9376 |
2023-08-16 17:11
|
SuWar3Tools.exe ef8272b8854963717097c26092490bf5 RedLine Infostealer UltraVNC UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Windows Cryptographic key crashed |
5
http://www.suyx.net/war3/download/README.md http://www.suyx.net/war3/download/getupdate.ashx?l= https://github.com/hegelsu/SuWar3Tools/raw/master/README.md https://raw.githubusercontent.com/hegelsu/SuWar3Tools/master/README.md https://visitor-badge.laobi.icu/badge?page_id=github.com-hegelsu-SuWar3Tools
|
8
visitor-badge.laobi.icu(119.28.77.158) github.com(20.200.245.247) - mailcious raw.githubusercontent.com(185.199.108.133) - malware www.suyx.net(139.129.143.197) - malware 139.129.143.197 - malware 119.28.77.158 185.199.110.133 - malware 20.200.245.247 - malware
|
|
|
8.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9377 |
2023-08-16 15:07
|
password.chm b5f9cd67cb32f44c138c382e17b06fd6 Generic Malware Antivirus Hide_URL AntiDebug AntiVM CHM Format powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key |
1
http://bian0151.cafe24.com/member/1.html - rule_id: 35816
|
2
bian0151.cafe24.com(183.111.174.53) - mailcious 183.111.174.53 - mailcious
|
|
1
http://bian0151.cafe24.com/member/1.html
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9378 |
2023-08-16 10:58
|
hanacard.chm 2002dd3cf9e2ef96b74a99eee0dd5ec1 Generic Malware Antivirus AntiDebug AntiVM CHM Format PowerShell BMP Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
10
http://em.hanacard.co.kr:8080/camp_img/e_footer.gif
http://em.hanacard.co.kr:8080/camp_img/e_header_03.gif
http://em.hanacard.co.kr:8080/camp_img/e_name_bottom.gif
http://safe.amail.co.kr/ems61/safemail.jpg?Q1VTVF9JRD1oYW5hY2FyZC5pbg==&UE9TVF9JRD0yMDIyMDMxNV8zNg==&TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&RU1BSUxfSUQ9ZGY4MzU0YWZjMDg0N2U1MTdiM2NiNDZlZGU5YmZmYmM4ODcxMTM2NzZmMGE1OTczZTlmZjc1MjU1MWI1ZmU=
http://em.hanacard.co.kr:8080/camp_img/ico_bull02.gif
http://em.hanacard.co.kr:8080/camp_img/e_footer_cs01.gif
http://em.hanacard.co.kr:8080/track/Check.jsp?TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1RfMDE=&UE9TVF9JRD0yMDIyMDMxNV8zNg==&VEM9MjAyMjAzMjI=&S0lORD1P
http://www.hanacard.co.kr/js/cmn/wl6.js
https://www.hanacard.co.kr/js/cmn/wl6.js
https://nobuay.ink/yzkah
|
6
safe.amail.co.kr(119.207.76.21)
em.hanacard.co.kr(211.51.103.50)
www.hanacard.co.kr(1.235.101.20) 211.51.103.50
1.235.101.20
119.207.76.21
|
|
|
9.0 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9379 |
2023-08-16 10:20
|
2.exe 294fab1523dc3b50cbcc120e67946a5b UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware DNS |
|
1
139.196.224.137 - malware
|
|
|
3.4 |
M |
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9380 |
2023-08-16 09:53
|
nine18.js 92cd4dca66b5bebf62d5bdf1454ab6de Generic Malware Antivirus VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
12
https://tukudewe.com/js/h3b2_jsg/AudioCapture.dll
https://tukudewe.com/js/h3b2_jsg/HTCTL32.DLL
https://tukudewe.com/js/h3b2_jsg/nskbfltr.inf
https://tukudewe.com/js/h3b2_jsg/pcicapi.dll
https://tukudewe.com/js/h3b2_jsg/NSM.LIC
https://tukudewe.com/js/h3b2_jsg/PCICL32.DLL
https://tukudewe.com/js/h3b2_jsg/TCCTL32.DLL
https://tukudewe.com/js/h3b2_jsg/client32.ini
https://tukudewe.com/js/h3b2_jsg/remcmdstub.exe
https://tukudewe.com/js/h3b2_jsg/msvcr100.dll
https://tukudewe.com/js/h3b2_jsg/client32.exe
https://tukudewe.com/js/h3b2_jsg/PCICHEK.DLL
|
2
tukudewe.com(159.89.198.162) - malware 159.89.198.162 - malware
|
|
|
9.2 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9381 |
2023-08-16 09:53
|
www.vbs c863717ead17c4488aa7f85b33ba8b20 WSHRAT Hide_EXE Anti_VM PE File VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download Creates executable files ICMP traffic unpack itself AntiVM_Disk IP Check VM Disk Size Check Windows ComputerName DNS DDNS crashed Dropper |
2
http://ip-api.com/json/ http://chongmei33.publicvm.com:7045/is-ready - rule_id: 28328
|
4
chongmei33.publicvm.com(103.47.144.123) - mailcious ip-api.com(208.95.112.1) 103.47.144.123 208.95.112.1
|
|
1
http://chongmei33.publicvm.com:7045/is-ready
|
10.0 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9382 |
2023-08-16 09:50
|
pass1234_setup.7z 11786f2176a86c420e8ed701afb50b17 Escalate priviledges PWS KeyLogger Anti_VM AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check DNS DDNS |
30
http://94.142.138.131/api/firegate.php - rule_id: 32650 http://208.67.104.60/api/tracemap.php - rule_id: 28876 http://193.233.254.61/loghub/master - rule_id: 35736 http://hugersi.com/dl/6523.exe - rule_id: 32660 http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://app.nnnaajjjgc.com/check/?sid=167814&key=a5b5863dbaf7dd2a9129d0eb6a63011d http://bratzen.duckdns.org/byte/@siddharthabuddh4.txt http://app.nnnaajjjgc.com/check/safe http://87.121.221.58/g.exe - rule_id: 35764 http://apps.identrust.com/roots/dstrootcax3.p7c http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://www.maxmind.com/geoip/v2.1/city/me http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482 https://busell.store/setup294.exe - rule_id: 35772 https://sun6-21.userapi.com/c240331/u801981293/docs/d28/b38caee84b38/Crypted_protected.bmp?extra=cP0UhZQ7DsEGzDG5yusGNugKDDH8A9awTnKxUIa31ak-D7zxxQ4Glaa16ZQCyuxOyR9CKj1zDPw1PvpKq6vUiyOaNLL9iXmQd2FMup94y46Vex_BYjd7C0OTSvbm-zKz_Xlr5YxXkjok3NPuUw https://db-ip.com/demo/home.php?s=175.208.134.152 https://sun6-22.userapi.com/c235131/u801981293/docs/d27/032758fabac5/clear.bmp?extra=5XcBld5kUgzmhv3FtfQYQUV4KT2dK9QJbuwFoOHwlrBqk4Nekx7pLcPUypGaGZo1Cz_NmalvdtfuH3w8KXnxM9T31dHqKKkbPM2Xzcq4CdJav1eEXnElU-2gbQpSJ1TATU_F8HmilibJPRasHg https://vk.com/doc801981293_667824657?hash=uKjHpXXzaUg2hges0cwPhvWMCHrSb0l3NI2z2GneGIg&dl=rC0OVUQdzEQqIiNmWsrsF5I95cQHuaPEfYtvDMvzEN4&api=1&no_preview=1#rise https://sun6-20.userapi.com/c909518/u801981293/docs/d41/3cf7d0eda40a/WWW1.bmp?extra=5_odXIEdLt4y08ksTj9GuCa8ylxzT-6uKjF9vj-q9W9BHi1K3wfNWBcxp7PPQucA25aFkDcN2xy8iD0qJ6I6lSgYzW3TpTgniC9ifj14O2a05m8BccHcZ6a1BO_R9ioIGPzrVC5U4wQUXbourg https://vk.com/doc801981293_667803773?hash=4TZb5YnWuA82PVbdDAhWZa2MZaLOxCkMyK03PTWXZ7k&dl=ybWpay00uXdDBpwpvEqOzXKaXInNaUyNw2LywEIZEV8&api=1&no_preview=1#new https://db-ip.com/ https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://vk.com/doc801981293_667834241?hash=DvSmghsP3CrPjN2IBNVkYau13cotAZEGt0DiEf3lYJk&dl=S5qg1Y5PMD7JOdzMlHd2FBmNYuu3V7npVPI4Eju0Ezc&api=1&no_preview=1#as https://sun6-21.userapi.com/c909328/u801981293/docs/d35/a666a3b3791a/asca1ex.bmp?extra=RZ1sKKjCs3asL6-Rmb6h9AuFQ8ZVNpKIMhVtjKPrh48gxBkF3Kq4SsN0G4vlkhLK1dKNvuNIlxo9zWuEisI1M65KWbIJZU6_cDnXJZz_hxUHzlIDzbxRwDzUK8BAf9qCLcPQgt-m8-bHe8w4zQ https://sun6-20.userapi.com/c237231/u801981293/docs/d58/52485632444d/Megamode.bmp?extra=Rwi8HSGj9JUJ_V3AlJ39yzh-j3NwSlOmnVNtUYN6A8eJDv89ZLjnGUcNFFkoluNvmJu_lJBvhxLJFO4bf3oq0P8tH9qk6hvwk9-VoCkHlA8-X8YrIXbK0o_RlMG0HEekWoQTtra4kx7e2_7QOg https://sun6-23.userapi.com/c240331/u801981293/docs/d38/08c3097b4817/PMmp.bmp?extra=jKXALYeyUCvHQkJReo2tb_cQUOrJFTfks4qUGTQp77GPuNlmMqcvdsDYqY2jMwst5hE86GoJNWeQChJq1RiJvq1w9lYdui8TlW7no9gU97iRqx2TxX2eFn_5kJVBNrhUCWlnkH-gZxIO5dYKBQ https://vk.com/doc801981293_667784660?hash=zbRiifTp5Av5dg501LOiwMYcMMa5aXebyX8aYn9mHXs&dl=Jq7WTBPcVptnnv1nurEtm5GoILYMRNRKYy1tIIn6BX0&api=1&no_preview=1 https://vk.com/doc801981293_667770193?hash=w5GO9htU1xJzYOUziW88RmhbH6cfAswoB9TZmFBHdS0&dl=eVg6hANxUfZR1q8izxmJ9EYQzFLmsQVg5tfxurAnHj0&api=1&no_preview=1#WW1 https://vk.com/doc801981293_667856853?hash=u4TwZPGmvpaLEXEgEofjgmISgf2DosuyvS7wFUA0tZk&dl=8pK0VUDG0zKxMEJJ6FyyCNKfZqf5zwCbcvZUj3dqtQs&api=1&no_preview=1
|
51
app.nnnaajjjgc.com(154.221.26.108) www.maxmind.com(104.17.215.67) db-ip.com(104.26.4.15) api.myip.com(104.26.8.59) hugersi.com(91.215.85.147) - malware iplis.ru(148.251.234.93) - mailcious sun6-22.userapi.com(95.142.206.2) busell.store(172.67.159.178) - malware zzz.fhauiehgha.com(103.100.211.218) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious ipinfo.io(34.117.59.81) us.imgjeoigaa.com(103.100.211.218) - mailcious iplogger.org(148.251.234.83) - mailcious sun6-23.userapi.com(95.142.206.3) sun6-20.userapi.com(95.142.206.0) - mailcious vk.com(87.240.129.133) - mailcious bratzen.duckdns.org(84.54.50.42) api.db-ip.com(172.67.75.166) 148.251.234.93 - mailcious 194.169.175.128 - mailcious 154.221.26.108 - mailcious 104.17.215.67 91.215.85.147 - malware 23.43.165.66 208.67.104.60 - mailcious 176.123.9.85 - mailcious 87.121.221.58 - malware 172.67.75.166 172.67.75.163 193.233.254.61 - mailcious 194.26.135.162 - mailcious 87.240.132.78 - mailcious 34.117.59.81 148.251.234.83 84.54.50.42 194.169.175.233 - malware 94.142.138.131 - mailcious 104.21.9.89 - malware 94.142.138.113 - mailcious 77.91.124.231 - malware 45.15.156.229 - mailcious 51.83.170.21 - mailcious 104.26.4.15 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 77.91.124.54 85.208.136.10 - mailcious 95.142.206.2 103.100.211.218 - malware
|
|
10
http://94.142.138.131/api/firegate.php http://208.67.104.60/api/tracemap.php http://193.233.254.61/loghub/master http://hugersi.com/dl/6523.exe http://zzz.fhauiehgha.com/m/okka25.exe http://45.15.156.229/api/tracemap.php http://87.121.221.58/g.exe http://94.142.138.131/api/tracemap.php http://us.imgjeoigaa.com/sts/imagc.jpg https://busell.store/setup294.exe
|
7.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9383 |
2023-08-16 09:39
|
chromium.vbe 8e99881fa155be4f5705fddd924ecd63 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 23.67.53.17
172.67.215.45 - malware
|
|
|
9.4 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9384 |
2023-08-16 09:38
|
6271c26a5690c43c59c23239_PDF2-... 4ba303dbb08db50b93fdcf0494257467 PDF ZIP Format Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9385 |
2023-08-16 09:37
|
invoice.exe 47699e23b8a46230799ae564517d7519 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself |
|
1
gservice-node.io() - mailcious
|
|
|
2.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9386 |
2023-08-16 09:00
|
Capture_Data.dmg 74b6e3b8b30844ab6637b09465a8deae AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
3.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9387 |
2023-08-16 07:52
|
addo.exe 6730aa28aed92b39ba1a23d43c45399a AgentTesla Generic Malware UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File PE32 Browser Info Stealer Email Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName crashed |
|
2
api.ipify.org(173.231.16.76) 64.185.227.156
|
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9388 |
2023-08-16 07:45
|
Chromium.exe 903d5f8adb6f17e25f419df6db9c6a77 NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself Windows utilities AppData folder Windows |
3
http://www.uadmxqby.click/sy22/?Wr=2RsY/S9FBj6QLPeouggtRQ1b0duRcgKrNYR0995YjsvkaXUBBH5leRYc6Mb5xb3xD4sXKyM2&Cdxx=inCTmHi8 http://www.sarthaksrishticreation.com/sy22/?Wr=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&Cdxx=inCTmHi8 http://www.docomo-mobileconsulting.com/sy22/?Wr=lVM1xi/uUQcXVrGb3v1MnIj4JTU8QNZxAwtnBLuxN6GTboe8PABHdOr2nABXcw5/boXeCr4R&Cdxx=inCTmHi8
|
6
www.uadmxqby.click(43.154.67.170) www.docomo-mobileconsulting.com(91.195.240.109) www.sarthaksrishticreation.com(119.18.49.69) 91.195.240.109 119.18.49.69 43.154.67.170 - mailcious
|
|
|
5.6 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9389 |
2023-08-16 07:43
|
00000000000o0o0o0o0O0O0O0O000o... 64c604cd64a22ab5d6f05ea9770c3212 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c http://192.3.179.157/778/chromium.vbe
|
5
uploaddeimagens.com.br(172.67.215.45) - malware 192.3.179.157 91.235.128.141 121.254.136.27 172.67.215.45 - malware
|
|
|
4.0 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9390 |
2023-08-16 07:42
|
client32.exe a2b46c59f6e7e395d479b09464ecdba0 UPX PE File PE32 VirusTotal Malware PDB |
|
|
|
|
0.6 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|