| 8716 |
2023-11-28 09:56
|
 vbsss.jpg.exe db2ee1ea937d2e49bc3f237edde48cfb
Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware |
|
|
|
|
0.6 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8717 |
2023-11-28 09:34
|
 Random.exe bb83e8db740d3441abb88dc34fd3759e
PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8718 |
2023-11-28 09:32
|
 Zdznzuwlua.exe 46c0e34ddfde46cdcf8bde9398c4d958
UPX AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Windows Cryptographic key |
|
|
|
|
9.2 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8719 |
2023-11-28 09:29
|
 wealthzx.exe bec11ca3a3a72fbb4b93e078f03b2e78
AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName crashed |
|
|
|
|
9.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8720 |
2023-11-28 09:29
|
microsoftbrowserEdgedeletedhis... 75ae457731beea5721c8107608ee8316
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit crashed |
|
2
toss.is(45.33.42.226) - mailcious
45.33.42.226 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Wrong direction first Data
|
|
2.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8721 |
2023-11-28 09:28
|
 wininit.exe e8fc0040e6882e0b9ea0e830b6d74d65
Formbook .NET framework(MSIL) PWS AntiDebug AntiVM PE32 PE File .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself ComputerName |
2
http://www.keymuscatgroups.com/bp31/?yVMpQTlP=yNiC01S4ovnvJ+4O8UQILoBOncymYWrbdHgK3FAKeJB65Mx698O5TOrqAYEBEx6+IzqV5xYJ&1bz=ofrLp
http://www.shop-pravaonline.online/bp31/?yVMpQTlP=Uqza8+9L64sRJc+c2iCGCqwjPe7m2xZwn2Ag66Dpm3Yoyn941TYF9FYKVDiYLzEfUp+bSjyL&1bz=ofrLp
|
5
www.shop-pravaonline.online(104.21.67.52)
www.keymuscatgroups.com(94.130.50.78)
www.dogclubuk.com()
104.21.67.52
94.130.50.78
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8722 |
2023-11-28 09:27
|
 file2data.exe e1628c99654edfe58f07bddbd9b29940
Malicious Packer .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows ComputerName |
|
2
bitbucket.org(104.192.141.1) - malware
104.192.141.1 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.2 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8723 |
2023-11-28 09:25
|
 wlanext.exe 3713c253ab56bf85aaa806fc41cc6905
AgentTesla .NET framework(MSIL) KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
11.6 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8724 |
2023-11-28 09:25
|
 filer.exe 51f23cd8d73782f1dd032789f10def23
Malicious Packer Antivirus .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8725 |
2023-11-28 09:23
|
 file1.exe a7c67b27eb08e972fe6bb64df73bd19d
Malicious Packer Antivirus .NET framework(MSIL) UPX Anti_VM PE32 PE File .NET EXE OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8726 |
2023-11-28 09:23
|
htmljason.vbs e64be178e12b020963cc38980edc18f8VirusTotal Malware wscript.exe payload download Tofsee |
1
|
2
paste.ee(172.67.187.200) - mailcious
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8727 |
2023-11-28 09:21
|
 wlanext.exe 9aeed55e2703a03cf9e922dc695db1ab
Formbook .NET framework(MSIL) PWS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder Browser ComputerName DNS |
16
http://www.velvet-key-properties.top/zqco/?ZuTSz8Jg=3cujheEXCxTSONvEGgHYK3Ro6UrcWljFRITPND+osZObjxCf4likA3rqCl3sr+p4oSCTpecI3ocHZbRBmm9rhynO4PrZ/611WMrx7zI=&0VGHl=xHLDPw - rule_id: 38342
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
http://www.oneillspubs.com/zqco/?ZuTSz8Jg=XdRd7IBdWEpb/jCY/gch7kg+lw27Z26x+D3ieONLL7CY8BddAHnhXbvHyElLQzrirdgR+wn8qaFBYv6gfz4EEy7O0ffUbALIB58FlQs=&0VGHl=xHLDPw - rule_id: 38338
http://www.54c7pv.top/zqco/?ZuTSz8Jg=XV3W3W1bHvM399Du4uoMZ6VmM7juBhQ9XL1FfmdLfANGdpYh3tpg4K62NhqwFVpBYKsURc+EQi3NVVDNf+vTi2grpbzFJu9fs/bFcso=&0VGHl=xHLDPw - rule_id: 38344
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip
http://www.brls.money/zqco/?ZuTSz8Jg=kJJUs3T9xo/faco/szFu0NbjBV/XWn0UwEs2UTEFdB9bg8qGS48Zihll1h6n106FVzSgHW/cbGOli2i8W1uBzVY1OSvzf5lm+SHpTzw=&0VGHl=xHLDPw - rule_id: 38345
http://www.wearehydrant.com/zqco/?ZuTSz8Jg=yN+4vjoTZa2+2rQfpO28lQWMu+aZ3T74Wrnr375QTRpmINRbNSsldLaHn5rMvgmgz4hpMiEXqXqPXNl5+v6fM5IMtXKekPO/Z+VSq9A=&0VGHl=xHLDPw - rule_id: 38343
http://www.stprov.biz/zqco/?ZuTSz8Jg=ogfkNg/1tCd9W0WeOmHDQCOqLPOGwiuWSgR6FQ2+VD8GhLug2Ctv0H3GE0eldR7xC4dFHEP3Eqt1pFBXCYATF7XInOdNSl+LOLADaFA=&0VGHl=xHLDPw - rule_id: 38346
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
http://www.speedbikesglobal.com/zqco/?ZuTSz8Jg=9kePTKggf4eP6/DCGbsdghdg+/LhYxsxm+U+B1ESzIz+TmizgBdCe1eXOmqUrZ0x2YkFTu0erOvA47Ha2c+EVc4yEgJLqy1Od5EFPsA=&0VGHl=xHLDPw - rule_id: 38340
http://www.ofupakoshi.com/zqco/?ZuTSz8Jg=oR8rxthcq91bDeb9vmLMA5uA0V6TVpHsZzEUlFltfnhRD4eEP3S8Ru2FP+uQ72DlNChyjz/yveiA7oMKQr7r0mPigqg1fcYUoRyODkg=&0VGHl=xHLDPw - rule_id: 38341
http://www.zz23xw.top/zqco/?ZuTSz8Jg=VoRUmMaSMr2kGXzG8DGzs0cy5P6qw2FvfeSWrzBmFVf4r1pcQgw7LosabWMBXohSSG87M+jYFIXYlgYqysxLRuA79T8FIpBWYkRSO2Y=&0VGHl=xHLDPw - rule_id: 38337
http://www.talknconvert.com/zqco/?ZuTSz8Jg=+y3ZRElHCLe7jmdKMp2JFPlUK9YT5bvGGHfUVKPtd2bXz9pNtTUvPUI0E2mMKKDMK40SLr9h4U0bLKuGzmPR68kee6xzU8cXih09j6g=&0VGHl=xHLDPw - rule_id: 38336
http://www.talknconvert.com/zqco/ - rule_id: 38336
http://www.ezus.life/zqco/?ZuTSz8Jg=u471bzHmixRgx8jG34/3521QRSoafTDA19WcHl++OFLBIVcH0DdbJeLxOpVlrYL99BmDVXWg0zcKhLFxNQar41PBegN+NBU9NC/0Y9c=&0VGHl=xHLDPw - rule_id: 38339
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip
|
24
www.ofupakoshi.com(118.27.125.154) - mailcious
www.talknconvert.com(34.120.137.41) - mailcious
www.velvet-key-properties.top(162.0.222.119) - mailcious
www.cardsfinanse.online() - mailcious
www.brls.money(76.76.21.9) - mailcious
www.wearehydrant.com(216.40.34.41) - mailcious
www.oneillspubs.com(199.59.243.225) - mailcious
www.stprov.biz(208.91.197.132) - mailcious
www.speedbikesglobal.com(207.244.126.150) - mailcious
www.zz23xw.top(198.44.187.121) - mailcious
www.54c7pv.top(154.91.180.241) - mailcious
www.ezus.life(34.96.147.60) - mailcious
34.96.147.60 - mailcious
198.44.187.121 - mailcious
207.244.126.150 - mailcious
154.91.180.241 - mailcious
199.59.243.225 - mailcious
216.40.34.41 - mailcious
76.76.21.142 - mailcious
45.33.6.223
208.91.197.132 - mailcious
34.120.137.41 - mailcious
118.27.125.154 - mailcious
162.0.222.119 - mailcious
|
5
ET INFO HTTP Request to a *.top domain
ET INFO Observed DNS Query to .biz TLD
ET DNS Query to a *.top domain - Likely Hostile
ET INFO Observed DNS Query to .life TLD
ET INFO HTTP Request to Suspicious *.life Domain
|
12
http://www.velvet-key-properties.top/zqco/
http://www.oneillspubs.com/zqco/
http://www.54c7pv.top/zqco/
http://www.brls.money/zqco/
http://www.wearehydrant.com/zqco/
http://www.stprov.biz/zqco/
http://www.speedbikesglobal.com/zqco/
http://www.ofupakoshi.com/zqco/
http://www.zz23xw.top/zqco/
http://www.talknconvert.com/zqco/
http://www.talknconvert.com/zqco/
http://www.ezus.life/zqco/
|
10.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8728 |
2023-11-28 09:21
|
MicrosoftbrowserEdgeentierhist... 1363064ab295a3d2cb98232cc188eb42
Formbook MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware RWX flags setting exploit crash Windows Exploit DNS crashed |
|
16
www.talknconvert.com(34.120.137.41) - mailcious
www.ofupakoshi.com(118.27.125.154) - mailcious
www.velvet-key-properties.top(162.0.222.119) - mailcious
www.oneillspubs.com(199.59.243.225) - mailcious
www.speedbikesglobal.com(207.244.126.150) - mailcious
www.zz23xw.top(198.44.187.121) - mailcious
www.ezus.life(34.96.147.60) - mailcious
34.96.147.60 - mailcious
198.44.187.121 - mailcious
207.244.126.150 - mailcious
199.59.243.225 - mailcious
172.245.208.19 - malware
45.33.6.223
34.120.137.41 - mailcious
118.27.125.154 - mailcious
162.0.222.119 - mailcious
|
10
ET INFO HTTP Request to Suspicious *.life Domain
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET DNS Query to a *.top domain - Likely Hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO HTTP Request to a *.top domain
ET INFO Observed DNS Query to .life TLD
SURICATA HTTP Request abnormal Content-Encoding header
|
14
http://www.zz23xw.top/zqco/
http://www.oneillspubs.com/zqco/
http://www.ofupakoshi.com/zqco/
http://www.oneillspubs.com/zqco/
http://www.velvet-key-properties.top/zqco/
http://www.velvet-key-properties.top/zqco/
http://www.ezus.life/zqco/
http://www.speedbikesglobal.com/zqco/
http://www.ezus.life/zqco/
http://www.ofupakoshi.com/zqco/
http://www.zz23xw.top/zqco/
http://www.talknconvert.com/zqco/
http://www.speedbikesglobal.com/zqco/
http://www.talknconvert.com/zqco/
|
3.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8729 |
2023-11-28 09:21
|
 InstallSetup2.exe 631a53494c133f38982b1c8e73f1a42c
PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8730 |
2023-11-28 09:21
|
microsoftdeltedentirefileschac... 880f0c9bc44adc32f0cab0a386d338ee
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed |
|
|
|
|
3.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|