9196 |
2021-06-24 19:09
|
downfile.asp fe5e690adf7c29a5d31a7025667d24a7 PE File PE32 JPEG Format PNG Format VirusTotal Malware Check memory buffers extracted Creates executable files RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check Tofsee Interception Windows crashed keylogger |
126
http://ip.ws.126.net/ipquery http://www.ysbaojia.com:88/web/images/xiaomishu/00.gif http://www.ysbaojia.com:88/web/images/main0.jpg http://www.ysbaojia.com:88/web/images/Toolbar/wx.jpg http://www.ysbaojia.com:88/web/images/ilist/fangweibiao.gif http://www.ysbaojia.com:88/api/common.asp?act=in_client&w=1024&h=768&c=32 http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_space.gif http://www.ysbaojia.com:88/web/JavaScript/leftitems.js?+Math.random() http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_over_bg.gif http://www.ysbaojia.com:88/web/images/ilist/baozhuanghe.gif http://www.ysbaojia.com:88/web/JavaScript/zDialog.js http://www.ysbaojia.com:88/web/images/ilist/mingpian.gif http://www.ysbaojia.com:88/web/images/tt2.jpg http://www.ysbaojia.com:88/web/images/ilist/shuomingshu.gif http://img.ysbaojia.com/UpLoadFile/ysbaojia/2021052741999825.gif http://www.ysbaojia.com:88/web/images/boomHead1.jpg http://www.ysbaojia.com:88/web/JavaScript/myJSFrame.js http://www.ysbaojia.com:88/web/JavaScript/ad_right1.js http://www.ysbaojia.com:88/web/images/handle.gif http://www.ysbaojia.com:88/web/images/ilist/fengtao.gif http://www.ysbaojia.com:88/web/images/ilist/pbdanzhang.gif http://www.ysbaojia.com:88/web/images/ilist/zhibei.gif http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_over_right.gif http://www.ysbaojia.com:88/web/images/ilist/diaopai.gif http://www.ysbaojia.com:88/web/images/ilist/caihe.gif http://www.ysbaojia.com:88/web/JavaScript/Toolbar.js http://www.ysbaojia.com:88/web/images/Toolbar/foot_bg.gif http://www.ysbaojia.com:88/web/css/Boom.css http://www.ysbaojia.com:88/web/images/tabs-list.gif http://www.ysbaojia.com:88/web/images/ilist/zbdanzhang.gif http://www.ysbaojia.com:88/web/images/Toolbar/QYQQ.gif http://www.ysbaojia.com:88/api/news.asp?pid=0&comefrom=8&provs=?? http://www.ysbaojia.com:88/web/css/mainx1.css http://www.ysbaojia.com:88/web/JavaScript/checklogin.js http://www.ysbaojia.com:88/web/images/ilist/zbhuace.gif http://www.ysbaojia.com:88/web/images/ilist/wufangbudai.gif http://www.ysbaojia.com:88/web/images/tab-strip-bg.gif http://www.ysbaojia.com:88/web/images/tt3.jpg http://www.ysbaojia.com:88/web/images/tt1.jpg http://www.ysbaojia.com:88/web/images/Toolbar/ysbaojia.gif http://www.ysbaojia.com:88/web/images/Toolbar/utilities.gif http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg_over_left.gif http://www.ysbaojia.com:88/web/images/Toolbar/fav.gif http://www.ysbaojia.com:88/web/JavaScript/index.js http://www.ysbaojia.com:88/web/images/tabs-sprite.gif http://www.ysbaojia.com:88/api/main.asp?pid=0&Unid=0&comefrom=8&vvv=5.9&SysCode=Web http://www.ysbaojia.com:88/show/getYin51Boom.asp?t=2 http://www.ysbaojia.com:88/web/images/ilist/guali.gif http://www.ysbaojia.com:88/web/images/ilist/penhui.gif http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454181909.png http://www.ysbaojia.com:88/web/xiaomishu.html?pid=0&unid=0 http://www.ysbaojia.com:88/web/images/main1.jpg http://www.ysbaojia.com:88/web/images/favDrop.gif http://www.ysbaojia.com:88/web/images/ilist/pbhuace.gif http://www.ysbaojia.com:88/web/images/ilist/zbbuganjiao.gif http://www.ysbaojia.com:88/web/images/Toolbar/menu_bg.gif http://www.ysbaojia.com:88/web/images/e-handle.gif http://www.ysbaojia.com:88/web/images/ilist/yinshuasheji.gif http://www.ysbaojia.com:88/web/images/ilist/ysf.gif http://www.ysbaojia.com:88/web/JavaScript/lang.js http://www.ysbaojia.com:88/web/images/panel-title-light-bg.gif http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454196765.png http://www.ysbaojia.com:88/web/JavaScript/ad_right.js http://www.ysbaojia.com:88/web/images/ilist/tiaofu.gif http://www.ysbaojia.com:88/api/login.asp?al=1&SysCode=Web http://www.ysbaojia.com:88/web/JavaScript/mainIndex.js?+Math.random() http://www.ysbaojia.com:88/web/images/Toolbar/new.gif http://www.ysbaojia.com:88/web/JavaScript/Left1Index.js http://www.ysbaojia.com:88/web/images/ilist/pvc.gif http://www.ysbaojia.com:88/web/images/ilist/pbbuganjiao.gif http://www.ysbaojia.com:88/web/images/left_close.gif http://www.ysbaojia.com:88/web/images/ilist/shumakuaiyin.gif http://www.ysbaojia.com:88/web/images/ilist/zhijia.gif http://www.ysbaojia.com:88/web/images/ilist/zbbaozhuanghe.gif http://www.ysbaojia.com:88/web/images/ilist/wutanliandan.gif http://www.ysbaojia.com:88/web/images/boomHead0.jpg http://www.ysbaojia.com:88/web/images/boomHead2.jpg http://www.ysbaojia.com:88/web/images/Toolbar/app.jpg http://www.ysbaojia.com:88/web/images/main2.jpg http://www.ysbaojia.com:88/web/css/chromestyle.css http://www.ysbaojia.com:88/web/images/ilist/zbxinfeng.gif http://www.ysbaojia.com:88/web/images/tab-close.gif http://www.ysbaojia.com:88/web/JavaScript/main.js?+Math.random() http://www.ysbaojia.com:88/web/images/text-bg.gif http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454206521.png http://www.ysbaojia.com:88/web/images/ilist/zbbianqian.gif http://www.ysbaojia.com:88/web/JavaScript/public.js?+Math.random() http://www.ysbaojia.com:88/web/images/favMan.gif http://www.ysbaojia.com:88/web/images/ilist/taili.gif http://www.ysbaojia.com:88/web/JavaScript/initcity.v2.js http://www.ysbaojia.com:88/web/JavaScript/langSub.js http://www.ysbaojia.com:88/web/items/main.html http://www.ysbaojia.com:88/web/css/help.css http://www.ysbaojia.com:88/web/images/ilist/moqieyingka.gif http://www.ysbaojia.com:88/web/images/ilist/shouwandai.gif http://www.ysbaojia.com:88/web/left-1.html http://www.ysbaojia.com:88/web/images/ilist/jingzhuanghe.gif http://www.ysbaojia.com:88/web/images/ilist/pbbianqian.gif https://yin51.oss-cn-shenzhen.aliyuncs.com/35ce0701de5a4e5685581ec75d38f6fb.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/546b634539cf4b0da7c07f42b61e355c.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/e7a83bd62d9e4454ba6c53c9fa3ecce3.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/6b1724da4e8647228aa218953b3e6222.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/d8de106ce42b4905b5075ce01574539d.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/240324371b76426e8986ec808464a8a4.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/a0678d2a589e4685bb89be9a1ce975c4.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/ec5510fca80a466c8ec927654950fcdb.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/e07fe52ed1264289b9279bcc71097cad.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/ca778b9e1cfe4927bd9d9de55897f620.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/5d83174b67144967a237e92ee3910810.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/af8598f2344a400db7746d86f16d0ff3.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/ebd192f67de14245ae7b6c4578fb49ec.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/8f6308a882c54d6aad154f13f1360c21.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/ef0e8e181ae341a695ebbae0e9b1c67e.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/d7d79f93101a40a5a639630be244b2af.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/a45d95c5f4e44745ba4d7ffb2152b88c.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/728fe764b03246cfba234e71f9f6ae01.png https://yin51.oss-cn-shenzhen.aliyuncs.com/951cc2ff23854497a4a3f3133beae08a.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/33d81a234a0e4f968b76d040a3fd2a91.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/832d6e3ca1e34a2cad9ae1910d24ed76.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/ed7f3a4231fb4f4888396036205cf14e.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/43693738c5a2491095900a6bf3366c17.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/3e378a3499f94e9dbcd96b23c2dd285a.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/689d2feb54fa47f6a061125f41aab12e.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/8c25e9478c8d4ea29873a51cb4d73f42.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/e7ac3b1c390c47b09fac27e5a0b1ccb3.jpg https://yin51.oss-cn-shenzhen.aliyuncs.com/41125b5de744479b998760ab19e248e4.jpg
|
7
ip.ws.126.net(59.111.181.52) img.ysbaojia.com(120.77.146.229) yin51.oss-cn-shenzhen.aliyuncs.com(120.77.166.9) www.ysbaojia.com(120.77.146.229) 59.111.181.52 120.77.146.229 120.77.166.9
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.6 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9197 |
2021-06-24 19:11
|
sfx_123_701.exe c8d1263386f7cb98ca1795ba2558a443 DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P Hijack Network persistence AntiDebug AntiVM PE File OS Processor Check PE32 DLL VirusTotal Malware PDB suspicious privilege Code Injection Check memory WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName Remote Code Execution DNS |
|
|
|
|
7.6 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9198 |
2021-06-24 19:12
|
DvDUsSet.exe 65de52a852356f9e0aea8b43e67105f7 Gen1 PWS .NET framework Generic Malware PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Windows Browser ComputerName Cryptographic key Software crashed |
11
https://iplogger.org/1cJut7 https://pcfixmy-download-13.xyz/ https://videoconvert-download38.xyz/?user=david_us6 https://videoconvert-download38.xyz/?user=david_us5 https://videoconvert-download38.xyz/?user=david_us4 https://videoconvert-download38.xyz/?user=david_us3 https://videoconvert-download38.xyz/?user=david_us2 https://videoconvert-download38.xyz/?user=david_us1 https://pcfixmy-download-13.xyz/api.php?getusers https://pcfixmy-download-13.xyz/api.php https://iplogger.org/1vwFz7
|
6
pcfixmy-download-13.xyz(104.21.46.30) videoconvert-download38.xyz(104.21.42.63) iplogger.org(88.99.66.31) - mailcious 104.21.42.63 88.99.66.31 - mailcious 172.67.222.237
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.4 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9199 |
2021-06-24 19:15
|
copier-hj2.exe a3f7f6e55e33bd9eb20d6f08425df42a Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9200 |
2021-06-24 19:15
|
staged.exe 254a83dec82335daf2ca5eea7ea3fa9a Malicious Library PE File PE32 Dridex TrickBot VirusTotal Malware RWX flags setting unpack itself Kovter ComputerName DNS |
1
https://ajax.aspnetcdn.com/ajax/jquery.ui/1.12.1/jquery-ui.min.js
|
4
sharkfishinguk.com(3.95.159.27) 3.95.159.27 34.238.192.43 194.226.139.106
|
1
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
|
|
5.8 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9201 |
2021-06-24 19:15
|
reddd.exe 9f45e62d5df98c831e4a9caf5dc5ec27 AsyncRAT backdoor BitCoin Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed |
2
http://194.226.139.106:43188/ https://api.ip.sb/geoip
|
3
api.ip.sb(104.26.12.31) 194.226.139.106 172.67.75.172
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA HTTP unable to match response to request
|
|
10.8 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9202 |
2021-06-24 19:17
|
Pupdate.exe a7e34959537cedd0cfef50389edf3b03 PE File PE32 VirusTotal Malware |
|
|
|
|
1.0 |
|
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9203 |
2021-06-24 19:18
|
fj37ruwe5.exe 95762a936318d338049d7d27216ceda4 AsyncRAT backdoor Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName crashed |
1
|
2
www.google.com(142.250.196.100) 172.217.24.68
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.2 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9204 |
2021-06-24 19:20
|
20210511a.exe ad6509463c3fe2164613c56a909807f3 Gen1 VMProtect PE File OS Processor Check PE32 VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows Remote Code Execution DNS |
|
|
|
|
5.4 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9205 |
2021-06-24 19:22
|
3EBCE3A4.Png 808c722e8a8c165b817196f050f70d39 MSOffice File VirusTotal Malware |
|
|
|
|
1.0 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9206 |
2021-06-24 19:22
|
sxx.exe 8d99254d17f2ea92ac1910f82c50d18f Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself crashed |
3
http://www.share-event.info/wlns/?BTRDN6d=VhPC6e2PLlvEpu8VWUk2hV9r4IcfT+skmfWFYgoUCOZjTLV49pYuVmmujEAGBqlElbmXjPIr&VRKh=vDKtMDJXhdfhax http://www.topsocialcasinos.com/wlns/?BTRDN6d=4Sf8XfyrWPOhCEYG33jMnibN4wXGuM2b4gduy6JCB2AXf8ItSaQsTuSwYvMXcWwc0G5Ug1wz&VRKh=vDKtMDJXhdfhax http://www.virtualstudiosapp.com/wlns/?BTRDN6d=ov0ODvYbiCKo4jBbOTrYVG/0eiWPP65/O06D0XNQojmqQFoYuV+H39vuAIa8XUgLJBe+Vdm5&VRKh=vDKtMDJXhdfhax
|
6
www.virtualstudiosapp.com(34.102.136.180) www.topsocialcasinos.com(52.58.78.16) www.share-event.info(150.95.255.38) 52.58.78.16 - mailcious 34.102.136.180 - mailcious 150.95.255.38 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.2 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9207 |
2021-06-24 19:22
|
stagelessexe.exe 088bd377384bc07c458f3b6bd5d54dbd Malicious Library PE File PE32 VirusTotal Malware RWX flags setting ComputerName DNS |
|
2
sharkfishinguk.com(3.95.159.27) 3.95.159.27
|
|
|
4.4 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9208 |
2021-06-24 19:24
|
p3.exe b9d0d135d4feddc5dbda11c5aa4cc586 Malicious Library DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process malicious URLs AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check Windows |
|
1
YNEVKGXfIJBtHDPRfsabtvLROtTe.YNEVKGXfIJBtHDPRfsabtvLROtTe()
|
|
|
6.8 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9209 |
2021-06-24 19:26
|
vbv.exe c9aaebff7a6bfa505bf2e171c3775df0 Generic Malware Antivirus DNS AntiDebug AntiVM PE File .NET EXE PE32 Malware download Nanocore VirusTotal Malware c&c powershell Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed |
|
2
omaprilcode.duckdns.org(79.134.225.9) 79.134.225.9 - mailcious
|
2
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET MALWARE Possible NanoCore C2 60B
|
|
14.4 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9210 |
2021-06-24 19:27
|
Regnator.exe da1beec86fb22f7e885ce7d96704998a PE File PE32 VirusTotal Malware Remote Code Execution |
|
|
|
|
1.4 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|