| 8941 |
2023-11-12 18:49
|
 0311.dll 28ade89b1d09d13581d3abe00d7658fb
Malicious Library UPX PE File DLL PE64 DllRegisterServer dll Check memory unpack itself crashed |
|
|
|
|
1.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8942 |
2023-11-12 14:46
|
 ACR.exe 4247de093585ea6db6b6c520ca81247d
Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory Ransomware Interception Browser ComputerName DNS Software |
2
http://45.61.136.124/Up
http://45.61.136.124/Up/b
|
1
|
|
|
5.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8943 |
2023-11-12 14:43
|
 11.11.2023_URUN_DOSYASI.PDF.ja... 5b5f0954e451fd2ec65d98c73850f136
ZIP Format Check memory heapspray unpack itself Java |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8944 |
2023-11-12 14:41
|
11.11.2023_URUN_LISTESI.CSV.ja... f858788e48ae55d66e9ee3e32bf8ffe8
ZIP Format Check memory heapspray unpack itself Java |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8945 |
2023-11-12 14:40
|
11.11.2023_SIPARISLER.DOCX.jar 5ae53798de1427f31fa77a3bc776af1f
ZIP Format Check memory Checks debugger WMI RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed |
|
|
|
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8946 |
2023-11-12 14:39
|
 j-1 cf69c6526775008e39917f8d61ffd8ca
Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://202.79.172.107:8000/4
http://202.79.172.107:8000/1
http://202.79.172.107:8000/3
http://202.79.172.107:8000/2
|
1
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
7.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8947 |
2023-11-12 14:38
|
 Nfwwamql.exe c8c92a207e2a92499a19f26f04b3d8b2
UPX PE File PE64 MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
1.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8948 |
2023-11-11 21:47
|
 SIPARIS_62444520.PDF.jar c9000f0381622e97f6bdd056b9a30a8f
ZIP Format Check memory heapspray unpack itself Java |
|
|
|
|
1.6 |
M |
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8949 |
2023-11-11 16:52
|
 j-3 89d063bf866a6428c1cd61b9caeb5bec
Malicious Library Downloader UPX PE32 PE File DLL ZIP Format JPEG Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://202.79.172.110:8000/4
http://202.79.172.110:8000/1
http://202.79.172.110:8000/3
http://202.79.172.110:8000/2
|
1
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8950 |
2023-11-11 16:50
|
 system12.exe 76237495f1127cd3e1506ef3cdac3fbb
Malicious Library UPX AntiDebug AntiVM PE32 PE File MZP Format ftp OS Processor Check Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName |
|
1
vUEfYlUOIJMXrZYMHgsASygLi.vUEfYlUOIJMXrZYMHgsASygLi()
|
|
|
10.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8951 |
2023-11-11 16:48
|
 r-3 4d2339ce6c18eca6fd0945de4d2ade61
Malicious Library Downloader UPX PE32 PE File DLL ZIP Format JPEG Format Malware download Malware Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://122.10.27.116:7800/1
http://122.10.27.116:7800/2
http://122.10.27.116:7800/3
http://122.10.27.116:7800/4
|
2
feetifu.net() - mailcious
122.10.27.116 - malware
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8952 |
2023-11-11 16:47
|
 j-8 da257f4a293c128fb3b4172eecd865af
Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://154.39.250.33:8000/3
http://154.39.250.33:8000/2
http://154.39.250.33:8000/1
http://154.39.250.33:8000/4
|
2
feetifu.net() - mailcious
154.39.250.33 - malware
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
8.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8953 |
2023-11-11 16:43
|
 j-13 2d56b2af47d1e3575ccd27b406f59d03
Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://216.83.53.161:8000/2
http://216.83.53.161:8000/3
http://216.83.53.161:8000/1
http://216.83.53.161:8000/4
|
1
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8954 |
2023-11-11 16:43
|
 build.exe ae2ea51f300a9e7227fbd00eb72862d1
Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows crashed |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8955 |
2023-11-11 16:42
|
 j-25 26ea303f8ddc0412ae7f9a5ce6f85e5e
Malicious Library Downloader UPX PE32 PE File DLL JPEG Format ZIP Format Malware download Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader |
4
http://154.39.239.56:8000/1
http://154.39.239.56:8000/3
http://154.39.239.56:8000/2
http://154.39.239.56:8000/4
|
1
|
6
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE JS/WSF Downloader Dec 08 2016 M7
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO EXE - Served Attached HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
6.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|