9076 |
2023-08-26 21:31
|
alotdatas.exe 8baf3a087399d0e0021ebbe699321333 Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware PDB DNS |
|
1
193.142.147.59 - mailcious
|
|
|
3.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9077 |
2023-08-26 21:29
|
Moriwnrn.exe f91db36135a994d00b92ec2b1be0fca9 Generic Malware .NET framework(MSIL) Antivirus PE File .NET EXE PE32 PowerShell VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed |
|
1
193.142.147.59 - mailcious
|
|
|
11.2 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9078 |
2023-08-26 21:28
|
Eppzjtedzmk.exe 8a1c6ab6aeeec522d4d2d483543cb6ad LokiBot Generic Malware task schedule .NET framework(MSIL) Antivirus PWS DNS ScreenShot KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 PowerShell VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
11.4 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9079 |
2023-08-26 21:27
|
TPB-1.exe 5de87b373a800e9ec989dc08dfd4ded0 .NET framework(MSIL) Http API PWS HTTP ScreenShot Internet API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download VirusTotal Malware RecordBreaker suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion installed browsers check Stealer Windows Browser DNS Cryptographic key |
8
http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll http://193.142.147.59/e1fb217729efc3471848bf7aa6f6c49e http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
|
1
193.142.147.59 - mailcious
|
11
ET MALWARE Win32/RecordBreaker CnC Checkin M1 ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING Possible Generic Stealer Sending System Information
|
|
13.0 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9080 |
2023-08-26 21:26
|
Z2K-1.exe 140510ca012bf95c60b339b6388c2ca9 Gen1 .NET framework(MSIL) Malicious Library UPX Malicious Packer Http API PWS HTTP ScreenShot Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Malware RecordBreaker suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder sandbox evasion installed browsers check Stealer Windows Browser DNS Cryptographic key crashed |
8
http://193.142.147.59/db6a9919d0fc0d9c5f81c7bb4a3bc636 http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://193.142.147.59/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
|
1
193.142.147.59 - mailcious
|
11
ET MALWARE Win32/RecordBreaker CnC Checkin M1 ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING Possible Generic Stealer Sending System Information
|
|
13.6 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9081 |
2023-08-26 21:26
|
Lrbaski.exe b2f1ba65b5e4d49ff785247fc553bd94 PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces |
|
|
|
|
2.8 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9082 |
2023-08-26 21:23
|
55555.exe 70d02e692f264a782f5c6142d4804caa Malicious Library UPX Malicious Packer Anti_VM OS Processor Check PE File PE64 DLL VirusTotal Malware Creates executable files |
|
|
|
|
1.8 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9083 |
2023-08-26 04:25
|
http://smp-device-content.appl... Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://smp-device-content.apple.com/
|
2
smp-device-content.apple.com(17.253.69.204) 17.253.75.205
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9084 |
2023-08-26 04:22
|
http://d3js.org 1bd32f457f2dc057f8c0beb9107212cd Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
6
http://d3js.org/ https://d3js.org/favicon.ico https://d3js.org/assets/app.b8957a3f.js https://d3js.org/assets/style.37c4d7e2.css https://d3js.org/ https://d3js.org/logo.svg
|
4
static.observableusercontent.com(18.64.8.37) d3js.org(172.67.73.126) 18.64.8.28 104.26.6.30
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9085 |
2023-08-26 03:43
|
http://bag.itunes.apple.com Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://bag.itunes.apple.com/
|
2
bag.itunes.apple.com(104.76.96.30) 23.52.32.17
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9086 |
2023-08-26 03:26
|
http://netcts.cdn-apple.com 73a78ff5bd7e5e88aa445826d4d6eecb Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
2
http://netcts.cdn-apple.com/favicon.ico http://netcts.cdn-apple.com/
|
2
netcts.cdn-apple.com(23.67.53.26) 121.254.136.64
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9087 |
2023-08-26 03:00
|
http://mask-api.icloud.com Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://mask-api.icloud.com/
|
2
mask-api.icloud.com(17.248.221.65) 17.248.221.66
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9088 |
2023-08-26 02:29
|
http://mask-api.icloud.com Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
http://mask-api.icloud.com/
|
2
mask-api.icloud.com(17.248.221.64) 17.248.221.64
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9089 |
2023-08-26 00:23
|
http://risorse.tim.it Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
|
2
risorse.tim.it(81.74.236.236) 81.74.228.24
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9090 |
2023-08-25 20:13
|
vbc.exe 90d7398bd4bb66384b309201ce5f20f0 Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
60 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|