fonts.gstatic.com(172.217.161.67) fls-eu.amazon-adsystem.com(52.94.216.221) resources.blogblog.com(172.217.25.105) 4.bp.blogspot.com(172.217.175.225) www.google.com(172.217.174.100) images-eu.ssl-images-amazon.com(13.225.116.83) www.tqlkg.com(159.127.40.144) 142.250.66.130 89.207.16.72 142.250.66.97 3.19.188.212 142.250.204.100 142.250.204.129 46.236.13.147 172.217.31.225 142.250.204.42 104.26.12.114 23.42.214.71 142.250.66.142 142.250.66.141 172.217.26.142 99.86.205.103 - suspicious 192.229.237.25 172.217.163.233 142.250.204.131 142.250.204.137 52.95.124.70 142.250.66.65 52.95.118.186 104.26.13.38 52.94.218.163
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure SURICATA HTTP unable to match response to request
|
|
5.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8702 |
2021-06-08 20:15
|
m.dot 0f666fec8607488ee6f78afd2a0ff4d4 RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://37.120.206.70/mar/vbc.exe
|
1
37.120.206.70 - mailcious
|
6
ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.6 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8703 |
2021-06-08 20:43
|
vbc.exe 27f582f69b0ec4fd2366cbf298f38dee Admin Tool (Sysinternals Devolutions inc) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
6.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8704 |
2021-06-09 09:54
|
al.exe 20f307c716a689f4afa3a76b7143db22 NPKI Antivirus PE File PE64 DLL .NET DLL PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
10.4 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8705 |
2021-06-09 09:54
|
new.exe eb43b3c033bd76b51b90a51a6726a81c DNS AntiDebug AntiVM PE File .NET EXE PE32 Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself human activity check Windows ComputerName DNS DDNS crashed |
|
2
wekeepworking.sytes.net(79.134.225.90) - mailcious 79.134.225.90 - mailcious
|
|
|
10.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8706 |
2021-06-09 09:56
|
binok-098.exe 56e0119501bf355295603914d3b13519 PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
|
|
|
8.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8707 |
2021-06-09 09:56
|
binalpha.exe 935847d6703bbb36edd123c1f5f60681 Admin Tool (Sysinternals Devolutions inc) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
79.134.225.90 - mailcious
|
|
|
8.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8708 |
2021-06-09 09:58
|
ewaa.exe a805af22c4ea9de2c2c542f21933ab84 PWS .NET framework Malicious Packer SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
11.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8709 |
2021-06-09 09:59
|
lv.exe dba9d5c211d728da4b92e0064a445ecd AgentTesla Gen1 Gen2 Generic Malware Malicious Packer Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persis VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows DNS crashed |
|
1
rYHtYHrEKqvv.rYHtYHrEKqvv()
|
|
|
9.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8710 |
2021-06-09 10:00
|
INV202054pdf.jar fc43547ad34a9e4c3790e60a49fbc215VirusTotal Malware Check memory heapspray unpack itself Java |
|
|
|
|
2.0 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8711 |
2021-06-09 10:02
|
binalpha-0986.exe cdc024aeb6a126fed48f71becc7c8b55 PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.4 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8712 |
2021-06-09 10:04
|
agreement.pdf 1c113114ff3e57d99a43e0b2cdd1d952VirusTotal Malware |
|
|
|
|
0.4 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8713 |
2021-06-09 10:05
|
YsiNqNecL9cNFZv144OWCjioAQukPt... c9f22a0091ad275119321e7b036e5633 RTF File doc buffers extracted exploit crash unpack itself Exploit DNS crashed |
3
http://plugindownload.buzz/rose/YsiNqNecL9cNFZv144OWCjioAQukPtyy.dat http://plugindownload.buzz/rose/YsiNqNecL9cNFZv144OWCjioAQukPtyy.doc http://plugindownload.buzz/rose/YsiNqNecL9cNFZv144OWCjioAQukPtyy
|
2
plugindownload.buzz(192.153.57.12) 192.153.57.12
|
|
|
3.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8714 |
2021-06-09 16:23
|
Proforma Invoice·pdf.exe 24dd4963d365c33435f58adaebb1ef26 PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Software crashed |
4
http://63.141.228.141/32.php/s396KA3xaZWY1 http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2 https://update.googleapis.com/service/update2?cup2key=10:220834941&cup2hreq=821e0dc3f2f4acc54994383995b4c935d5c9e4e2e67bc15b9110c55ac7730735
|
3
edgedl.me.gvt1.com(34.104.35.123) 63.141.228.141 34.104.35.123
|
10
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
17 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8715 |
2021-06-09 16:23
|
v.dot af735bdb2ca442a45fca870ba2c1b082 RTF File doc AntiDebug AntiVM Malware download Malware MachineGuid Malicious Traffic Check memory exploit crash unpack itself Windows Exploit DNS crashed Downloader |
1
http://103.156.91.50/fresh/vbc.exe
|
2
173.208.204.37 - mailcious 103.156.91.50
|
6
ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|