8731 |
2021-06-09 22:19
|
Ltd5JPCpQVoh3Te.exe 6a910d1eda7f2c23bbdb95643b51f169 Malicious Packer AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS |
|
|
|
|
11.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8732 |
2021-06-09 22:21
|
xy_cjz_37658_315d8b4zbmga.exe f99d0fc489a7258c29ec765cf1e2624a PE File PE32 PNG Format GIF Format JPEG Format VirusTotal Malware MachineGuid Check memory Creates shortcut Creates executable files RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check Interception ComputerName Remote Code Execution DNS crashed |
1
http://www.xy.com/lander/cjz?adkey=39216&appname=xy_cjz_37658_315d8b4zbmga
|
4
cjz.static.xyimg.net() www.xy.com(118.25.169.187) 118.25.169.187 66.154.113.12
|
|
|
8.0 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8733 |
2021-06-09 22:21
|
CryptedFile109.exe 4b28814eb8a1d4e18e4320601eb5ec5d PWS .NET framework Malicious Packer Antivirus AntiDebug AntiVM PE File .NET EXE PE32 Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Kovter Windows ComputerName DNS |
|
1
|
2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
|
|
11.8 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8734 |
2021-06-09 22:23
|
microsoft.com 1276e815c54ab13a18f21118dd3c6bbb AsyncRAT backdoor PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS crashed |
1
https://pastebin.com/raw/4iEe2RSa
|
4
ipcheck.servehttp.com(41.225.34.198) pastebin.com(104.23.99.190) - mailcious 41.225.34.198 104.23.99.190 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY DNS Query to DynDNS Domain *.servehttp .com
|
|
10.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8735 |
2021-06-09 22:23
|
CryptedFile163.exe 4cd239ef80fd78d61acd9d01ec7ad633 PWS .NET framework Malicious Packer AntiDebug AntiVM PE File .NET EXE PE32 Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Kovter Windows ComputerName DNS |
|
1
|
2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
|
|
11.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8736 |
2021-06-09 22:25
|
qwqdanchun.sct 3b1224fcee5f2e973877d66d81374b47 ScreenShot AntiDebug AntiVM VirusTotal Malware Code Injection Check memory unpack itself |
|
|
|
|
2.4 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8737 |
2021-06-09 22:34
|
svchost.exe 99bbf83abe9d6e4ecc91493e32230833 PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS |
|
|
|
|
2.4 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8738 |
2021-06-09 22:36
|
win32.exe 196b3c910b8d74c5916029f6eb037d5d PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS |
|
|
|
|
2.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8739 |
2021-06-09 22:41
|
new.exe 8e87de15cd3da1245b9c7b0e48c0f126 AsyncRAT backdoor Ave Maria WARZONE RAT Antivirus DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed |
|
3
wekeepworking12.sytes.net() wekeepworking.sytes.net(79.134.225.90) - mailcious 79.134.225.90 - mailcious
|
|
|
17.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8740 |
2021-06-09 23:03
|
7k7kGame_1.0.4.0.exe 07e40ca846dfb2ce2aa739f424f232bf DNS SMTP Socket AntiDebug AntiVM PE File PE32 GIF Format PNG Format JPEG Format OS Processor Check DLL VirusTotal Malware Code Injection Malicious Traffic Check memory buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Browser ComputerName crashed |
124
http://n.7k7kimg.cn/uploads/gameimg/201801/17c9a.jpg http://n.7k7kimg.cn/uploads/gameimg/201812/ebf85.jpg http://web.7k7k.com/g/img/i_charge_n.png http://web.7k7k.com/g/img/i_arrow.png http://n.7k7kimg.cn/uploads/gameimg/201703/104e7.jpg http://n.7k7kimg.cn/uploads/gameimg/201801/a15bf.jpg http://down.7k7k.com/www/ver.json http://n.7k7kimg.cn/uploads/gameimg/201801/ddd11.jpg http://n.7k7kimg.cn/uploads/cdn/api/layer/skin/layer.css http://g.7k7k.com/ http://n.7k7kimg.cn/uploads/gameimg/201905/c7f23.jpg http://web.7k7k.com/g/img/left2.png http://n.7k7kimg.cn/uploads/gameimg/201703/79fea.jpg http://n.7k7kimg.cn/uploads/gameimg/202011/4c251.png http://n.7k7kimg.cn/uploads/gameimg/201905/12a59.png http://n.7k7kimg.cn/uploads/gameimg/201707/4e257.gif http://n.7k7kimg.cn/uploads/gameimg/201703/ec43a.jpg http://www.7k7k.com/client http://n.7k7kimg.cn/uploads/gameimg/201801/01440.jpg http://n.7k7kimg.cn/uploads/gameimg/201702/d221f.jpg http://n.7k7kimg.cn/uploads/gameimg/201704/0c7c9.jpg http://n.7k7kimg.cn/uploads/gameimg/201711/4cae5.png http://n.7k7kimg.cn/uploads/gameimg/201801/73aaf.jpg http://web.7k7k.com/api/feiyun_api.php?calllback=&callback=jQuery17201390108715650153_1623252553844&_=1623252578708 http://web.7k7k.com/g/img/i_allgame.png http://web.7k7k.com/g/img/i_game_n.png http://n.7k7kimg.cn/uploads/gameimg/201801/0570b.jpg http://n.7k7kimg.cn/uploads/gameimg/201912/36c66.jpg http://n.7k7kimg.cn/uploads/gameimg/201801/6691e.jpg http://libs.baidu.com/jquery/1.7.2/jquery.min.js http://n.7k7kimg.cn/uploads/cdn/api/layer/layer.js http://g.7k7k.com/img/chk_1.png http://n.7k7kimg.cn/uploads/gameimg/202006/a92df.jpg http://n.7k7kimg.cn/uploads/gameimg/201704/5678a.jpg http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_qq.jpg?v=201767183157 http://n.7k7kimg.cn/uploads/cdn/api/star.png http://web.7k7k.com/g/img/i_hot_n.png http://n.7k7kimg.cn/uploads/gameimg/201906/c6bda.png http://n.7k7kimg.cn/uploads/gameimg/201702/a2d2f.jpg http://web.7k7k.com/g/img/btn_bg_b.png?v5 http://n.7k7kimg.cn/uploads/gameimg/202009/c89a7.jpg http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_long.jpg?v=201767183157 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_wx.jpg?v=201767183157 http://web.7k7k.com/g/css/index.css?rev=3da80293 http://n.7k7kimg.cn/uploads/gameimg/201912/a3e9b.jpg http://n.7k7kimg.cn/uploads/gameimg/201703/8ba6f.jpg http://web.7k7k.com/g/img/i_newgame.png http://n.7k7kimg.cn/uploads/gameimg/201904/786ab.png http://web.7k7k.com/g/img/logo.png http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/bg_input.png?v=201767183157 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_log.jpg?v=201767183157 http://n.7k7kimg.cn/uploads/gameimg/201801/e0b62.jpg http://n.7k7kimg.cn/uploads/gameimg/201702/d7301.jpg http://web.7k7k.com/g/img/rec_r.png http://n.7k7kimg.cn/uploads/gameimg/201912/08358.jpg http://n.7k7kimg.cn/uploads/gameimg/201702/e1f17.jpg http://web.7k7k.com/g/img/i_vip_n.png http://web.7k7k.com/api/sq_playgame.php?calllback=&act=gameall&uid=&callback=jQuery17201390108715650153_1623252553845&_=1623252578732 http://login.7k7k.com/box_post_login http://n.7k7kimg.cn/uploads/gameimg/201703/0907f.jpg http://web.7k7k.com/g/img/shearch_bg.png?v4 http://n.7k7kimg.cn/uploads/gameimg/201801/29cb2.jpg http://n.7k7kimg.cn/uploads/gameimg/201702/605d4.png http://n.7k7kimg.cn/uploads/gameimg/201906/7e7af.png http://web.7k7k.com/g/img/right2.png http://web.7k7k.com/g/img/i_search.png http://n.7k7kimg.cn/uploads/gameimg/201703/2cc1f.jpg http://web.7k7k.com/g/js/index.js?rev=e4622737 http://n.7k7kimg.cn/uploads/gameimg/202005/d0de1.png http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/css/logFn.min.css?v=0.2.9 http://n.7k7kimg.cn/uploads/gameimg/201803/55d64.jpg http://web.7k7k.com/g/img/i_server_n.png http://web.7k7k.com/g/img/fla_nav.png http://web.7k7k.com/g/img/ban_bg.jpg http://n.7k7kimg.cn/uploads/gameimg/201901/d7e18.jpg http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_reg.jpg?v=201767183157 http://n.7k7kimg.cn/uploads/cdn/web_sq/img/u_photo.png?v3 http://n.7k7kimg.cn/uploads/gameimg/201805/5ef00.jpg http://n.7k7kimg.cn/uploads/gameimg/201912/3d17b.jpg http://web.7k7k.com/g/img/rep_png.png http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/bg_b.png?v=201767183157 http://n.7k7kimg.cn/uploads/gameimg/201904/da695.png http://web.7k7k.com/g/img/n_bg.jpg http://n.7k7kimg.cn/uploads/gameimg/202009/82bbf.jpg http://n.7k7kimg.cn/uploads/gameimg/201909/6e919.jpg http://n.7k7kimg.cn/uploads/gameimg/202006/ea426.png http://n.7k7kimg.cn/uploads/gameimg/201912/0aa11.jpg http://n.7k7kimg.cn/uploads/gameimg/201901/f26e4.png http://n.7k7kimg.cn/uploads/gameimg/201703/63654.jpg http://n.7k7kimg.cn/uploads/gameimg/201801/523db.jpg http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/bg_t.png?v=201767183157 http://web.7k7k.com/g/img/vip_year0.png http://n.7k7kimg.cn/uploads/cdn/api/js/hwSlider.min.js http://n.7k7kimg.cn/uploads/gameimg/201907/f2f92.png http://n.7k7kimg.cn/uploads/gameimg/201703/735c8.jpg http://n.7k7kimg.cn/uploads/gameimg/201704/0735e.jpg http://n.7k7kimg.cn/uploads/gameimg/202102/5215f.png http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/line.png?v=201767183157 http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/chk_1.png?v=201767183157 http://web.7k7k.com/g/img/i_home.png http://n.7k7kimg.cn/uploads/gameimg/201909/2726e.png http://n.7k7kimg.cn/uploads/gameimg/201801/c7841.jpg http://n.7k7kimg.cn/uploads/gameimg/201702/3b655.png http://n.7k7kimg.cn/uploads/gameimg/201801/b2801.jpg http://n.7k7kimg.cn/uploads/gameimg/201801/a28d9.jpg http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/js/logFn_dm.min.js?vv0.2.871622543665 http://web.7k7k.com/g/img/i_hot.png http://web.7k7k.com/g/img/vip_gzhy0.png http://n.7k7kimg.cn/uploads/gameimg/201703/1eab5.jpg https://n.7k7kimg.cn/uploads/gameimg/202104/9f98d.jpg https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1024x768&vl=623&et=0&fl=13.0&ja=1&ln=ko&lo=0&rnd=40257087&si=4f1beaf39805550dd06b5cac412cd19b&v=1.2.80&lv=1&sn=16164&r=0&ww=976&ct=!!&u=http%3A%2F%2Fg.7k7k.com%2F&tt=7k7k%E6%B8%B8%E6%88%8F_7k7k%E4%BC%91%E9%97%B2%E7%AB%9E%E6%8A%80%E6%B8%B8%E6%88%8F%E5%A4%A7%E5%8E%85_7k7k%E6%B8%B8%E6%88%8F%E5%AE%98%E7%BD%91_7k7k%E6%B8%B8%E6%88%8F%E4%B8%8B%E8%BD%BD https://hm.baidu.com/hm.js?4f1beaf39805550dd06b5cac412cd19b https://n.7k7kimg.cn/uploads/gameimg/202104/27fca.jpg https://hm.baidu.com/hm.js?2cc039dda4311ed9739f2308bd58c84e https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1024x768&vl=623&et=0&fl=13.0&ja=1&ln=ko&lo=0&rnd=19596027&si=2cc039dda4311ed9739f2308bd58c84e&v=1.2.80&lv=1&sn=16164&r=0&ww=976&ct=!!&u=http%3A%2F%2Fg.7k7k.com%2F&tt=7k7k%E6%B8%B8%E6%88%8F_7k7k%E4%BC%91%E9%97%B2%E7%AB%9E%E6%8A%80%E6%B8%B8%E6%88%8F%E5%A4%A7%E5%8E%85_7k7k%E6%B8%B8%E6%88%8F%E5%AE%98%E7%BD%91_7k7k%E6%B8%B8%E6%88%8F%E4%B8%8B%E8%BD%BD https://n.7k7kimg.cn/uploads/gameimg/202010/925f8.jpg https://n.7k7kimg.cn/uploads/gameimg/202103/51b8e.jpg https://n.7k7kimg.cn/uploads/gameimg/202104/4f21f.jpg https://n.7k7kimg.cn/uploads/gameimg/202104/73214.jpg https://n.7k7kimg.cn/uploads/gameimg/202012/0addb.jpg https://n.7k7kimg.cn/uploads/gameimg/202103/52c69.png https://n.7k7kimg.cn/uploads/gameimg/202008/ab4d3.jpg https://n.7k7kimg.cn/uploads/gameimg/202102/595cb.jpg https://n.7k7kimg.cn/uploads/gameimg/202103/49bf9.jpg
|
14
www.7k7k.com(119.206.200.181) web.7k7k.com(14.0.113.218) n.7k7kimg.cn(14.0.113.218) g.7k7k.com(119.206.200.181) login.7k7k.com(117.50.14.72) hm.baidu.com(103.235.46.191) - mailcious libs.baidu.com(39.156.66.111) down.7k7k.com(119.206.200.180) - malware 39.156.66.111 14.0.113.218 - malware 117.50.14.72 103.235.46.191 - mailcious 119.206.200.181 - malware 119.206.200.180 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8741 |
2021-06-10 09:20
|
svch.exe ac3ce8e8920a0b504cf0a10e204d2f3f AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library DNS Socket Sniff Audio KeyLogger Code injection AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS keylogger |
2
http://www.iptrackeronline.com/ https://www.iptrackeronline.com/
|
4
www.iptrackeronline.com(104.26.0.222) safeduringthecoronavirus.duckdns.org(194.5.98.144) - mailcious 104.26.0.222 194.5.98.144 - mailcious
|
3
ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M2 ET INFO DYNAMIC_DNS Query to *.duckdns. Domain SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8742 |
2021-06-10 09:22
|
vbc.exe 3fc801c41e2595e0f778e83973457449 AgentTesla PWS .NET framework browser info stealer Google Chrome User Data Admin Tool (Sysinternals Devolutions inc) Malicious Library Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence AntiDebug AntiVM PE VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger |
|
2
bressonseencrounder.mangospot.net(194.5.98.144) - mailcious 194.5.98.144 - mailcious
|
|
|
11.2 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8743 |
2021-06-10 09:32
|
vbc.exe bee1b5a09da4f1bc92b3c1a283ab3157 AgentTesla AsyncRAT backdoor PWS .NET framework browser info stealer Google Chrome User Data Admin Tool (Sysinternals Devolutions inc) Malicious Library Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug A VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger |
|
2
bensonm3jb3nj1.mangospot.net(79.137.109.121) 79.137.109.121
|
|
|
12.0 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8744 |
2021-06-10 09:32
|
mpa.exe edf51521ad563bef8fa2f5ed218ac98c PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed |
|
|
|
|
9.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8745 |
2021-06-10 09:34
|
getfile.php 28193ba741232f91101849f606fa8419 PE File PE64 DLL OS Processor Check VirusTotal Malware Check memory DNS crashed |
|
|
|
|
2.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|