| 9451 |
2023-10-19 07:59
|
 audiodgse.exe d7bde041b821e3b3e6e3a71846cee9ef
Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself DNS |
5
http://www.vaskaworldairways.com/sy22/?Dxlpd=0xwPlKA6nfVb2/YVENf+IWv5xvicy/R8paHQQCrWR7ymRnci8vQj1/jQPH6Z9LiVJHGqShyE&mnSh=Txlhkdx - rule_id: 35942
http://www.zhperviepixie.com/sy22/?Dxlpd=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&mnSh=Txlhkdx - rule_id: 35635
http://www.gracefullytouchedartistry.com/sy22/?Dxlpd=32OyyUZHwqvJixPuiOQtM5MnMYIWhWk0yyAoMHrFdBB4wJvVGBkivZFh4+NGsLP7HahAbSBt&mnSh=Txlhkdx - rule_id: 35940
http://www.docomo-mobileconsulting.com/sy22/?Dxlpd=lVM1xi/uUQcXVrGb3v1MnIj4JTU8QNZxAwtnBLuxN6GTboe8PABHdOr2nABXcw5/boXeCr4R&mnSh=Txlhkdx - rule_id: 35906
http://www.vinteligencia.com/sy22/?Dxlpd=bFBzPUMpurqsSaAEhywdCFYwBQqPS0zKvFatuRp4xXu+SuvLn4C9Xg+acXGhzE1ceHoH+Iro&mnSh=Txlhkdx - rule_id: 35688
|
11
www.vaskaworldairways.com(97.118.134.29) - mailcious
www.vinteligencia.com(172.67.198.50) - mailcious
www.docomo-mobileconsulting.com(185.53.177.52) - mailcious
www.zhperviepixie.com(167.172.228.26) - mailcious
www.gracefullytouchedartistry.com(34.149.87.45) - mailcious
34.149.87.45 - phishing
172.67.198.50
167.172.228.26 - mailcious
185.53.177.52 - mailcious
97.118.134.29
131.153.76.130 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
5
http://www.vaskaworldairways.com/sy22/
http://www.zhperviepixie.com/sy22/
http://www.gracefullytouchedartistry.com/sy22/
http://www.docomo-mobileconsulting.com/sy22/
http://www.vinteligencia.com/sy22/
|
4.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9452 |
2023-10-19 07:56
|
 audiodgse.exe 5f19da54cd1ddcef58de1e0bdf595459
.NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9453 |
2023-10-19 07:55
|
 system32.exe d1e40dfbae57e5f3205117f5c9d64a76
Vidar Gen1 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Telegram MachineGuid Malicious Traffic Check memory WMI Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces AntiVM_Disk sandbox evasion anti-virtualization VM Disk Size Check installed browsers check Tofsee Browser Email ComputerName DNS Software crashed |
4
http://5.75.212.77/
http://5.75.212.77/upgrade.zip
http://5.75.212.77/f02b730f81476e82205d9d2eb21e0ef8
https://steamcommunity.com/profiles/76561199563297648 - rule_id: 37362
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.75.41.21) - mailcious
149.154.167.99 - mailcious
5.75.212.77
104.76.78.101 - mailcious
|
4
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO Dotted Quad Host ZIP Request
|
1
https://steamcommunity.com/profiles/76561199563297648
|
13.2 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9454 |
2023-10-19 07:54
|
 audiodgse.exe 0ea00cd19382a471a5f599c54dff91f1
UPX .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.6 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9455 |
2023-10-19 07:52
|
 audiodgse.exe 834f8d3c68e80cb0288dac71275bf89a
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9456 |
2023-10-19 07:52
|
 undergroundzx.exe 050408a7ec8e1c0ef8a7e417fbccc299
LokiBot .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Discord Browser Email ComputerName DNS Software crashed keylogger |
1
https://discordapp.com/api/webhooks/1163583965509197905/ZzAXRCqQ-ibE4oUwqs0NHv2AGzFsUnKD01ZpDXfNz05uyDGnR6CuWR8nGyVChCCCECqd
|
4
discordapp.com(162.159.129.233) - mailcious
api.ipify.org(104.237.62.212)
173.231.16.77
162.159.135.233 - malware
|
6
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
|
|
13.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9457 |
2023-10-19 07:50
|
 audiodgse.exe 8ed749953dfc694808ed27f1aea08b71
Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
2
api.ipify.org(64.185.227.156)
64.185.227.156
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9458 |
2023-10-19 07:49
|
 damianozx.exe 487fa93e89fd1ec0969e0083966714bd
PWS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(104.237.62.212)
64.185.227.156
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.8 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9459 |
2023-10-19 02:14
|
 Rechung-87_PDF.js.pdf 64b82476268205bc28b7fccca5808cf0
PDF |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9460 |
2023-10-18 18:04
|
 sogn.exe b67ddf6cef57729b557a66460c0b6dd4
UPX .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9461 |
2023-10-18 18:01
|
 test.exe 3939345bad08812d7dba41f064c1665d
Malicious Packer PE File PE32 VirusTotal Malware unpack itself DNS |
|
2
167.172.140.132 - malware
91.235.128.141
|
|
|
3.6 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9462 |
2023-10-18 18:00
|
 arinzezx.exe e25e15eb096d884c88cce0f4e079d2de
UPX .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Browser Email ComputerName Software crashed |
|
2
cp5ua.hyperhost.ua(91.235.128.141)
91.235.128.141
|
2
SURICATA Applayer Detect protocol only one direction
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.8 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9463 |
2023-10-18 17:57
|
 123.exe 62914a3d73d59716bd8dbbbd947f6a02
RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key |
|
1
88.99.105.150 - mailcious
|
|
|
3.8 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9464 |
2023-10-18 17:55
|
 abun.exe 85b7d14c272f7d0ad66a74ec947b7677
UPX .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
|
4
mymobileorder.com(162.0.232.65)
api.ipify.org(64.185.227.156)
104.237.62.212
162.0.232.65 - phishing
|
5
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
SURICATA Applayer Detect protocol only one direction
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9465 |
2023-10-18 17:55
|
 obizx.exe d08792fa3031b847d0fd6bd56d10ee93
PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|