9061 |
2021-06-21 13:00
|
winfuck.exe 53cc9d24a2dacc86819a40ac71819870 AsyncRAT backdoor PWS .NET framework Antivirus Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.2 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9062 |
2021-06-21 13:05
|
File.exe 34b2d327ebe6246d844b7a4b8640d4d5 AgentTesla AsyncRAT backdoor Eredel Stealer Extended email stealer browser info stealer ftp Client Google Chrome User Data Antivirus Escalate priviledges KeyLogger Steal credential ScreenShot DNS Socket AntiDebug AntiVM PE File .NET EXE Browser Info Stealer Emotet FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VirtualBox powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization VM Disk Size Check Ransomware Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
8
http://ni2748194-1.web16.nitrado.hosting/HostStartups.exe http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-08D4450EE4EB09C734C93A8E8E91A909.html - rule_id: 2096 http://46.102.106.151/panel/index.php http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-153E31DBDD1ACDF382491ECDBE37689C.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C1900454F8C1F17DAFA268D4AC67120F.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C311B505088D4AC5F97AC7A0C3EA6538.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-59CA53825A30DDA8641228CFB3A1898A.html - rule_id: 2096 http://apdocroto.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B8A00046C7A941058E012A87473EB342.html - rule_id: 2096
|
9
ni2748194-1.web16.nitrado.hosting(194.169.211.111) - malware dontreachme3.ddns.net(95.90.186.169) dontreachme.duckdns.org(46.102.106.151) apdocroto.gq(104.21.14.60) - mailcious 104.21.14.60 - mailcious 46.102.106.151 95.90.186.169 194.169.211.111 - malware 172.67.158.27
|
8
ET INFO DNS Query for Suspicious .gq Domain SURICATA HTTP Request unrecognized authorization method ET INFO HTTP Request to a *.gq domain ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET POLICY DNS Query to DynDNS Domain *.ddns .net ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
6
http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/ http://apdocroto.gq/liverpool-fc-news/features/
|
32.6 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9063 |
2021-06-21 13:05
|
pure.exe f98403adb295304f1e3f52b86a5ad441 PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9064 |
2021-06-21 13:06
|
lv.exe 88ca00752b5d524d9a88a5fc5818d639 Gen1 NPKI Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 DLL VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows DNS crashed |
|
2
htjBKVRBLSDkJHGMuwcYAPI.htjBKVRBLSDkJHGMuwcYAPI() 172.67.158.27
|
|
|
8.8 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9065 |
2021-06-21 13:12
|
setup.exe ed070e82321e34aca28364015919f78e Emotet Gen1 Gen2 Generic Malware PE File PE64 OS Processor Check DLL .NET DLL VirusTotal Malware Check memory Creates executable files unpack itself Ransomware DNS |
|
|
|
|
4.2 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9066 |
2021-06-21 13:50
|
이력서_210620(경력사항도 같이 기재하였으니 확인부... 69e7253f4566665890fa293e91a1bc89 PE File PE32 VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
1.6 |
|
16 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9067 |
2021-06-21 13:51
|
포트폴리오_210620(경력사항도 같이 기재하였으니 확... 90144b44265dd72a22ccadf0824966a1 PE File PE32 VirusTotal Malware Check memory unpack itself crashed |
|
|
|
|
1.6 |
|
16 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9068 |
2021-06-21 17:23
|
vbc.exe 44d30f858fcb66c0fa2b475f60d8f6f3 AsyncRAT backdoor PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities AppData folder Tofsee Windows DNS Cryptographic key |
7
http://www.cyrilgraze.com/p2io/?WZ=ytsDIrP&ibxHRhGx=PONkgH6OT+IdHpvpbj4YyU3gBn/U0y1OFS1Y8BXnr3YdY2x3tUozsMLieTk0sG+frQWfUBsy - rule_id: 1567 http://www.cyrilgraze.com/p2io/ - rule_id: 1567 http://www.micheldrake.com/p2io/ - rule_id: 1550 http://www.micheldrake.com/p2io/?WZ=ytsDIrP&ibxHRhGx=d2NgnqRQHDqC8zfUpSeXKrGILlrAeXd0mpzt/HUKTHCMsqjNpHqiPqxZu8ECgv8Wi9ydyjUw - rule_id: 1550 http://edgedl.me.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe https://update.googleapis.com/service/update2?cup2key=10:2052101556&cup2hreq=876c248ec5ef25e72ce37cb3d31e61f13291d289045ee395f5c45bb4a691de2a https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.36.32&applang=&machine=1&version=1.3.36.32&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
11
edgedl.me.gvt1.com(34.104.35.123) www.buylocalclub.info() - mailcious www.micheldrake.com(192.0.78.25) www.zgcbw.net() - mailcious www.cyrilgraze.com(172.67.138.177) www.m678.xyz() 142.250.66.110 142.250.66.131 34.104.35.123 192.0.78.25 - mailcious 104.21.65.7
|
5
ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE FormBook CnC Checkin (GET) ET INFO EXE - Served Attached HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
4
http://www.cyrilgraze.com/p2io/ http://www.cyrilgraze.com/p2io/ http://www.micheldrake.com/p2io/ http://www.micheldrake.com/p2io/
|
12.2 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9069 |
2021-06-21 17:24
|
lv.exe 72eabb4aebfc3d4efd52b64d04847747 Gen1 Gen2 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 DLL OS P VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed |
|
1
dqMVtWpEvFELdzAsqfgVMAhY.dqMVtWpEvFELdzAsqfgVMAhY()
|
|
|
8.4 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9070 |
2021-06-21 17:24
|
vbc-0.exe ecce2c5c0b5e52edcf5a9d283b767201 PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
8.4 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9071 |
2021-06-21 17:25
|
vbc-0.exe ecce2c5c0b5e52edcf5a9d283b767201 PWS .NET framework Admin Tool (Sysinternals etc ...) Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
7.8 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9072 |
2021-06-21 17:47
|
wMaiUQzBqvXzMnnb.jpg.ps1 52a065ddfaa997a46ae7ac35d9abdfafDNS |
|
|
|
|
0.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9073 |
2021-06-21 17:48
|
rwe.wbk be62b274d4a4aa3ceef7ad17a15b5ab3 RTF File doc AntiDebug AntiVM FormBook Malware download Malware MachineGuid Malicious Traffic Check memory ICMP traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader |
6
http://www.thesoulrevitalist.com/p2io/ http://www.thesoulrevitalist.com/p2io/?1bw=ywi4HDlC8ElSOMEyK6H+rd6B6cynTULkanOSXBUPYg06e2wPUHpv6wPun14JIO+5lIaxxIkr&LZa0=kJEXPjV http://www.painhut.com/p2io/?1bw=403u/w6DmQ0SdXY5uvN4cykoFcXgffqxcXVyEVQEiHIwKr5fFLVOKqQhRyqqhxyR2hkDTO+v&LZa0=kJEXPjV http://www.redudiban.com/p2io/ http://www.redudiban.com/p2io/?1bw=lG9Y6vALifV69L5nwZMaSDuac40TgmoMbDmTo0RVe6GC0eaU+z9H3LThoKEFdKrpsqSNHxEr&LZa0=kJEXPjV http://www.painhut.com/p2io/
|
9
www.zgcbw.net() - mailcious www.redudiban.com(104.252.121.237) www.thesoulrevitalist.com(34.102.136.180) www.painhut.com(52.14.32.15) www.advancedaccessapplications.com() 3.112.233.112 - malware 104.252.121.237 52.14.32.15 34.102.136.180 - mailcious
|
7
ET MALWARE FormBook CnC Checkin (GET) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9074 |
2021-06-21 17:48
|
csrss.exe 789a47d33ce65dad5fd40c1e656cf638 Generic Malware PE File PE32 VirusTotal Malware RWX flags setting unpack itself anti-virtualization DNS |
|
1
|
|
|
3.2 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9075 |
2021-06-21 20:24
|
이력서_210620(경력사항도 같이 기재하였으니 확인부... 69e7253f4566665890fa293e91a1bc89 PE File PE32 VirusTotal Malware Check memory unpack itself DNS |
|
|
|
|
2.2 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|