| 9196 |
2021-06-24 19:09
|
 downfile.asp fe5e690adf7c29a5d31a7025667d24a7
PE File PE32 JPEG Format PNG Format VirusTotal Malware Check memory buffers extracted Creates executable files RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check Tofsee Interception Windows crashed keylogger |
126
http://ip.ws.126.net/ipquery
http://www.ysbaojia.com:88/web/images/xiaomishu/00.gif
http://www.ysbaojia.com:88/web/images/main0.jpg
http://www.ysbaojia.com:88/web/images/Toolbar/wx.jpg
http://www.ysbaojia.com:88/web/images/ilist/fangweibiao.gif
http://www.ysbaojia.com:88/api/common.asp?act=in_client&w=1024&h=768&c=32
http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_space.gif
http://www.ysbaojia.com:88/web/JavaScript/leftitems.js?+Math.random()
http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_over_bg.gif
http://www.ysbaojia.com:88/web/images/ilist/baozhuanghe.gif
http://www.ysbaojia.com:88/web/JavaScript/zDialog.js
http://www.ysbaojia.com:88/web/images/ilist/mingpian.gif
http://www.ysbaojia.com:88/web/images/tt2.jpg
http://www.ysbaojia.com:88/web/images/ilist/shuomingshu.gif
http://img.ysbaojia.com/UpLoadFile/ysbaojia/2021052741999825.gif
http://www.ysbaojia.com:88/web/images/boomHead1.jpg
http://www.ysbaojia.com:88/web/JavaScript/myJSFrame.js
http://www.ysbaojia.com:88/web/JavaScript/ad_right1.js
http://www.ysbaojia.com:88/web/images/handle.gif
http://www.ysbaojia.com:88/web/images/ilist/fengtao.gif
http://www.ysbaojia.com:88/web/images/ilist/pbdanzhang.gif
http://www.ysbaojia.com:88/web/images/ilist/zhibei.gif
http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_over_right.gif
http://www.ysbaojia.com:88/web/images/ilist/diaopai.gif
http://www.ysbaojia.com:88/web/images/ilist/caihe.gif
http://www.ysbaojia.com:88/web/JavaScript/Toolbar.js
http://www.ysbaojia.com:88/web/images/Toolbar/foot_bg.gif
http://www.ysbaojia.com:88/web/css/Boom.css
http://www.ysbaojia.com:88/web/images/tabs-list.gif
http://www.ysbaojia.com:88/web/images/ilist/zbdanzhang.gif
http://www.ysbaojia.com:88/web/images/Toolbar/QYQQ.gif
http://www.ysbaojia.com:88/api/news.asp?pid=0&comefrom=8&provs=??
http://www.ysbaojia.com:88/web/css/mainx1.css
http://www.ysbaojia.com:88/web/JavaScript/checklogin.js
http://www.ysbaojia.com:88/web/images/ilist/zbhuace.gif
http://www.ysbaojia.com:88/web/images/ilist/wufangbudai.gif
http://www.ysbaojia.com:88/web/images/tab-strip-bg.gif
http://www.ysbaojia.com:88/web/images/tt3.jpg
http://www.ysbaojia.com:88/web/images/tt1.jpg
http://www.ysbaojia.com:88/web/images/Toolbar/ysbaojia.gif
http://www.ysbaojia.com:88/web/images/Toolbar/utilities.gif
http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_over_left.gif
http://www.ysbaojia.com:88/web/images/Toolbar/fav.gif
http://www.ysbaojia.com:88/web/JavaScript/index.js
http://www.ysbaojia.com:88/web/images/tabs-sprite.gif
http://www.ysbaojia.com:88/api/main.asp?pid=0&Unid=0&comefrom=8&vvv=5.9&SysCode=Web
http://www.ysbaojia.com:88/show/getYin51Boom.asp?t=2
http://www.ysbaojia.com:88/web/images/ilist/guali.gif
http://www.ysbaojia.com:88/web/images/ilist/penhui.gif
http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454181909.png
http://www.ysbaojia.com:88/web/xiaomishu.html?pid=0&unid=0
http://www.ysbaojia.com:88/web/images/main1.jpg
http://www.ysbaojia.com:88/web/images/favDrop.gif
http://www.ysbaojia.com:88/web/images/ilist/pbhuace.gif
http://www.ysbaojia.com:88/web/images/ilist/zbbuganjiao.gif
http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg.gif
http://www.ysbaojia.com:88/web/images/e-handle.gif
http://www.ysbaojia.com:88/web/images/ilist/yinshuasheji.gif
http://www.ysbaojia.com:88/web/images/ilist/ysf.gif
http://www.ysbaojia.com:88/web/JavaScript/lang.js
http://www.ysbaojia.com:88/web/images/panel-title-light-bg.gif
http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454196765.png
http://www.ysbaojia.com:88/web/JavaScript/ad_right.js
http://www.ysbaojia.com:88/web/images/ilist/tiaofu.gif
http://www.ysbaojia.com:88/api/login.asp?al=1&SysCode=Web
http://www.ysbaojia.com:88/web/JavaScript/mainIndex.js?+Math.random()
http://www.ysbaojia.com:88/web/images/Toolbar/new.gif
http://www.ysbaojia.com:88/web/JavaScript/Left1Index.js
http://www.ysbaojia.com:88/web/images/ilist/pvc.gif
http://www.ysbaojia.com:88/web/images/ilist/pbbuganjiao.gif
http://www.ysbaojia.com:88/web/images/left_close.gif
http://www.ysbaojia.com:88/web/images/ilist/shumakuaiyin.gif
http://www.ysbaojia.com:88/web/images/ilist/zhijia.gif
http://www.ysbaojia.com:88/web/images/ilist/zbbaozhuanghe.gif
http://www.ysbaojia.com:88/web/images/ilist/wutanliandan.gif
http://www.ysbaojia.com:88/web/images/boomHead0.jpg
http://www.ysbaojia.com:88/web/images/boomHead2.jpg
http://www.ysbaojia.com:88/web/images/Toolbar/app.jpg
http://www.ysbaojia.com:88/web/images/main2.jpg
http://www.ysbaojia.com:88/web/css/chromestyle.css
http://www.ysbaojia.com:88/web/images/ilist/zbxinfeng.gif
http://www.ysbaojia.com:88/web/images/tab-close.gif
http://www.ysbaojia.com:88/web/JavaScript/main.js?+Math.random()
http://www.ysbaojia.com:88/web/images/text-bg.gif
http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454206521.png
http://www.ysbaojia.com:88/web/images/ilist/zbbianqian.gif
http://www.ysbaojia.com:88/web/JavaScript/public.js?+Math.random()
http://www.ysbaojia.com:88/web/images/favMan.gif
http://www.ysbaojia.com:88/web/images/ilist/taili.gif
http://www.ysbaojia.com:88/web/JavaScript/initcity.v2.js
http://www.ysbaojia.com:88/web/JavaScript/langSub.js
http://www.ysbaojia.com:88/web/items/main.html
http://www.ysbaojia.com:88/web/css/help.css
http://www.ysbaojia.com:88/web/images/ilist/moqieyingka.gif
http://www.ysbaojia.com:88/web/images/ilist/shouwandai.gif
http://www.ysbaojia.com:88/web/left-1.html
http://www.ysbaojia.com:88/web/images/ilist/jingzhuanghe.gif
http://www.ysbaojia.com:88/web/images/ilist/pbbianqian.gif
https://yin51.oss-cn-shenzhen.aliyuncs.com/35ce0701de5a4e5685581ec75d38f6fb.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/546b634539cf4b0da7c07f42b61e355c.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/e7a83bd62d9e4454ba6c53c9fa3ecce3.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/6b1724da4e8647228aa218953b3e6222.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/d8de106ce42b4905b5075ce01574539d.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/240324371b76426e8986ec808464a8a4.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/a0678d2a589e4685bb89be9a1ce975c4.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/ec5510fca80a466c8ec927654950fcdb.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/e07fe52ed1264289b9279bcc71097cad.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/ca778b9e1cfe4927bd9d9de55897f620.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/5d83174b67144967a237e92ee3910810.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/af8598f2344a400db7746d86f16d0ff3.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/ebd192f67de14245ae7b6c4578fb49ec.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/8f6308a882c54d6aad154f13f1360c21.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/ef0e8e181ae341a695ebbae0e9b1c67e.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/d7d79f93101a40a5a639630be244b2af.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/a45d95c5f4e44745ba4d7ffb2152b88c.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/728fe764b03246cfba234e71f9f6ae01.png
https://yin51.oss-cn-shenzhen.aliyuncs.com/951cc2ff23854497a4a3f3133beae08a.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/33d81a234a0e4f968b76d040a3fd2a91.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/832d6e3ca1e34a2cad9ae1910d24ed76.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/ed7f3a4231fb4f4888396036205cf14e.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/43693738c5a2491095900a6bf3366c17.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/3e378a3499f94e9dbcd96b23c2dd285a.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/689d2feb54fa47f6a061125f41aab12e.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/8c25e9478c8d4ea29873a51cb4d73f42.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/e7ac3b1c390c47b09fac27e5a0b1ccb3.jpg
https://yin51.oss-cn-shenzhen.aliyuncs.com/41125b5de744479b998760ab19e248e4.jpg
|
7
ip.ws.126.net(59.111.181.52)
img.ysbaojia.com(120.77.146.229)
yin51.oss-cn-shenzhen.aliyuncs.com(120.77.166.9)
www.ysbaojia.com(120.77.146.229)
59.111.181.52
120.77.146.229
120.77.166.9
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.6 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9197 |
2021-06-24 19:11
|
 sfx_123_701.exe c8d1263386f7cb98ca1795ba2558a443
DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P Hijack Network persistence AntiDebug AntiVM PE File OS Processor Check PE32 DLL VirusTotal Malware PDB suspicious privilege Code Injection Check memory WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName Remote Code Execution DNS |
|
|
|
|
7.6 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9198 |
2021-06-24 19:12
|
 DvDUsSet.exe 65de52a852356f9e0aea8b43e67105f7
Gen1 PWS .NET framework Generic Malware PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Windows Browser ComputerName Cryptographic key Software crashed |
11
https://iplogger.org/1cJut7
https://pcfixmy-download-13.xyz/
https://videoconvert-download38.xyz/?user=david_us6
https://videoconvert-download38.xyz/?user=david_us5
https://videoconvert-download38.xyz/?user=david_us4
https://videoconvert-download38.xyz/?user=david_us3
https://videoconvert-download38.xyz/?user=david_us2
https://videoconvert-download38.xyz/?user=david_us1
https://pcfixmy-download-13.xyz/api.php?getusers
https://pcfixmy-download-13.xyz/api.php
https://iplogger.org/1vwFz7
|
6
pcfixmy-download-13.xyz(104.21.46.30)
videoconvert-download38.xyz(104.21.42.63)
iplogger.org(88.99.66.31) - mailcious
104.21.42.63
88.99.66.31 - mailcious
172.67.222.237
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.4 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9199 |
2021-06-24 19:15
|
 copier-hj2.exe a3f7f6e55e33bd9eb20d6f08425df42a
Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9200 |
2021-06-24 19:15
|
 staged.exe 254a83dec82335daf2ca5eea7ea3fa9a
Malicious Library PE File PE32 Dridex TrickBot VirusTotal Malware RWX flags setting unpack itself Kovter ComputerName DNS |
1
https://ajax.aspnetcdn.com/ajax/jquery.ui/1.12.1/jquery-ui.min.js
|
4
sharkfishinguk.com(3.95.159.27)
3.95.159.27
34.238.192.43
194.226.139.106
|
1
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
|
|
5.8 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9201 |
2021-06-24 19:15
|
 reddd.exe 9f45e62d5df98c831e4a9caf5dc5ec27
AsyncRAT backdoor BitCoin Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed |
2
http://194.226.139.106:43188/
https://api.ip.sb/geoip
|
3
api.ip.sb(104.26.12.31)
194.226.139.106
172.67.75.172
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
|
|
10.8 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9202 |
2021-06-24 19:17
|
 Pupdate.exe a7e34959537cedd0cfef50389edf3b03
PE File PE32 VirusTotal Malware |
|
|
|
|
1.0 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9203 |
2021-06-24 19:18
|
 fj37ruwe5.exe 95762a936318d338049d7d27216ceda4
AsyncRAT backdoor Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName crashed |
1
|
2
www.google.com(142.250.196.100)
172.217.24.68
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.2 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9204 |
2021-06-24 19:20
|
20210511a.exe ad6509463c3fe2164613c56a909807f3
Gen1 VMProtect PE File OS Processor Check PE32 VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows Remote Code Execution DNS |
|
|
|
|
5.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9205 |
2021-06-24 19:22
|
3EBCE3A4.Png 808c722e8a8c165b817196f050f70d39
MSOffice File VirusTotal Malware |
|
|
|
|
1.0 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9206 |
2021-06-24 19:22
|
 sxx.exe 8d99254d17f2ea92ac1910f82c50d18f
Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself crashed |
3
http://www.share-event.info/wlns/?BTRDN6d=VhPC6e2PLlvEpu8VWUk2hV9r4IcfT+skmfWFYgoUCOZjTLV49pYuVmmujEAGBqlElbmXjPIr&VRKh=vDKtMDJXhdfhax
http://www.topsocialcasinos.com/wlns/?BTRDN6d=4Sf8XfyrWPOhCEYG33jMnibN4wXGuM2b4gduy6JCB2AXf8ItSaQsTuSwYvMXcWwc0G5Ug1wz&VRKh=vDKtMDJXhdfhax
http://www.virtualstudiosapp.com/wlns/?BTRDN6d=ov0ODvYbiCKo4jBbOTrYVG/0eiWPP65/O06D0XNQojmqQFoYuV+H39vuAIa8XUgLJBe+Vdm5&VRKh=vDKtMDJXhdfhax
|
6
www.virtualstudiosapp.com(34.102.136.180)
www.topsocialcasinos.com(52.58.78.16)
www.share-event.info(150.95.255.38)
52.58.78.16 - mailcious
34.102.136.180 - mailcious
150.95.255.38 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.2 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9207 |
2021-06-24 19:22
|
 stagelessexe.exe 088bd377384bc07c458f3b6bd5d54dbd
Malicious Library PE File PE32 VirusTotal Malware RWX flags setting ComputerName DNS |
|
2
sharkfishinguk.com(3.95.159.27)
3.95.159.27
|
|
|
4.4 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9208 |
2021-06-24 19:24
|
 p3.exe b9d0d135d4feddc5dbda11c5aa4cc586
Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check Windows |
|
1
YNEVKGXfIJBtHDPRfsabtvLROtTe.YNEVKGXfIJBtHDPRfsabtvLROtTe()
|
|
|
6.8 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9209 |
2021-06-24 19:26
|
 vbv.exe c9aaebff7a6bfa505bf2e171c3775df0
Generic Malware Antivirus DNS AntiDebug AntiVM PE File .NET EXE PE32 Malware download Nanocore VirusTotal Malware c&c powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed |
|
2
omaprilcode.duckdns.org(79.134.225.9)
79.134.225.9 - mailcious
|
2
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET MALWARE Possible NanoCore C2 60B
|
|
14.4 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9210 |
2021-06-24 19:27
|
Regnator.exe da1beec86fb22f7e885ce7d96704998a
PE File PE32 VirusTotal Malware Remote Code Execution |
|
|
|
|
1.4 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|