| 9106 |
2023-08-25 09:37
|
Fsociety.lnk e3d4d8caa4456f8262afcbdb5c689526
Generic Malware Antivirus Hide_URL AntiDebug AntiVM Lnk Format GIF Format PowerShell VirusTotal Malware VBScript powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
4
http://apps.identrust.com/roots/dstrootcax3.p7c
http://192.210.175.4/TSTA/1/IE_root.vbs
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
http://192.210.175.4/TSTA/BH.txt
|
4
uploaddeimagens.com.br(172.67.215.45) - malware
192.210.175.4 - mailcious
61.111.58.35 - malware
104.21.45.138 - malware
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host VBS Request
ET POLICY curl User-Agent Outbound
ET HUNTING curl User-Agent to Dotted Quad
|
|
11.6 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9107 |
2023-08-25 09:36
|
 a.exe 009a6a218685242e3525785807bfb86d
PE File PE64 VirusTotal Malware |
|
|
|
|
1.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9108 |
2023-08-25 09:30
|
sirmx.vbs 45594cce185bf66f8c14077d9ed390b8
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://80.76.51.248/simoogn.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
61.111.58.34 - malware
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9109 |
2023-08-25 09:29
|
 gen.txt.vbs 6be764247e9a823518f1a4abad4dd12e
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://51.254.49.49:222/new/coder.jpg
|
1
|
|
|
9.0 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9110 |
2023-08-25 09:29
|
coder.jpg.vbs c27f92cd1655b37f3293787a71f6c4b0
Antivirus VirusTotal Malware unpack itself crashed |
|
|
|
|
1.0 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9111 |
2023-08-25 09:28
|
okl.vbs 4deebf58be238e5998ba53d70f9cb7a7
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://80.76.51.248/okilo.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.9
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9112 |
2023-08-25 09:26
|
 exe 6b7fb472203b22e49f64ab8a8c846c96
AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
12
camo.githubusercontent.com(185.199.108.133)
fonts.googleapis.com(142.250.206.202)
widget.uservoice.com(104.17.30.92)
www.google-analytics.com(142.250.207.110)
142.250.204.138
104.17.29.92
104.17.30.92
104.17.27.92
104.17.28.92
142.250.207.78
104.17.31.92
185.199.110.133 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
5.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9113 |
2023-08-25 09:26
|
hustosinl.vbs 3109001e8bdda9728bf576235dc15a03
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://185.225.75.151/sampilopi.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
23.43.165.66
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9114 |
2023-08-25 09:24
|
ESL.vbs 28b3fe92d68e8091ad4044c68e4c80d9
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://94.156.161.167/tl/ed432.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
23.67.53.17
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.6 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9115 |
2023-08-25 09:24
|
jostuopa.vbs e33decb056b1ee3b4b75be4017bf9f16
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://94.156.253.247/kanoyina.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
23.43.165.66
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9116 |
2023-08-25 09:06
|
IE_root.vbs a28f130308c18357e5d78caa5483e81e
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
http://192.210.175.4/TSTA/BH.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.9
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9117 |
2023-08-25 07:40
|
 Asd11.exe c141f0e98436f3aaabb54857344fc8be
Generic Malware Malicious Library Antivirus UPX ScreenShot KeyLogger AntiDebug AntiVM PE File PE64 OS Processor Check powershell Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security Auto service powershell.exe wrote suspicious process malicious URLs Windows ComputerName Cryptographic key |
|
|
|
|
9.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9118 |
2023-08-25 07:40
|
 jfskxgiowyrhn.exe c7760450b006ef172e0638bde6125c17
task schedule UPX AntiDebug AntiVM PE File .NET EXE PE32 suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
6.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9119 |
2023-08-25 07:37
|
 Vr0mqRZpkNshedy.exe 6d6ccdc462b1a9f6a53f1c193f3120a3
Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
2
api.ipify.org(173.231.16.76)
104.237.62.211
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9120 |
2023-08-25 07:37
|
 jfskxgiowyrhn.exe 50552fe7269260bc90e22d2461925696
UPX AntiDebug AntiVM PE File .NET EXE PE32 suspicious privilege Code Injection Check memory Checks debugger unpack itself |
|
|
|
|
5.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|