| 9181 |
2021-06-24 13:52
|
 vbc.exe de41a01457573e366909c2ddb491d1f3
Generic Malware Malicious Packer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
3.6 |
|
44 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9182 |
2021-06-24 18:52
|
 AutoUpdate.exe e1d039fffde52305c0b315b3bd34beec
AsyncRAT backdoor PWS .NET framework Generic Malware Antivirus PE File .NET EXE PE32 GIF Format VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName DNS Cryptographic key |
1
http://103.153.79.74/2008/Updates.xml
|
1
|
|
|
6.4 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9183 |
2021-06-24 18:54
|
 1912911284.exe 452be1334a422f61c6cf1e5faffe9aac
AsyncRAT backdoor BitCoin Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
1
|
|
|
9.0 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9184 |
2021-06-24 18:56
|
 download.php e26b7bc94aac86c0faef0ed54aaa4461
PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself DNS |
|
|
|
|
3.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9185 |
2021-06-24 18:56
|
 xxxx1_2021-06-22_10-59.exe 75fc5d6c951b284bc1c6b309c7c5fd9e
PE File OS Processor Check PE32 VirusTotal Malware unpack itself |
|
|
|
|
2.2 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9186 |
2021-06-24 18:57
|
4p-desktop.exe 2020ddf1aac56d939f7ee5af52903258
PE File PE32 JPEG Format PNG Format GIF Format VirusTotal Malware Buffer PE MachineGuid Check memory buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee ComputerName DNS |
22
http://www.netikus.net/show_ip.html
http://r3.i.lencr.org/
https://community.iw4play.de/4p_games/sprachen/uk.txt
https://community.iw4play.de/4p_games/4p-games.md5
https://community.iw4play.de/4p_games/pictures/liniegrau.png
https://community.iw4play.de/4p_games/version.txt
https://community.iw4play.de/4p_games/pictures/drag.png
https://community.iw4play.de/4p_games/data/settings.ini
https://community.iw4play.de/4p_games/data/games.ini
https://community.iw4play.de/4p_games/pictures/bgblack100.png
https://community.iw4play.de/4p_games/data/pconnect.dll
https://community.iw4play.de/4p_games/pictures/eingabe.png
https://community.iw4play.de/4p_games/pictures/leisteblack.png
https://community.iw4play.de/4p_games/werbung/werbung.txt
https://community.iw4play.de/4p_games/werbung/musterwerbung.jpg
https://community.iw4play.de/4p_games/pictures/bobg.jpg
https://community.iw4play.de/4p_games/pictures/anmelden.png
https://community.iw4play.de/4p_games/data/connect.dll
https://community.iw4play.de/4p_games/pictures/logo.png
https://community.iw4play.de/4p_games/pictures/freundeauswahl.png
https://community.iw4play.de/4p_games/pictures/verwalten.png
https://community.iw4play.de/4p_games/pictures/bgblack.png
|
6
r3.i.lencr.org(104.74.168.254)
community.iw4play.de(195.90.200.240)
www.netikus.net(216.92.199.161)
104.74.168.254
216.92.199.161
195.90.200.240
|
2
ET POLICY External IP Lookup (www. netikus .net)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.2 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9187 |
2021-06-24 18:58
|
3ebce3a4.png d0fc39d941e2d32edc687c3f6275afd8
MSOffice File VirusTotal Malware DNS |
|
|
|
|
1.6 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9188 |
2021-06-24 19:01
|
 downfile.asp 95c9114f4850e45b212d0e053103961e
PE File PE32 JPEG Format PNG Format VirusTotal Malware Check memory buffers extracted Creates executable files RWX flags setting unpack itself Interception DNS crashed |
92
http://ip.ws.126.net/ipquery
http://www.ysbaojia.com:88/web/images/xiaomishu/00.gif
http://www.ysbaojia.com:88/web/images/main0.jpg
http://www.ysbaojia.com:88/web/images/Toolbar/wx.jpg
http://www.ysbaojia.com:88/web/images/ilist/fangweibiao.gif
http://www.ysbaojia.com:88/api/common.asp?act=in_client&w=1024&h=768&c=32
http://www.ysbaojia.com:88/web/JavaScript/leftitems.js?+Math.random()
http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_over_bg.gif
http://www.ysbaojia.com:88/web/images/ilist/baozhuanghe.gif
http://www.ysbaojia.com:88/web/JavaScript/zDialog.js
http://www.ysbaojia.com:88/web/images/logo/suliaodai.gif
http://www.ysbaojia.com:88/web/images/logo/caihe.gif
http://www.ysbaojia.com:88/web/images/ilist/mingpian.gif
http://www.ysbaojia.com:88/web/images/ilist/shuomingshu.gif
http://www.ysbaojia.com:88/web/JavaScript/myJSFrame.js
http://www.ysbaojia.com:88/web/JavaScript/ad_right1.js
http://www.ysbaojia.com:88/web/images/handle.gif
http://www.ysbaojia.com:88/api/main.asp?pid=7616&Unid=&comefrom=10&vvv=5.9&SysCode=Web
http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_over_left.gif
http://www.ysbaojia.com:88/web/images/ilist/pbdanzhang.gif
http://www.ysbaojia.com:88/api/news.asp?pid=7616&comefrom=10&provs=??
http://www.ysbaojia.com:88/web/images/ilist/zhibei.gif
http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_over_right.gif
http://www.ysbaojia.com:88/web/images/logo/danzhang.gif
http://www.ysbaojia.com:88/web/images/ilist/diaopai.gif
http://www.ysbaojia.com:88/web/images/ilist/caihe.gif
http://www.ysbaojia.com:88/web/JavaScript/Toolbar.js
http://www.ysbaojia.com:88/web/images/Toolbar/foot_bg.gif
http://www.ysbaojia.com:88/web/images/logo/huache.gif
http://www.ysbaojia.com:88/web/images/tabs-list.gif
http://www.ysbaojia.com:88/web/images/ilist/zbdanzhang.gif
http://www.ysbaojia.com:88/api/getBoom.asp?t=2&pid=7616
http://www.ysbaojia.com:88/web/images/logo/buganjiao.gif
http://www.ysbaojia.com:88/web/css/mainx1.css
http://www.ysbaojia.com:88/web/JavaScript/checklogin.js
http://www.ysbaojia.com:88/web/images/ilist/zbhuace.gif
http://www.ysbaojia.com:88/web/images/ilist/wufangbudai.gif
http://www.ysbaojia.com:88/web/images/tab-strip-bg.gif
http://www.ysbaojia.com:88/web/images/Toolbar/utilities.gif
http://www.ysbaojia.com:88/web/left-2.html
http://www.ysbaojia.com:88/web/images/ilist/fengtao.gif
http://www.ysbaojia.com:88/web/JavaScript/index.js
http://www.ysbaojia.com:88/web/images/tabs-sprite.gif
http://www.ysbaojia.com:88/web/images/logo/bzbg.gif
http://www.ysbaojia.com:88/web/images/ilist/guali.gif
http://www.ysbaojia.com:88/web/images/ilist/penhui.gif
http://www.ysbaojia.com:88/web/images/logo/shouwandai.gif
http://www.ysbaojia.com:88/web/images/main1.jpg
http://www.ysbaojia.com:88/web/images/favDrop.gif
http://www.ysbaojia.com:88/web/images/ilist/pbhuace.gif
http://www.ysbaojia.com:88/web/images/ilist/zbbuganjiao.gif
http://www.ysbaojia.com:88/web/xiaomishu.html?pid=7616
http://www.ysbaojia.com:88/web/images/e-handle.gif
http://www.ysbaojia.com:88/web/images/logo/design.gif
http://www.ysbaojia.com:88/web/images/ilist/yinshuasheji.gif
http://www.ysbaojia.com:88/web/images/ilist/ysf.gif
http://www.ysbaojia.com:88/web/JavaScript/lang.js
http://www.ysbaojia.com:88/web/images/panel-title-light-bg.gif
http://www.ysbaojia.com:88/web/css/Pitem.css
http://www.ysbaojia.com:88/web/JavaScript/ad_right.js
http://www.ysbaojia.com:88/web/images/ilist/tiaofu.gif
http://www.ysbaojia.com:88/api/login.asp?al=1&SysCode=Web
http://www.ysbaojia.com:88/web/JavaScript/mainIndex.js?+Math.random()
http://www.ysbaojia.com:88/web/images/ilist/pvc.gif
http://www.ysbaojia.com:88/web/images/ilist/pbbuganjiao.gif
http://www.ysbaojia.com:88/web/images/left_close.gif
http://www.ysbaojia.com:88/web/images/ilist/shumakuaiyin.gif
http://www.ysbaojia.com:88/web/images/ilist/zhijia.gif
http://www.ysbaojia.com:88/web/images/logo/zhijia.gif
http://www.ysbaojia.com:88/web/images/ilist/zbbaozhuanghe.gif
http://www.ysbaojia.com:88/web/images/ilist/wutanliandan.gif
http://www.ysbaojia.com:88/web/images/Toolbar/app.jpg
http://www.ysbaojia.com:88/web/images/main2.jpg
http://www.ysbaojia.com:88/web/images/ilist/moqieyingka.gif
http://www.ysbaojia.com:88/web/images/ilist/zbxinfeng.gif
http://www.ysbaojia.com:88/web/images/tab-close.gif
http://www.ysbaojia.com:88/web/JavaScript/main.js?+Math.random()
http://www.ysbaojia.com:88/web/images/logo/diaopai.gif
http://www.ysbaojia.com:88/web/images/ilist/zbbianqian.gif
http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg.gif
http://www.ysbaojia.com:88/web/JavaScript/public.js?+Math.random()
http://www.ysbaojia.com:88/web/images/logo/xinfeng.gif
http://www.ysbaojia.com:88/web/images/favMan.gif
http://www.ysbaojia.com:88/web/images/ilist/taili.gif
http://www.ysbaojia.com:88/web/JavaScript/initcity.v2.js
http://www.ysbaojia.com:88/web/JavaScript/langSub.js
http://www.ysbaojia.com:88/web/items/main.html
http://www.ysbaojia.com:88/web/css/help.css
http://www.ysbaojia.com:88/web/css/chromestyle.css
http://www.ysbaojia.com:88/web/images/ilist/shouwandai.gif
http://www.ysbaojia.com:88/web/images/ilist/jingzhuanghe.gif
http://www.ysbaojia.com:88/web/images/ilist/pbbianqian.gif
|
4
ip.ws.126.net(59.111.181.52)
www.ysbaojia.com(120.77.146.229)
59.111.181.52
120.77.146.229
|
|
|
5.0 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9189 |
2021-06-24 19:02
|
 defi.exe ee17b850393e1f3cf0704a408378d874
NPKI Raccoon Stealer PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Windows crashed |
|
|
|
|
3.4 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9190 |
2021-06-24 19:03
|
 dll.rar 0ae26770b96b47165c58ed621143d439
Anti_VM PE File DLL PE32 VirusTotal Malware Checks debugger unpack itself DNS crashed |
|
1
|
|
|
3.2 |
|
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9191 |
2021-06-24 19:03
|
 ProstoLauncher.exe 7410df6db7dd9dfc0c4103efa8d13fc9
Gen2 NPKI Generic Malware PE File .NET EXE PE32 PE64 DLL OS Processor Check GIF Format VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AntiVM_Disk suspicious TLD VM Disk Size Check Tofsee ComputerName DNS |
9
https://prostocraft.ru/api/launcher/getLauncherVersion
https://prostocraft.ru/launcher/bundle-jre-win64/bin/orbd.exe
https://prostocraft.ru/launcher/bundle-prostocraft/do_not_download.txt
https://prostocraft.ru/api/launcher/getLoaderVersion?type=exe
https://prostocraft.ru/launcher/launcher.98.jar
https://prostocraft.ru/launcher/bundle-prostocraft/do_not_update.txt
https://prostocraft.ru/launcher/bundle-prostocraft/do_not_delete.txt
https://prostocraft.ru/api/bundle/getBundleIndex?id=prostocraft
https://prostocraft.ru/api/bundle/getBundleIndex?id=jre-win64
|
2
prostocraft.ru(212.22.85.147)
212.22.85.147
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9192 |
2021-06-24 19:04
|
 Console.exe 61fca35c673bcac5409c0b738e6c8b34
Generic Malware DGA DNS SMTP Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection Internet API ScreenShot Downloader AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows crashed keylogger |
|
2
haija.mine.nu(95.141.215.167)
95.141.215.167
|
|
|
12.0 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9193 |
2021-06-24 19:05
|
 xxxx1_2021-06-22_10-59.exe 75fc5d6c951b284bc1c6b309c7c5fd9e
PE File OS Processor Check PE32 VirusTotal Malware unpack itself |
|
|
|
|
2.2 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9194 |
2021-06-24 19:07
|
 BaiHai3306.exe 70f73040b04bd10072e2e325efcc8ff3
Gh0st RAT Malicious Packer PE File PE32 Malware download VirusTotal Malware GhostRAT AutoRuns sandbox evasion Windows Backdoor DNS |
|
1
|
2
ET MALWARE Backdoor family PCRat/Gh0st CnC traffic
ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 102
|
|
4.2 |
|
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9195 |
2021-06-24 19:08
|
 0007.exe ed139ac790df240e64d862a344f02f83
Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
11.4 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|