| 9451 |
2023-08-16 07:36
|
 wininit.exe 7f162aac8d8d2af6c52e87a85a1547e5
Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
17
http://www.acdaiucdac.com/pta7/ - rule_id: 35847
http://www.playcups.life/pta7/ - rule_id: 35250
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip
http://www.promptyum.com/pta7/?3KQc7=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35845
http://www.yh66985.com/pta7/ - rule_id: 35249
http://www.acdaiucdac.com/pta7/?3KQc7=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35847
http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248
http://www.maytag36.com/pta7/?3KQc7=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35246
http://www.selfstorage.koeln/pta7/?3KQc7=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35247
http://www.applechiofficial.com/pta7/ - rule_id: 35846
http://www.applechiofficial.com/pta7/?3KQc7=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35846
http://www.promptyum.com/pta7/ - rule_id: 35845
http://www.maytag36.com/pta7/ - rule_id: 35246
http://www.playcups.life/pta7/?3KQc7=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35250
http://www.cosmicearthgoddess.com/pta7/?3KQc7=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35248
http://www.yh66985.com/pta7/?3KQc7=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35249
http://www.selfstorage.koeln/pta7/ - rule_id: 35247
|
18
www.acdaiucdac.com(165.140.70.70) - mailcious
www.sisbom.online() - mailcious
www.yh66985.com(154.215.247.58) - mailcious
www.applechiofficial.com(217.144.104.212) - mailcious
www.promptyum.com(52.20.84.62) - mailcious
www.playcups.life(203.161.58.192) - mailcious
www.cosmicearthgoddess.com(74.208.236.61) - mailcious
www.selfstorage.koeln(81.169.145.157) - mailcious
www.maytag36.com(76.223.26.96) - mailcious
74.208.236.61 - mailcious
165.140.70.70 - mailcious
154.215.247.58 - mailcious
52.20.84.62 - mailcious
81.169.145.157 - mailcious
13.248.148.254 - mailcious
217.144.104.212 - mailcious
45.33.6.223
203.161.58.192 - mailcious
|
|
16
http://www.acdaiucdac.com/pta7/
http://www.playcups.life/pta7/
http://www.promptyum.com/pta7/
http://www.yh66985.com/pta7/
http://www.acdaiucdac.com/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.maytag36.com/pta7/
http://www.selfstorage.koeln/pta7/
http://www.applechiofficial.com/pta7/
http://www.applechiofficial.com/pta7/
http://www.promptyum.com/pta7/
http://www.maytag36.com/pta7/
http://www.playcups.life/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.yh66985.com/pta7/
http://www.selfstorage.koeln/pta7/
|
8.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9452 |
2023-08-16 07:36
|
 wininit.exe 64870ba5b0e92b05dc383959e02782ce
Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD |
22
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip
http://www.cosmicearthgoddess.com/pta7/?aHip=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&15=_oc9 - rule_id: 35248
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip
http://www.selfstorage.koeln/pta7/ - rule_id: 35247
http://www.selfstorage.koeln/pta7/?aHip=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&15=_oc9 - rule_id: 35247
http://www.promptyum.com/pta7/?aHip=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&15=_oc9 - rule_id: 35845
http://www.maytag36.com/pta7/?aHip=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&15=_oc9 - rule_id: 35246
http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248
http://www.playcups.life/pta7/?aHip=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&15=_oc9 - rule_id: 35250
http://www.promptyum.com/pta7/ - rule_id: 35845
http://www.acdaiucdac.com/pta7/?aHip=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&15=_oc9 - rule_id: 35847
http://www.playcups.life/pta7/ - rule_id: 35250
http://www.applechiofficial.com/pta7/ - rule_id: 35846
http://www.grmlfgsz.click/pta7/?aHip=ZUw0DE2tTfMrS/vGgTqiPtR9iLDJ7ITJFCKtS8euE2iaohDcpFUZC4QpBbwyViCfiPHxoQAr+wVp68on4xa7Qrqk1k7DdBy37sJAI4o=&15=_oc9 - rule_id: 35857
http://www.grmlfgsz.click/pta7/ - rule_id: 35857
http://www.acdaiucdac.com/pta7/ - rule_id: 35847
http://www.yh66985.com/pta7/?aHip=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&15=_oc9 - rule_id: 35249
http://www.yh66985.com/pta7/ - rule_id: 35249
http://www.workationdelsol.com/pta7/?aHip=KwcplsCPI1RgA9llBgRI7UZiW4SpOPY+6KzEsYVNfDztjut0HKme+ulBSzhiqB8GHLrJm3E5Mws5yZIdMQ67aG0FcK0zVEj9Psx/60M=&15=_oc9 - rule_id: 35856
http://www.applechiofficial.com/pta7/?aHip=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&15=_oc9 - rule_id: 35846
http://www.maytag36.com/pta7/ - rule_id: 35246
http://www.workationdelsol.com/pta7/ - rule_id: 35856
|
24
www.workationdelsol.com(81.169.145.159) - mailcious
www.applechiofficial.com(217.144.104.212) - mailcious
www.selfstorage.koeln(81.169.145.157) - mailcious
www.grmlfgsz.click(172.67.178.188) - mailcious
www.s7ve7.top(107.148.23.45)
www.acdaiucdac.com(165.140.70.70) - mailcious
www.promptyum.com(52.20.84.62) - mailcious
www.yh66985.com(154.215.247.58) - mailcious
www.playcups.life(203.161.58.192) - mailcious
www.cosmicearthgoddess.com(74.208.236.61) - mailcious
www.maytag36.com(76.223.26.96) - mailcious
www.sisbom.online() - mailcious
81.169.145.159 - mailcious
107.148.23.45
172.67.178.188
74.208.236.61 - mailcious
52.20.84.62 - mailcious
81.169.145.157 - mailcious
13.248.148.254 - mailcious
203.161.58.192 - mailcious
165.140.70.70 - mailcious
217.144.104.212 - mailcious
45.33.6.223
154.215.247.58 - mailcious
|
|
20
http://www.cosmicearthgoddess.com/pta7/
http://www.selfstorage.koeln/pta7/
http://www.selfstorage.koeln/pta7/
http://www.promptyum.com/pta7/
http://www.maytag36.com/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.playcups.life/pta7/
http://www.promptyum.com/pta7/
http://www.acdaiucdac.com/pta7/
http://www.playcups.life/pta7/
http://www.applechiofficial.com/pta7/
http://www.grmlfgsz.click/pta7/
http://www.grmlfgsz.click/pta7/
http://www.acdaiucdac.com/pta7/
http://www.yh66985.com/pta7/
http://www.yh66985.com/pta7/
http://www.workationdelsol.com/pta7/
http://www.applechiofficial.com/pta7/
http://www.maytag36.com/pta7/
http://www.workationdelsol.com/pta7/
|
9.6 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9453 |
2023-08-16 07:36
|
 chromium.exe 3333fe1aabfb8bdfd7ad0453b532976a
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9454 |
2023-08-15 19:16
|
 builsrtdd.exe 3656380b872547ff69f460c90328d257
UPX Malicious Library Anti_VM OS Processor Check PE File PE32 VirusTotal Malware MachineGuid Malicious Traffic Creates executable files unpack itself ComputerName DNS crashed |
4
http://95.216.183.42/pack.zip
http://95.216.183.42/980843ac508a7fe8f556d42e4c5cfb54
https://steamcommunity.com/profiles/76561199541261200
https://t.me/odyssey_tg
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(184.87.111.197) - mailcious
149.154.167.99 - mailcious
23.34.107.26
95.216.183.42
|
|
|
4.4 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9455 |
2023-08-15 19:13
|
 hunresgytv.hta 4e0111996bd46a5eadce11ea29ebae3c
Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Exploit ComputerName DNS Cryptographic key crashed |
|
|
|
|
9.2 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9456 |
2023-08-15 19:12
|
 upd-download(st-ct).url bad6f985683173fbda122d222a10e010
AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection Malicious Traffic Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
3
http://94.156.253.17/Downloads/build-new.lnk
http://94.156.253.17/
http://94.156.253.17/Downloads
|
1
94.156.253.17 - mailcious
|
|
|
5.0 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9457 |
2023-08-15 19:12
|
 build1234.exe 5fb59ec46fd6a15ac0856e37fe226573
RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
6.2 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9458 |
2023-08-15 16:15
|
 PNe5J9o1XCKpHYk.exe 40be18ff344e38f80cec056f5bd97f21
UPX .NET framework(MSIL) Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key |
|
1
|
|
|
15.4 |
M |
55 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9459 |
2023-08-15 10:44
|
 wininit.exe 866092635503625027bd65cacbeb3abd
Formbook Generic Malware Antivirus PWS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
6
http://www.royaltotojp.life/gs22/?tZi0=XqGT28VuwgR0tHIWJ12GlexZBkdeEH2omtvxSMlxLbtL0z8j7vfoLf8TYWqqB6Qy1HltMte6&Unt48=GTd0sn7PmjlLKfx&sql=1
http://www.czcblzky.click/gs22/
http://www.royaltotojp.life/gs22/
http://www.wtd6e.buzz/gs22/
http://www.wtd6e.buzz/gs22/?tZi0=VDoZsXgJ33m6GMTGrBxkXeJI5VWl9LckgAFZWBineURiSKUttTcioIZjL6dcFMz5k6jMXEOi&Unt48=GTd0sn7PmjlLKfx&sql=1
http://www.czcblzky.click/gs22/?tZi0=J8uqsMNsS5Yn0BkrkL7ZAY4qgjZ7ppo07do+1ANX1PvbNDE/4Q/w494tyz+wglG6mRixLfnE&Unt48=GTd0sn7PmjlLKfx&sql=1
|
6
www.royaltotojp.life(104.21.47.213)
www.wtd6e.buzz(104.21.41.43)
www.czcblzky.click(43.154.67.170)
104.21.47.213
172.67.159.243
43.154.67.170 - mailcious
|
|
|
11.6 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9460 |
2023-08-15 10:41
|
000000000000000%23%23%23%23%23... 856951e629035c756ed107835a218653
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
5
http://www.xc14265.com/gs22/?J6A=SuVcmOAn2xRPN/PRwV8ysuHDkHc3DBMicxYHYVuZpNjcYi1EwU9TL0jT8CMJ1e4bcGmvv8cy&YL3=9rNhv2&sql=1
http://www.carnivoroussnacks.com/gs22/?J6A=Pq7DZlSzFefC8E+AEVaPt7VRxf8NJwnXcTNfiZeG3B/taPM2i2unT71hL8hyN6OHJcS/jyoU&YL3=9rNhv2&sql=1
http://www.carnivoroussnacks.com/gs22/
http://www.xc14265.com/gs22/
http://103.6.248.9/S138M/wininit.exe
|
6
www.xc14265.com(20.210.252.134)
www.cafesmood.store()
www.carnivoroussnacks.com(142.250.207.115)
103.6.248.9 - malware
142.250.204.83
20.210.252.27
|
|
|
5.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9461 |
2023-08-15 10:40
|
 crypted.exe 97ec989085e99d2df0426b73620812b0
UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Code Injection Check memory buffers extracted unpack itself Collect installed applications sandbox evasion WriteConsoleW anti-virtualization installed browsers check Browser ComputerName DNS |
1
http://94.131.107.238/3aa13fff14e398a1.php
|
1
94.131.107.238 - mailcious
|
|
|
10.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9462 |
2023-08-15 10:39
|
EGK.vbs 6b1d1a7455742408ac22e8d243998296
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
http://94.156.161.167/tl/ert09.txt
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
182.162.106.32
104.21.45.138 - malware
|
|
|
8.8 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9463 |
2023-08-15 10:36
|
 ewrqqfaaa.exe 3798e6dae3df606799111b63bf54aad9
UPX Malicious Packer OS Processor Check PE File PE32 VirusTotal Malware Checks debugger Remote Code Execution |
|
|
|
|
1.6 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9464 |
2023-08-15 10:35
|
 C1pNaIqyfDshEdy.exe c36113ac380951204651c549f3eab824
Formbook NSIS UPX Malicious Library ASPack PE File PE32 OS Processor Check DLL VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
4
http://www.foreverenamored.com/s27k/?jPg8=K0JmOqXr9HCtj2qTWz3wm1ISclVIfppkL5EMoSSMyzeFhY/mEgvox6BxsSrLYXaYq3j87tFB&0rn=WHrpcFC0d - rule_id: 35578
http://www.recetasfaciles.online/s27k/?jPg8=IP+gCJr4i0UK4WoLUFibm9NvX6KUa6cqerNF0fRTUawEz/u35uLTKVzQ6VGTVmNLPMnAirAk&0rn=WHrpcFC0d
http://www.amitravel.info/s27k/?jPg8=YmgXLomuRRyTNUFYOSs0S8Nfvo95Vs+Z6enyvD/2a16SVN4BDc3+Cwr4kMuk0uzccTKbOYcD&0rn=WHrpcFC0d
http://www.blkfence.com/s27k/?jPg8=rkgaiCJU3/PxhQ34LZviyD3FUF4aIN30Rtnx7Sh2laJQr1EMwvmKNq6J82ijchkqGalg+gl9&0rn=WHrpcFC0d
|
8
www.blkfence.com(108.163.217.86)
www.recetasfaciles.online(199.59.243.224)
www.amitravel.info(34.98.99.30)
www.foreverenamored.com(185.181.104.242) - mailcious
199.59.243.224 - mailcious
108.163.217.86
185.181.104.242 - mailcious
34.98.99.30 - phishing
|
|
1
http://www.foreverenamored.com/s27k/
|
4.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9465 |
2023-08-15 10:33
|
 chrme.exe 5b04c44af744f95bf670840cea457616
ASPack PE File PE32 VirusTotal Malware suspicious privilege sandbox evasion Browser ComputerName Remote Code Execution |
|
|
|
|
3.6 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|