| 9376 |
2023-08-16 17:11
|
 SuWar3Tools.exe ef8272b8854963717097c26092490bf5
RedLine Infostealer UltraVNC UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Windows Cryptographic key crashed |
5
http://www.suyx.net/war3/download/README.md
http://www.suyx.net/war3/download/getupdate.ashx?l=
https://github.com/hegelsu/SuWar3Tools/raw/master/README.md
https://raw.githubusercontent.com/hegelsu/SuWar3Tools/master/README.md
https://visitor-badge.laobi.icu/badge?page_id=github.com-hegelsu-SuWar3Tools
|
8
visitor-badge.laobi.icu(119.28.77.158)
github.com(20.200.245.247) - mailcious
raw.githubusercontent.com(185.199.108.133) - malware
www.suyx.net(139.129.143.197) - malware
139.129.143.197 - malware
119.28.77.158
185.199.110.133 - malware
20.200.245.247 - malware
|
|
|
8.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9377 |
2023-08-16 15:07
|
password.chm b5f9cd67cb32f44c138c382e17b06fd6
Generic Malware Antivirus Hide_URL AntiDebug AntiVM CHM Format powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key |
1
http://bian0151.cafe24.com/member/1.html - rule_id: 35816
|
2
bian0151.cafe24.com(183.111.174.53) - mailcious
183.111.174.53 - mailcious
|
|
1
http://bian0151.cafe24.com/member/1.html
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9378 |
2023-08-16 10:58
|
hanacard.chm 2002dd3cf9e2ef96b74a99eee0dd5ec1
Generic Malware Antivirus AntiDebug AntiVM CHM Format PowerShell BMP Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
10
http://em.hanacard.co.kr:8080/camp_img/e_footer.gif
http://em.hanacard.co.kr:8080/camp_img/e_header_03.gif
http://em.hanacard.co.kr:8080/camp_img/e_name_bottom.gif
http://safe.amail.co.kr/ems61/safemail.jpg?Q1VTVF9JRD1oYW5hY2FyZC5pbg==&UE9TVF9JRD0yMDIyMDMxNV8zNg==&TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&RU1BSUxfSUQ9ZGY4MzU0YWZjMDg0N2U1MTdiM2NiNDZlZGU5YmZmYmM4ODcxMTM2NzZmMGE1OTczZTlmZjc1MjU1MWI1ZmU=
http://em.hanacard.co.kr:8080/camp_img/ico_bull02.gif
http://em.hanacard.co.kr:8080/camp_img/e_footer_cs01.gif
http://em.hanacard.co.kr:8080/track/Check.jsp?TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1RfMDE=&UE9TVF9JRD0yMDIyMDMxNV8zNg==&VEM9MjAyMjAzMjI=&S0lORD1P
http://www.hanacard.co.kr/js/cmn/wl6.js
https://www.hanacard.co.kr/js/cmn/wl6.js
https://nobuay.ink/yzkah
|
6
safe.amail.co.kr(119.207.76.21)
em.hanacard.co.kr(211.51.103.50)
www.hanacard.co.kr(1.235.101.20)
211.51.103.50
1.235.101.20
119.207.76.21
|
|
|
9.0 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9379 |
2023-08-16 10:20
|
 2.exe 294fab1523dc3b50cbcc120e67946a5b
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware DNS |
|
1
139.196.224.137 - malware
|
|
|
3.4 |
M |
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9380 |
2023-08-16 09:53
|
 nine18.js 92cd4dca66b5bebf62d5bdf1454ab6de
Generic Malware Antivirus VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
12
https://tukudewe.com/js/h3b2_jsg/AudioCapture.dll
https://tukudewe.com/js/h3b2_jsg/HTCTL32.DLL
https://tukudewe.com/js/h3b2_jsg/nskbfltr.inf
https://tukudewe.com/js/h3b2_jsg/pcicapi.dll
https://tukudewe.com/js/h3b2_jsg/NSM.LIC
https://tukudewe.com/js/h3b2_jsg/PCICL32.DLL
https://tukudewe.com/js/h3b2_jsg/TCCTL32.DLL
https://tukudewe.com/js/h3b2_jsg/client32.ini
https://tukudewe.com/js/h3b2_jsg/remcmdstub.exe
https://tukudewe.com/js/h3b2_jsg/msvcr100.dll
https://tukudewe.com/js/h3b2_jsg/client32.exe
https://tukudewe.com/js/h3b2_jsg/PCICHEK.DLL
|
2
tukudewe.com(159.89.198.162) - malware
159.89.198.162 - malware
|
|
|
9.2 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9381 |
2023-08-16 09:53
|
 www.vbs c863717ead17c4488aa7f85b33ba8b20
WSHRAT Hide_EXE Anti_VM PE File VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download Creates executable files ICMP traffic unpack itself AntiVM_Disk IP Check VM Disk Size Check Windows ComputerName DNS DDNS crashed Dropper |
2
http://ip-api.com/json/
http://chongmei33.publicvm.com:7045/is-ready - rule_id: 28328
|
4
chongmei33.publicvm.com(103.47.144.123) - mailcious
ip-api.com(208.95.112.1)
103.47.144.123
208.95.112.1
|
|
1
http://chongmei33.publicvm.com:7045/is-ready
|
10.0 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9382 |
2023-08-16 09:50
|
pass1234_setup.7z 11786f2176a86c420e8ed701afb50b17
Escalate priviledges PWS KeyLogger Anti_VM AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check DNS DDNS |
30
http://94.142.138.131/api/firegate.php - rule_id: 32650
http://208.67.104.60/api/tracemap.php - rule_id: 28876
http://193.233.254.61/loghub/master - rule_id: 35736
http://hugersi.com/dl/6523.exe - rule_id: 32660
http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705
http://45.15.156.229/api/tracemap.php - rule_id: 33783
http://app.nnnaajjjgc.com/check/?sid=167814&key=a5b5863dbaf7dd2a9129d0eb6a63011d
http://bratzen.duckdns.org/byte/@siddharthabuddh4.txt
http://app.nnnaajjjgc.com/check/safe
http://87.121.221.58/g.exe - rule_id: 35764
http://apps.identrust.com/roots/dstrootcax3.p7c
http://94.142.138.131/api/tracemap.php - rule_id: 28311
http://www.maxmind.com/geoip/v2.1/city/me
http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482
https://busell.store/setup294.exe - rule_id: 35772
https://sun6-21.userapi.com/c240331/u801981293/docs/d28/b38caee84b38/Crypted_protected.bmp?extra=cP0UhZQ7DsEGzDG5yusGNugKDDH8A9awTnKxUIa31ak-D7zxxQ4Glaa16ZQCyuxOyR9CKj1zDPw1PvpKq6vUiyOaNLL9iXmQd2FMup94y46Vex_BYjd7C0OTSvbm-zKz_Xlr5YxXkjok3NPuUw
https://db-ip.com/demo/home.php?s=175.208.134.152
https://sun6-22.userapi.com/c235131/u801981293/docs/d27/032758fabac5/clear.bmp?extra=5XcBld5kUgzmhv3FtfQYQUV4KT2dK9QJbuwFoOHwlrBqk4Nekx7pLcPUypGaGZo1Cz_NmalvdtfuH3w8KXnxM9T31dHqKKkbPM2Xzcq4CdJav1eEXnElU-2gbQpSJ1TATU_F8HmilibJPRasHg
https://vk.com/doc801981293_667824657?hash=uKjHpXXzaUg2hges0cwPhvWMCHrSb0l3NI2z2GneGIg&dl=rC0OVUQdzEQqIiNmWsrsF5I95cQHuaPEfYtvDMvzEN4&api=1&no_preview=1#rise
https://sun6-20.userapi.com/c909518/u801981293/docs/d41/3cf7d0eda40a/WWW1.bmp?extra=5_odXIEdLt4y08ksTj9GuCa8ylxzT-6uKjF9vj-q9W9BHi1K3wfNWBcxp7PPQucA25aFkDcN2xy8iD0qJ6I6lSgYzW3TpTgniC9ifj14O2a05m8BccHcZ6a1BO_R9ioIGPzrVC5U4wQUXbourg
https://vk.com/doc801981293_667803773?hash=4TZb5YnWuA82PVbdDAhWZa2MZaLOxCkMyK03PTWXZ7k&dl=ybWpay00uXdDBpwpvEqOzXKaXInNaUyNw2LywEIZEV8&api=1&no_preview=1#new
https://db-ip.com/
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
https://vk.com/doc801981293_667834241?hash=DvSmghsP3CrPjN2IBNVkYau13cotAZEGt0DiEf3lYJk&dl=S5qg1Y5PMD7JOdzMlHd2FBmNYuu3V7npVPI4Eju0Ezc&api=1&no_preview=1#as
https://sun6-21.userapi.com/c909328/u801981293/docs/d35/a666a3b3791a/asca1ex.bmp?extra=RZ1sKKjCs3asL6-Rmb6h9AuFQ8ZVNpKIMhVtjKPrh48gxBkF3Kq4SsN0G4vlkhLK1dKNvuNIlxo9zWuEisI1M65KWbIJZU6_cDnXJZz_hxUHzlIDzbxRwDzUK8BAf9qCLcPQgt-m8-bHe8w4zQ
https://sun6-20.userapi.com/c237231/u801981293/docs/d58/52485632444d/Megamode.bmp?extra=Rwi8HSGj9JUJ_V3AlJ39yzh-j3NwSlOmnVNtUYN6A8eJDv89ZLjnGUcNFFkoluNvmJu_lJBvhxLJFO4bf3oq0P8tH9qk6hvwk9-VoCkHlA8-X8YrIXbK0o_RlMG0HEekWoQTtra4kx7e2_7QOg
https://sun6-23.userapi.com/c240331/u801981293/docs/d38/08c3097b4817/PMmp.bmp?extra=jKXALYeyUCvHQkJReo2tb_cQUOrJFTfks4qUGTQp77GPuNlmMqcvdsDYqY2jMwst5hE86GoJNWeQChJq1RiJvq1w9lYdui8TlW7no9gU97iRqx2TxX2eFn_5kJVBNrhUCWlnkH-gZxIO5dYKBQ
https://vk.com/doc801981293_667784660?hash=zbRiifTp5Av5dg501LOiwMYcMMa5aXebyX8aYn9mHXs&dl=Jq7WTBPcVptnnv1nurEtm5GoILYMRNRKYy1tIIn6BX0&api=1&no_preview=1
https://vk.com/doc801981293_667770193?hash=w5GO9htU1xJzYOUziW88RmhbH6cfAswoB9TZmFBHdS0&dl=eVg6hANxUfZR1q8izxmJ9EYQzFLmsQVg5tfxurAnHj0&api=1&no_preview=1#WW1
https://vk.com/doc801981293_667856853?hash=u4TwZPGmvpaLEXEgEofjgmISgf2DosuyvS7wFUA0tZk&dl=8pK0VUDG0zKxMEJJ6FyyCNKfZqf5zwCbcvZUj3dqtQs&api=1&no_preview=1
|
51
app.nnnaajjjgc.com(154.221.26.108)
www.maxmind.com(104.17.215.67)
db-ip.com(104.26.4.15)
api.myip.com(104.26.8.59)
hugersi.com(91.215.85.147) - malware
iplis.ru(148.251.234.93) - mailcious
sun6-22.userapi.com(95.142.206.2)
busell.store(172.67.159.178) - malware
zzz.fhauiehgha.com(103.100.211.218) - mailcious
sun6-21.userapi.com(95.142.206.1) - mailcious
ipinfo.io(34.117.59.81)
us.imgjeoigaa.com(103.100.211.218) - mailcious
iplogger.org(148.251.234.83) - mailcious
sun6-23.userapi.com(95.142.206.3)
sun6-20.userapi.com(95.142.206.0) - mailcious
vk.com(87.240.129.133) - mailcious
bratzen.duckdns.org(84.54.50.42)
api.db-ip.com(172.67.75.166)
148.251.234.93 - mailcious
194.169.175.128 - mailcious
154.221.26.108 - mailcious
104.17.215.67
91.215.85.147 - malware
23.43.165.66
208.67.104.60 - mailcious
176.123.9.85 - mailcious
87.121.221.58 - malware
172.67.75.166
172.67.75.163
193.233.254.61 - mailcious
194.26.135.162 - mailcious
87.240.132.78 - mailcious
34.117.59.81
148.251.234.83
84.54.50.42
194.169.175.233 - malware
94.142.138.131 - mailcious
104.21.9.89 - malware
94.142.138.113 - mailcious
77.91.124.231 - malware
45.15.156.229 - mailcious
51.83.170.21 - mailcious
104.26.4.15
95.142.206.3
163.123.143.4 - mailcious
95.142.206.1 - mailcious
95.142.206.0 - mailcious
77.91.124.54
85.208.136.10 - mailcious
95.142.206.2
103.100.211.218 - malware
|
|
10
http://94.142.138.131/api/firegate.php
http://208.67.104.60/api/tracemap.php
http://193.233.254.61/loghub/master
http://hugersi.com/dl/6523.exe
http://zzz.fhauiehgha.com/m/okka25.exe
http://45.15.156.229/api/tracemap.php
http://87.121.221.58/g.exe
http://94.142.138.131/api/tracemap.php
http://us.imgjeoigaa.com/sts/imagc.jpg
https://busell.store/setup294.exe
|
7.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9383 |
2023-08-16 09:39
|
chromium.vbe 8e99881fa155be4f5705fddd924ecd63
Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
23.67.53.17
172.67.215.45 - malware
|
|
|
9.4 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9384 |
2023-08-16 09:38
|
 6271c26a5690c43c59c23239_PDF2-... 4ba303dbb08db50b93fdcf0494257467
PDF ZIP Format Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9385 |
2023-08-16 09:37
|
 invoice.exe 47699e23b8a46230799ae564517d7519
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB unpack itself |
|
1
gservice-node.io() - mailcious
|
|
|
2.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9386 |
2023-08-16 09:00
|
Capture_Data.dmg 74b6e3b8b30844ab6637b09465a8deae
AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
3.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9387 |
2023-08-16 07:52
|
 addo.exe 6730aa28aed92b39ba1a23d43c45399a
AgentTesla Generic Malware UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File PE32 Browser Info Stealer Email Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted RWX flags setting unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName crashed |
|
2
api.ipify.org(173.231.16.76)
64.185.227.156
|
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9388 |
2023-08-16 07:45
|
 Chromium.exe 903d5f8adb6f17e25f419df6db9c6a77
NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself Windows utilities AppData folder Windows |
3
http://www.uadmxqby.click/sy22/?Wr=2RsY/S9FBj6QLPeouggtRQ1b0duRcgKrNYR0995YjsvkaXUBBH5leRYc6Mb5xb3xD4sXKyM2&Cdxx=inCTmHi8
http://www.sarthaksrishticreation.com/sy22/?Wr=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&Cdxx=inCTmHi8
http://www.docomo-mobileconsulting.com/sy22/?Wr=lVM1xi/uUQcXVrGb3v1MnIj4JTU8QNZxAwtnBLuxN6GTboe8PABHdOr2nABXcw5/boXeCr4R&Cdxx=inCTmHi8
|
6
www.uadmxqby.click(43.154.67.170)
www.docomo-mobileconsulting.com(91.195.240.109)
www.sarthaksrishticreation.com(119.18.49.69)
91.195.240.109
119.18.49.69
43.154.67.170 - mailcious
|
|
|
5.6 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9389 |
2023-08-16 07:43
|
00000000000o0o0o0o0O0O0O0O000o... 64c604cd64a22ab5d6f05ea9770c3212
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
http://192.3.179.157/778/chromium.vbe
|
5
uploaddeimagens.com.br(172.67.215.45) - malware
192.3.179.157
91.235.128.141
121.254.136.27
172.67.215.45 - malware
|
|
|
4.0 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9390 |
2023-08-16 07:42
|
 client32.exe a2b46c59f6e7e395d479b09464ecdba0
UPX PE File PE32 VirusTotal Malware PDB |
|
|
|
|
0.6 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|