| 8731 |
2021-06-09 22:19
|
 Ltd5JPCpQVoh3Te.exe 6a910d1eda7f2c23bbdb95643b51f169
Malicious Packer AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS |
|
|
|
|
11.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8732 |
2021-06-09 22:21
|
 xy_cjz_37658_315d8b4zbmga.exe f99d0fc489a7258c29ec765cf1e2624a
PE File PE32 PNG Format GIF Format JPEG Format VirusTotal Malware MachineGuid Check memory Creates shortcut Creates executable files RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check Interception ComputerName Remote Code Execution DNS crashed |
1
http://www.xy.com/lander/cjz?adkey=39216&appname=xy_cjz_37658_315d8b4zbmga
|
4
cjz.static.xyimg.net()
www.xy.com(118.25.169.187)
118.25.169.187
66.154.113.12
|
|
|
8.0 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8733 |
2021-06-09 22:21
|
 CryptedFile109.exe 4b28814eb8a1d4e18e4320601eb5ec5d
PWS .NET framework Malicious Packer Antivirus AntiDebug AntiVM PE File .NET EXE PE32 Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Kovter Windows ComputerName DNS |
|
1
|
2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
|
|
11.8 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8734 |
2021-06-09 22:23
|
 microsoft.com 1276e815c54ab13a18f21118dd3c6bbb
AsyncRAT backdoor PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS crashed |
1
https://pastebin.com/raw/4iEe2RSa
|
4
ipcheck.servehttp.com(41.225.34.198)
pastebin.com(104.23.99.190) - mailcious
41.225.34.198
104.23.99.190 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY DNS Query to DynDNS Domain *.servehttp .com
|
|
10.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8735 |
2021-06-09 22:23
|
 CryptedFile163.exe 4cd239ef80fd78d61acd9d01ec7ad633
PWS .NET framework Malicious Packer AntiDebug AntiVM PE File .NET EXE PE32 Malware download AsyncRAT Dridex NetWireRC TrickBot VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Kovter Windows ComputerName DNS |
|
1
|
2
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
|
|
11.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8736 |
2021-06-09 22:25
|
 qwqdanchun.sct 3b1224fcee5f2e973877d66d81374b47
ScreenShot AntiDebug AntiVM VirusTotal Malware Code Injection Check memory unpack itself |
|
|
|
|
2.4 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8737 |
2021-06-09 22:34
|
 svchost.exe 99bbf83abe9d6e4ecc91493e32230833
PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS |
|
|
|
|
2.4 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8738 |
2021-06-09 22:36
|
 win32.exe 196b3c910b8d74c5916029f6eb037d5d
PE File PE32 VirusTotal Malware RWX flags setting unpack itself DNS |
|
|
|
|
2.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8739 |
2021-06-09 22:41
|
 new.exe 8e87de15cd3da1245b9c7b0e48c0f126
AsyncRAT backdoor Ave Maria WARZONE RAT Antivirus DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed |
|
3
wekeepworking12.sytes.net()
wekeepworking.sytes.net(79.134.225.90) - mailcious
79.134.225.90 - mailcious
|
|
|
17.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8740 |
2021-06-09 23:03
|
 7k7kGame_1.0.4.0.exe 07e40ca846dfb2ce2aa739f424f232bf
DNS SMTP Socket AntiDebug AntiVM PE File PE32 GIF Format PNG Format JPEG Format OS Processor Check DLL VirusTotal Malware Code Injection Malicious Traffic Check memory buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Tofsee Browser ComputerName crashed |
124
http://n.7k7kimg.cn/uploads/gameimg/201801/17c9a.jpg
http://n.7k7kimg.cn/uploads/gameimg/201812/ebf85.jpg
http://web.7k7k.com/g/img/i_charge_n.png
http://web.7k7k.com/g/img/i_arrow.png
http://n.7k7kimg.cn/uploads/gameimg/201703/104e7.jpg
http://n.7k7kimg.cn/uploads/gameimg/201801/a15bf.jpg
http://down.7k7k.com/www/ver.json
http://n.7k7kimg.cn/uploads/gameimg/201801/ddd11.jpg
http://n.7k7kimg.cn/uploads/cdn/api/layer/skin/layer.css
http://g.7k7k.com/
http://n.7k7kimg.cn/uploads/gameimg/201905/c7f23.jpg
http://web.7k7k.com/g/img/left2.png
http://n.7k7kimg.cn/uploads/gameimg/201703/79fea.jpg
http://n.7k7kimg.cn/uploads/gameimg/202011/4c251.png
http://n.7k7kimg.cn/uploads/gameimg/201905/12a59.png
http://n.7k7kimg.cn/uploads/gameimg/201707/4e257.gif
http://n.7k7kimg.cn/uploads/gameimg/201703/ec43a.jpg
http://www.7k7k.com/client
http://n.7k7kimg.cn/uploads/gameimg/201801/01440.jpg
http://n.7k7kimg.cn/uploads/gameimg/201702/d221f.jpg
http://n.7k7kimg.cn/uploads/gameimg/201704/0c7c9.jpg
http://n.7k7kimg.cn/uploads/gameimg/201711/4cae5.png
http://n.7k7kimg.cn/uploads/gameimg/201801/73aaf.jpg
http://web.7k7k.com/api/feiyun_api.php?calllback=&callback=jQuery17201390108715650153_1623252553844&_=1623252578708
http://web.7k7k.com/g/img/i_allgame.png
http://web.7k7k.com/g/img/i_game_n.png
http://n.7k7kimg.cn/uploads/gameimg/201801/0570b.jpg
http://n.7k7kimg.cn/uploads/gameimg/201912/36c66.jpg
http://n.7k7kimg.cn/uploads/gameimg/201801/6691e.jpg
http://libs.baidu.com/jquery/1.7.2/jquery.min.js
http://n.7k7kimg.cn/uploads/cdn/api/layer/layer.js
http://g.7k7k.com/img/chk_1.png
http://n.7k7kimg.cn/uploads/gameimg/202006/a92df.jpg
http://n.7k7kimg.cn/uploads/gameimg/201704/5678a.jpg
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_qq.jpg?v=201767183157
http://n.7k7kimg.cn/uploads/cdn/api/star.png
http://web.7k7k.com/g/img/i_hot_n.png
http://n.7k7kimg.cn/uploads/gameimg/201906/c6bda.png
http://n.7k7kimg.cn/uploads/gameimg/201702/a2d2f.jpg
http://web.7k7k.com/g/img/btn_bg_b.png?v5
http://n.7k7kimg.cn/uploads/gameimg/202009/c89a7.jpg
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_long.jpg?v=201767183157
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_wx.jpg?v=201767183157
http://web.7k7k.com/g/css/index.css?rev=3da80293
http://n.7k7kimg.cn/uploads/gameimg/201912/a3e9b.jpg
http://n.7k7kimg.cn/uploads/gameimg/201703/8ba6f.jpg
http://web.7k7k.com/g/img/i_newgame.png
http://n.7k7kimg.cn/uploads/gameimg/201904/786ab.png
http://web.7k7k.com/g/img/logo.png
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/bg_input.png?v=201767183157
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_log.jpg?v=201767183157
http://n.7k7kimg.cn/uploads/gameimg/201801/e0b62.jpg
http://n.7k7kimg.cn/uploads/gameimg/201702/d7301.jpg
http://web.7k7k.com/g/img/rec_r.png
http://n.7k7kimg.cn/uploads/gameimg/201912/08358.jpg
http://n.7k7kimg.cn/uploads/gameimg/201702/e1f17.jpg
http://web.7k7k.com/g/img/i_vip_n.png
http://web.7k7k.com/api/sq_playgame.php?calllback=&act=gameall&uid=&callback=jQuery17201390108715650153_1623252553845&_=1623252578732
http://login.7k7k.com/box_post_login
http://n.7k7kimg.cn/uploads/gameimg/201703/0907f.jpg
http://web.7k7k.com/g/img/shearch_bg.png?v4
http://n.7k7kimg.cn/uploads/gameimg/201801/29cb2.jpg
http://n.7k7kimg.cn/uploads/gameimg/201702/605d4.png
http://n.7k7kimg.cn/uploads/gameimg/201906/7e7af.png
http://web.7k7k.com/g/img/right2.png
http://web.7k7k.com/g/img/i_search.png
http://n.7k7kimg.cn/uploads/gameimg/201703/2cc1f.jpg
http://web.7k7k.com/g/js/index.js?rev=e4622737
http://n.7k7kimg.cn/uploads/gameimg/202005/d0de1.png
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/css/logFn.min.css?v=0.2.9
http://n.7k7kimg.cn/uploads/gameimg/201803/55d64.jpg
http://web.7k7k.com/g/img/i_server_n.png
http://web.7k7k.com/g/img/fla_nav.png
http://web.7k7k.com/g/img/ban_bg.jpg
http://n.7k7kimg.cn/uploads/gameimg/201901/d7e18.jpg
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/btn_reg.jpg?v=201767183157
http://n.7k7kimg.cn/uploads/cdn/web_sq/img/u_photo.png?v3
http://n.7k7kimg.cn/uploads/gameimg/201805/5ef00.jpg
http://n.7k7kimg.cn/uploads/gameimg/201912/3d17b.jpg
http://web.7k7k.com/g/img/rep_png.png
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/bg_b.png?v=201767183157
http://n.7k7kimg.cn/uploads/gameimg/201904/da695.png
http://web.7k7k.com/g/img/n_bg.jpg
http://n.7k7kimg.cn/uploads/gameimg/202009/82bbf.jpg
http://n.7k7kimg.cn/uploads/gameimg/201909/6e919.jpg
http://n.7k7kimg.cn/uploads/gameimg/202006/ea426.png
http://n.7k7kimg.cn/uploads/gameimg/201912/0aa11.jpg
http://n.7k7kimg.cn/uploads/gameimg/201901/f26e4.png
http://n.7k7kimg.cn/uploads/gameimg/201703/63654.jpg
http://n.7k7kimg.cn/uploads/gameimg/201801/523db.jpg
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/bg_t.png?v=201767183157
http://web.7k7k.com/g/img/vip_year0.png
http://n.7k7kimg.cn/uploads/cdn/api/js/hwSlider.min.js
http://n.7k7kimg.cn/uploads/gameimg/201907/f2f92.png
http://n.7k7kimg.cn/uploads/gameimg/201703/735c8.jpg
http://n.7k7kimg.cn/uploads/gameimg/201704/0735e.jpg
http://n.7k7kimg.cn/uploads/gameimg/202102/5215f.png
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/line.png?v=201767183157
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/img/chk_1.png?v=201767183157
http://web.7k7k.com/g/img/i_home.png
http://n.7k7kimg.cn/uploads/gameimg/201909/2726e.png
http://n.7k7kimg.cn/uploads/gameimg/201801/c7841.jpg
http://n.7k7kimg.cn/uploads/gameimg/201702/3b655.png
http://n.7k7kimg.cn/uploads/gameimg/201801/b2801.jpg
http://n.7k7kimg.cn/uploads/gameimg/201801/a28d9.jpg
http://n.7k7kimg.cn/uploads/cdn/api/loginPlus/js/logFn_dm.min.js?vv0.2.871622543665
http://web.7k7k.com/g/img/i_hot.png
http://web.7k7k.com/g/img/vip_gzhy0.png
http://n.7k7kimg.cn/uploads/gameimg/201703/1eab5.jpg
https://n.7k7kimg.cn/uploads/gameimg/202104/9f98d.jpg
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1024x768&vl=623&et=0&fl=13.0&ja=1&ln=ko&lo=0&rnd=40257087&si=4f1beaf39805550dd06b5cac412cd19b&v=1.2.80&lv=1&sn=16164&r=0&ww=976&ct=!!&u=http%3A%2F%2Fg.7k7k.com%2F&tt=7k7k%E6%B8%B8%E6%88%8F_7k7k%E4%BC%91%E9%97%B2%E7%AB%9E%E6%8A%80%E6%B8%B8%E6%88%8F%E5%A4%A7%E5%8E%85_7k7k%E6%B8%B8%E6%88%8F%E5%AE%98%E7%BD%91_7k7k%E6%B8%B8%E6%88%8F%E4%B8%8B%E8%BD%BD
https://hm.baidu.com/hm.js?4f1beaf39805550dd06b5cac412cd19b
https://n.7k7kimg.cn/uploads/gameimg/202104/27fca.jpg
https://hm.baidu.com/hm.js?2cc039dda4311ed9739f2308bd58c84e
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1024x768&vl=623&et=0&fl=13.0&ja=1&ln=ko&lo=0&rnd=19596027&si=2cc039dda4311ed9739f2308bd58c84e&v=1.2.80&lv=1&sn=16164&r=0&ww=976&ct=!!&u=http%3A%2F%2Fg.7k7k.com%2F&tt=7k7k%E6%B8%B8%E6%88%8F_7k7k%E4%BC%91%E9%97%B2%E7%AB%9E%E6%8A%80%E6%B8%B8%E6%88%8F%E5%A4%A7%E5%8E%85_7k7k%E6%B8%B8%E6%88%8F%E5%AE%98%E7%BD%91_7k7k%E6%B8%B8%E6%88%8F%E4%B8%8B%E8%BD%BD
https://n.7k7kimg.cn/uploads/gameimg/202010/925f8.jpg
https://n.7k7kimg.cn/uploads/gameimg/202103/51b8e.jpg
https://n.7k7kimg.cn/uploads/gameimg/202104/4f21f.jpg
https://n.7k7kimg.cn/uploads/gameimg/202104/73214.jpg
https://n.7k7kimg.cn/uploads/gameimg/202012/0addb.jpg
https://n.7k7kimg.cn/uploads/gameimg/202103/52c69.png
https://n.7k7kimg.cn/uploads/gameimg/202008/ab4d3.jpg
https://n.7k7kimg.cn/uploads/gameimg/202102/595cb.jpg
https://n.7k7kimg.cn/uploads/gameimg/202103/49bf9.jpg
|
14
www.7k7k.com(119.206.200.181)
web.7k7k.com(14.0.113.218)
n.7k7kimg.cn(14.0.113.218)
g.7k7k.com(119.206.200.181)
login.7k7k.com(117.50.14.72)
hm.baidu.com(103.235.46.191) - mailcious
libs.baidu.com(39.156.66.111)
down.7k7k.com(119.206.200.180) - malware
39.156.66.111
14.0.113.218 - malware
117.50.14.72
103.235.46.191 - mailcious
119.206.200.181 - malware
119.206.200.180 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8741 |
2021-06-10 09:20
|
 svch.exe ac3ce8e8920a0b504cf0a10e204d2f3f
AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library DNS Socket Sniff Audio KeyLogger Code injection AntiDebug AntiVM PE File .NET EXE OS Processor Check PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key DDNS keylogger |
2
http://www.iptrackeronline.com/
https://www.iptrackeronline.com/
|
4
www.iptrackeronline.com(104.26.0.222)
safeduringthecoronavirus.duckdns.org(194.5.98.144) - mailcious
104.26.0.222
194.5.98.144 - mailcious
|
3
ET HUNTING Suspicious Domain Request for Possible COVID-19 Domain M2
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8742 |
2021-06-10 09:22
|
 vbc.exe 3fc801c41e2595e0f778e83973457449
AgentTesla PWS .NET framework browser info stealer Google Chrome User Data Admin Tool (Sysinternals Devolutions inc) Malicious Library Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence AntiDebug AntiVM PE VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger |
|
2
bressonseencrounder.mangospot.net(194.5.98.144) - mailcious
194.5.98.144 - mailcious
|
|
|
11.2 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8743 |
2021-06-10 09:32
|
 vbc.exe bee1b5a09da4f1bc92b3c1a283ab3157
AgentTesla AsyncRAT backdoor PWS .NET framework browser info stealer Google Chrome User Data Admin Tool (Sysinternals Devolutions inc) Malicious Library Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Downloader AntiDebug A VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger |
|
2
bensonm3jb3nj1.mangospot.net(79.137.109.121)
79.137.109.121
|
|
|
12.0 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8744 |
2021-06-10 09:32
|
 mpa.exe edf51521ad563bef8fa2f5ed218ac98c
PWS .NET framework Admin Tool (Sysinternals Devolutions inc) Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed |
|
|
|
|
9.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8745 |
2021-06-10 09:34
|
 getfile.php 28193ba741232f91101849f606fa8419
PE File PE64 DLL OS Processor Check VirusTotal Malware Check memory DNS crashed |
|
|
|
|
2.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|