9436 |
2023-08-14 07:48
|
file.exe 9c0492ad620a4028c2f4986a28c409f1 UPX Malicious Library OS Processor Check PE File PE32 PDB DNS |
|
1
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9437 |
2023-08-14 07:47
|
wininit.exe cb38f35ebcddff1cb735acad8b65096e Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
17
http://www.playcups.life/pta7/ - rule_id: 35250 http://www.promptyum.com/pta7/?C_EPEnQ=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&De=i55vP4VghF6t http://www.applechiofficial.com/pta7/?C_EPEnQ=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&De=i55vP4VghF6t http://www.acdaiucdac.com/pta7/?C_EPEnQ=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&De=i55vP4VghF6t http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.maytag36.com/pta7/?C_EPEnQ=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&De=i55vP4VghF6t - rule_id: 35246 http://www.applechiofficial.com/pta7/ http://www.yh66985.com/pta7/?C_EPEnQ=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&De=i55vP4VghF6t - rule_id: 35249 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3390000.zip http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.cosmicearthgoddess.com/pta7/?C_EPEnQ=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&De=i55vP4VghF6t - rule_id: 35248 http://www.promptyum.com/pta7/ http://www.selfstorage.koeln/pta7/?C_EPEnQ=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&De=i55vP4VghF6t - rule_id: 35247 http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.acdaiucdac.com/pta7/ http://www.playcups.life/pta7/?C_EPEnQ=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&De=i55vP4VghF6t - rule_id: 35250 http://www.selfstorage.koeln/pta7/ - rule_id: 35247
|
18
www.acdaiucdac.com(165.140.70.70) www.sisbom.online() - mailcious www.yh66985.com(154.215.247.58) - mailcious www.applechiofficial.com(217.144.104.212) - mailcious www.promptyum.com(52.20.84.62) - mailcious www.playcups.life(203.161.58.192) - mailcious www.cosmicearthgoddess.com(74.208.236.61) - mailcious www.selfstorage.koeln(81.169.145.157) - mailcious www.maytag36.com(76.223.26.96) - mailcious 74.208.236.61 - mailcious 165.140.70.70 154.215.247.58 - mailcious 52.20.84.62 - mailcious 81.169.145.157 - mailcious 13.248.148.254 - mailcious 217.144.104.212 - mailcious 45.33.6.223 203.161.58.192 - mailcious
|
|
10
http://www.playcups.life/pta7/ http://www.yh66985.com/pta7/ http://www.maytag36.com/pta7/ http://www.yh66985.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.maytag36.com/pta7/ http://www.playcups.life/pta7/ http://www.selfstorage.koeln/pta7/
|
7.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9438 |
2023-08-14 07:46
|
blackfridaydiscount.exe 86ee347279e32641070f69e669ec98e2 UPX Malicious Library OS Processor Check PE File PE32 Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9439 |
2023-08-14 07:46
|
djdffvj.exe c8e60225448e9cda23b291b6b16bf78b UPX Malicious Library OS Processor Check PE File PE32 PDB Remote Code Execution DNS |
|
2
104.75.41.21 - mailcious 192.210.255.48
|
|
|
1.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9440 |
2023-08-14 07:45
|
iii.exe 9a936fa4437b6acf28528e23094339f5 Browser Login Data Stealer Generic Malware Downloader UPX Malicious Library Malicious Packer ScreenShot AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50) 178.237.33.50 192.210.255.48
|
|
|
10.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9441 |
2023-08-14 07:41
|
build666.exe 328064b232879fe34864e9c6d88608ed Vidar UPX Malicious Library Anti_VM OS Processor Check PE File PE32 Malware MachineGuid Malicious Traffic Creates executable files unpack itself ComputerName DNS crashed |
4
http://37.27.11.1/6ba937c4f557f3e5e256c94548f72a29
http://37.27.11.1/forum.zip
https://steamcommunity.com/profiles/76561199536605936 - rule_id: 35753
https://t.me/tatlimark
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.76.78.101) - mailcious 149.154.167.99 - mailcious
37.27.11.1
104.75.41.21 - mailcious
|
|
1
https://steamcommunity.com/profiles/76561199536605936
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9442 |
2023-08-14 07:38
|
kaman.exe ca500bce560719b0cd2cfbe3716028d3 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 DLL PDB Code Injection Checks debugger Creates executable files unpack itself AppData folder Remote Code Execution |
|
|
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9443 |
2023-08-14 02:25
|
usbkdp adf713f2c1eb97a952412457c4eb310d AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email |
|
|
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9444 |
2023-08-14 02:10
|
ssh-keygen.txt 7ce66b739995fd30cec1a25636f2579a ScreenShot AntiDebug AntiVM Check memory unpack itself |
|
|
|
|
1.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9445 |
2023-08-12 19:18
|
ikmerozx.doc 75bd1384535d144dac3817b457526119 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed |
1
http://2.59.254.18/_errorpages/ikmerozx.exe
|
1
|
|
|
4.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9446 |
2023-08-12 19:16
|
31839b57a4f11171d6abc8bbc4451e... b2e91cdd0e1c97efec540f2f60472d94 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB |
|
|
|
|
2.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9447 |
2023-08-12 19:15
|
oncestatistic.exe 7f84503a1a12b3edb0da052aad05e49c Gen1 Emotet Malicious Library .NET framework(MSIL) CAB PE64 PE File .NET EXE PE32 VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Windows Remote Code Execution DNS |
|
2
files.catbox.moe(108.181.20.39) - malware 108.181.20.39
|
|
|
6.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9448 |
2023-08-12 19:14
|
toolspub2.exe a76e515e1150c903070a1eb1b2d216c0 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware PDB |
|
|
|
|
3.0 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9449 |
2023-08-12 19:13
|
doudian8574.exe 11746e92a679b202ffc31a9397db030f Malicious Library UPX PE64 PE File CHM Format OS Processor Check DLL VirusTotal Malware MachineGuid Creates executable files unpack itself Browser DNS |
6
https://2023816.oss-cn-hangzhou.aliyuncs.com/qd.CHM https://2023816.oss-cn-hangzhou.aliyuncs.com/md.exe https://yts2023811.oss-cn-hangzhou.aliyuncs.com/3.bin https://2023816.oss-cn-hangzhou.aliyuncs.com/hrsgdsb8574wknzms.jpg https://2023815.oss-cn-hangzhou.aliyuncs.com/UnityPlayer.dll https://2023815.oss-cn-hangzhou.aliyuncs.com/ttd.exe
|
6
yts2023811.oss-cn-hangzhou.aliyuncs.com(121.199.204.179) 2023816.oss-cn-hangzhou.aliyuncs.com(47.110.23.90) 2023815.oss-cn-hangzhou.aliyuncs.com(121.199.204.174) 121.199.204.179 47.110.23.90 121.199.204.174
|
|
|
5.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9450 |
2023-08-12 19:12
|
isbinzx.exe d60926cbe4de77584ee8e5f7b8268909 Malicious Library PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|