| 9151 |
2023-08-24 03:41
|
11-21-1183-04-00bi-device-fing... a5d5c45e3bd16c3507e766a6df7592f0
ZIP Format unpack itself |
|
|
|
|
0.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9152 |
2023-08-23 18:46
|
000000000000000000000000000%23... dcbcfd6de58204d8a29f0d173e88e34d
MS_RTF_Obfuscation_Objects RTF File doc exploit crash Exploit DNS crashed |
|
1
107.172.148.208 - mailcious
|
|
|
3.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9153 |
2023-08-23 18:12
|
000000000000000000000000000%23... dcbcfd6de58204d8a29f0d173e88e34d
MS_RTF_Obfuscation_Objects RTF File doc exploit crash unpack itself Exploit DNS crashed |
|
1
107.172.148.208 - mailcious
|
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9154 |
2023-08-23 17:31
|
 x.vbs 3f6bf228afaad7e9e49b3502801f3b40
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://192.3.216.144/test/ChromeSetup.exe
|
|
|
|
5.2 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9155 |
2023-08-23 17:27
|
idex.vbs 184a8350f23b2b74fc1877165fd75dbb
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://80.76.51.248/idesh.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.27
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9156 |
2023-08-23 17:27
|
afk.vbs 394cb016b49972ef3d60a438b0ba7600
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://80.76.51.248/afrique.txt
|
4
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.27
104.21.45.138 - malware
45.33.6.223
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9157 |
2023-08-23 17:25
|
 CompPkgSrv.exe b21b7a7c3470ec539fbfb187a361c894
PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows |
|
2
files.catbox.moe(108.181.20.35) - malware
108.181.20.35 - mailcious
|
2
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9158 |
2023-08-23 17:25
|
receipt_231123.vbs 5209552db61b19cc3dcffe60168f4359
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
http://192.210.175.4/lime/ivr/update.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.27
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9159 |
2023-08-23 17:23
|
smito.vbs 731185eac99c29852de43d3bd7c1a79f
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://80.76.51.248/smit.txt
|
4
uploaddeimagens.com.br(104.21.45.138) - malware
61.111.58.35 - malware
108.181.20.35 - mailcious
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.0 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9160 |
2023-08-23 17:23
|
 smss.exe 6611d09b189022dc685a871698f02144
.NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9161 |
2023-08-23 17:21
|
 hueyzx.exe 4a6361df182ee84fb216f44262105ddc
.NET framework(MSIL) PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious TLD ComputerName DNS |
3
http://www.dyeraoriginal.com/tiam/?yV=x1j5fowc2y49z3JbUDsRqHv/cgZtdqPsKlNbPf5hyBW/p+SgUw8W4oDxxiKg/GFR4snRjr8Qj2JspeU29wx74WMq4daUCC2QZAthNUw=&6q6=D-rLjrPtPOSzf
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
http://www.dyeraoriginal.com/tiam/
|
5
www.miyekc.top(38.181.22.138)
www.dyeraoriginal.com(93.184.77.58)
38.181.22.138
93.184.77.58
45.33.6.223
|
1
ET DNS Query to a *.top domain - Likely Hostile
|
|
10.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9162 |
2023-08-23 17:21
|
 CompPkgSrv.exe 9b3c1edaa709d4ab07401fae17223b60
PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows |
|
2
files.catbox.moe(108.181.20.35) - malware
108.181.20.35 - mailcious
|
2
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9163 |
2023-08-23 17:19
|
 soman.exe 25ea22fd38b4c9529f7443250622e910
Malicious Library UPX AntiDebug AntiVM OS Processor Check PE File PE32 DLL VirusTotal Malware PDB Code Injection Checks debugger Creates executable files unpack itself AppData folder Remote Code Execution |
|
|
|
|
4.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9164 |
2023-08-23 17:18
|
pee.vbs 70473f7851537bd689bab2ac33325091
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://185.216.71.134/pee.txt
|
4
uploaddeimagens.com.br(172.67.215.45) - malware
156.236.72.121 - mailcious
61.111.58.34 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9165 |
2023-08-23 17:16
|
weobmaaaa.vbs 9103ec9c65ba23dc4ff1dbe225475806
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://94.156.253.236/obmaa.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
61.111.58.34 - malware
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|