9451 |
2023-08-16 07:36
|
wininit.exe 7f162aac8d8d2af6c52e87a85a1547e5 Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
17
http://www.acdaiucdac.com/pta7/ - rule_id: 35847 http://www.playcups.life/pta7/ - rule_id: 35250 http://www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip http://www.promptyum.com/pta7/?3KQc7=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35845 http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.acdaiucdac.com/pta7/?3KQc7=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35847 http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.maytag36.com/pta7/?3KQc7=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35246 http://www.selfstorage.koeln/pta7/?3KQc7=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35247 http://www.applechiofficial.com/pta7/ - rule_id: 35846 http://www.applechiofficial.com/pta7/?3KQc7=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35846 http://www.promptyum.com/pta7/ - rule_id: 35845 http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.playcups.life/pta7/?3KQc7=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35250 http://www.cosmicearthgoddess.com/pta7/?3KQc7=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35248 http://www.yh66985.com/pta7/?3KQc7=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&-XQ_Ia=PCu1nHmFlVYPOKh - rule_id: 35249 http://www.selfstorage.koeln/pta7/ - rule_id: 35247
|
18
www.acdaiucdac.com(165.140.70.70) - mailcious www.sisbom.online() - mailcious www.yh66985.com(154.215.247.58) - mailcious www.applechiofficial.com(217.144.104.212) - mailcious www.promptyum.com(52.20.84.62) - mailcious www.playcups.life(203.161.58.192) - mailcious www.cosmicearthgoddess.com(74.208.236.61) - mailcious www.selfstorage.koeln(81.169.145.157) - mailcious www.maytag36.com(76.223.26.96) - mailcious 74.208.236.61 - mailcious 165.140.70.70 - mailcious 154.215.247.58 - mailcious 52.20.84.62 - mailcious 81.169.145.157 - mailcious 13.248.148.254 - mailcious 217.144.104.212 - mailcious 45.33.6.223 203.161.58.192 - mailcious
|
|
16
http://www.acdaiucdac.com/pta7/ http://www.playcups.life/pta7/ http://www.promptyum.com/pta7/ http://www.yh66985.com/pta7/ http://www.acdaiucdac.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.maytag36.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.applechiofficial.com/pta7/ http://www.applechiofficial.com/pta7/ http://www.promptyum.com/pta7/ http://www.maytag36.com/pta7/ http://www.playcups.life/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.yh66985.com/pta7/ http://www.selfstorage.koeln/pta7/
|
8.8 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9452 |
2023-08-16 07:36
|
wininit.exe 64870ba5b0e92b05dc383959e02782ce Formbook Confuser .NET AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself suspicious TLD |
22
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip http://www.cosmicearthgoddess.com/pta7/?aHip=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&15=_oc9 - rule_id: 35248 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.selfstorage.koeln/pta7/ - rule_id: 35247 http://www.selfstorage.koeln/pta7/?aHip=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&15=_oc9 - rule_id: 35247 http://www.promptyum.com/pta7/?aHip=51fXUovDvl40Gay+bBOuV4csAD2CR1Bn3rNklAoym8RSa3YWX1JZVvP1mooqhecBmHsju7ND43XQhJhW/MWm8p48YIEfLWeZ5rDjg9Q=&15=_oc9 - rule_id: 35845 http://www.maytag36.com/pta7/?aHip=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&15=_oc9 - rule_id: 35246 http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248 http://www.playcups.life/pta7/?aHip=owQQ/LdvYhr1hQA44RH9bUiltN1V9/nW3nzbuZ7AnukoApd9+FtfvWC4rKSj4oUCaFCHPCKOWRRPvWiBpKGkSpFpDTHalZsc88EWemY=&15=_oc9 - rule_id: 35250 http://www.promptyum.com/pta7/ - rule_id: 35845 http://www.acdaiucdac.com/pta7/?aHip=43v7Ny/HipLC1/i8/EHFbQWk+eiIQ/u53GN7wShSu/utS8xmabSGaVvVJrZKwfQ4W1iMjfgim/Qvgf/YMs2AzVLD8F/JP8IFS4Qjg6E=&15=_oc9 - rule_id: 35847 http://www.playcups.life/pta7/ - rule_id: 35250 http://www.applechiofficial.com/pta7/ - rule_id: 35846 http://www.grmlfgsz.click/pta7/?aHip=ZUw0DE2tTfMrS/vGgTqiPtR9iLDJ7ITJFCKtS8euE2iaohDcpFUZC4QpBbwyViCfiPHxoQAr+wVp68on4xa7Qrqk1k7DdBy37sJAI4o=&15=_oc9 - rule_id: 35857 http://www.grmlfgsz.click/pta7/ - rule_id: 35857 http://www.acdaiucdac.com/pta7/ - rule_id: 35847 http://www.yh66985.com/pta7/?aHip=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&15=_oc9 - rule_id: 35249 http://www.yh66985.com/pta7/ - rule_id: 35249 http://www.workationdelsol.com/pta7/?aHip=KwcplsCPI1RgA9llBgRI7UZiW4SpOPY+6KzEsYVNfDztjut0HKme+ulBSzhiqB8GHLrJm3E5Mws5yZIdMQ67aG0FcK0zVEj9Psx/60M=&15=_oc9 - rule_id: 35856 http://www.applechiofficial.com/pta7/?aHip=3tLz2GELRqgUNEe3Tg6pYXQ6INf+7Y5kvPosXVoeGK7Pb7+bWmhYMZiQ8dlF92mvy5mXj5zMlug3M8Fw5MW69FZ659FzjUfEuZ9BwIA=&15=_oc9 - rule_id: 35846 http://www.maytag36.com/pta7/ - rule_id: 35246 http://www.workationdelsol.com/pta7/ - rule_id: 35856
|
24
www.workationdelsol.com(81.169.145.159) - mailcious www.applechiofficial.com(217.144.104.212) - mailcious www.selfstorage.koeln(81.169.145.157) - mailcious www.grmlfgsz.click(172.67.178.188) - mailcious www.s7ve7.top(107.148.23.45) www.acdaiucdac.com(165.140.70.70) - mailcious www.promptyum.com(52.20.84.62) - mailcious www.yh66985.com(154.215.247.58) - mailcious www.playcups.life(203.161.58.192) - mailcious www.cosmicearthgoddess.com(74.208.236.61) - mailcious www.maytag36.com(76.223.26.96) - mailcious www.sisbom.online() - mailcious 81.169.145.159 - mailcious 107.148.23.45 172.67.178.188 74.208.236.61 - mailcious 52.20.84.62 - mailcious 81.169.145.157 - mailcious 13.248.148.254 - mailcious 203.161.58.192 - mailcious 165.140.70.70 - mailcious 217.144.104.212 - mailcious 45.33.6.223 154.215.247.58 - mailcious
|
|
20
http://www.cosmicearthgoddess.com/pta7/ http://www.selfstorage.koeln/pta7/ http://www.selfstorage.koeln/pta7/ http://www.promptyum.com/pta7/ http://www.maytag36.com/pta7/ http://www.cosmicearthgoddess.com/pta7/ http://www.playcups.life/pta7/ http://www.promptyum.com/pta7/ http://www.acdaiucdac.com/pta7/ http://www.playcups.life/pta7/ http://www.applechiofficial.com/pta7/ http://www.grmlfgsz.click/pta7/ http://www.grmlfgsz.click/pta7/ http://www.acdaiucdac.com/pta7/ http://www.yh66985.com/pta7/ http://www.yh66985.com/pta7/ http://www.workationdelsol.com/pta7/ http://www.applechiofficial.com/pta7/ http://www.maytag36.com/pta7/ http://www.workationdelsol.com/pta7/
|
9.6 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9453 |
2023-08-16 07:36
|
chromium.exe 3333fe1aabfb8bdfd7ad0453b532976a UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9454 |
2023-08-15 19:16
|
builsrtdd.exe 3656380b872547ff69f460c90328d257 UPX Malicious Library Anti_VM OS Processor Check PE File PE32 VirusTotal Malware MachineGuid Malicious Traffic Creates executable files unpack itself ComputerName DNS crashed |
4
http://95.216.183.42/pack.zip
http://95.216.183.42/980843ac508a7fe8f556d42e4c5cfb54
https://steamcommunity.com/profiles/76561199541261200
https://t.me/odyssey_tg
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(184.87.111.197) - mailcious 149.154.167.99 - mailcious
23.34.107.26
95.216.183.42
|
|
|
4.4 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9455 |
2023-08-15 19:13
|
hunresgytv.hta 4e0111996bd46a5eadce11ea29ebae3c Generic Malware Antivirus AntiDebug AntiVM PowerShell MSOffice File VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Exploit ComputerName DNS Cryptographic key crashed |
|
|
|
|
9.2 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9456 |
2023-08-15 19:12
|
upd-download(st-ct).url bad6f985683173fbda122d222a10e010 AntiDebug AntiVM URL Format MSOffice File VirusTotal Malware Code Injection Malicious Traffic Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
3
http://94.156.253.17/Downloads/build-new.lnk http://94.156.253.17/ http://94.156.253.17/Downloads
|
1
94.156.253.17 - mailcious
|
|
|
5.0 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9457 |
2023-08-15 19:12
|
build1234.exe 5fb59ec46fd6a15ac0856e37fe226573 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
6.2 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9458 |
2023-08-15 16:15
|
PNe5J9o1XCKpHYk.exe 40be18ff344e38f80cec056f5bd97f21 UPX .NET framework(MSIL) Admin Tool (Sysinternals etc ...) DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key |
|
1
|
|
|
15.4 |
M |
55 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9459 |
2023-08-15 10:44
|
wininit.exe 866092635503625027bd65cacbeb3abd Formbook Generic Malware Antivirus PWS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
6
http://www.royaltotojp.life/gs22/?tZi0=XqGT28VuwgR0tHIWJ12GlexZBkdeEH2omtvxSMlxLbtL0z8j7vfoLf8TYWqqB6Qy1HltMte6&Unt48=GTd0sn7PmjlLKfx&sql=1 http://www.czcblzky.click/gs22/ http://www.royaltotojp.life/gs22/ http://www.wtd6e.buzz/gs22/ http://www.wtd6e.buzz/gs22/?tZi0=VDoZsXgJ33m6GMTGrBxkXeJI5VWl9LckgAFZWBineURiSKUttTcioIZjL6dcFMz5k6jMXEOi&Unt48=GTd0sn7PmjlLKfx&sql=1 http://www.czcblzky.click/gs22/?tZi0=J8uqsMNsS5Yn0BkrkL7ZAY4qgjZ7ppo07do+1ANX1PvbNDE/4Q/w494tyz+wglG6mRixLfnE&Unt48=GTd0sn7PmjlLKfx&sql=1
|
6
www.royaltotojp.life(104.21.47.213) www.wtd6e.buzz(104.21.41.43) www.czcblzky.click(43.154.67.170) 104.21.47.213 172.67.159.243 43.154.67.170 - mailcious
|
|
|
11.6 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9460 |
2023-08-15 10:41
|
000000000000000%23%23%23%23%23... 856951e629035c756ed107835a218653 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
5
http://www.xc14265.com/gs22/?J6A=SuVcmOAn2xRPN/PRwV8ysuHDkHc3DBMicxYHYVuZpNjcYi1EwU9TL0jT8CMJ1e4bcGmvv8cy&YL3=9rNhv2&sql=1
http://www.carnivoroussnacks.com/gs22/?J6A=Pq7DZlSzFefC8E+AEVaPt7VRxf8NJwnXcTNfiZeG3B/taPM2i2unT71hL8hyN6OHJcS/jyoU&YL3=9rNhv2&sql=1
http://www.carnivoroussnacks.com/gs22/
http://www.xc14265.com/gs22/
http://103.6.248.9/S138M/wininit.exe
|
6
www.xc14265.com(20.210.252.134)
www.cafesmood.store()
www.carnivoroussnacks.com(142.250.207.115) 103.6.248.9 - malware
142.250.204.83
20.210.252.27
|
|
|
5.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9461 |
2023-08-15 10:40
|
crypted.exe 97ec989085e99d2df0426b73620812b0 UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Code Injection Check memory buffers extracted unpack itself Collect installed applications sandbox evasion WriteConsoleW anti-virtualization installed browsers check Browser ComputerName DNS |
1
http://94.131.107.238/3aa13fff14e398a1.php
|
1
94.131.107.238 - mailcious
|
|
|
10.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9462 |
2023-08-15 10:39
|
EGK.vbs 6b1d1a7455742408ac22e8d243998296 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
http://94.156.161.167/tl/ert09.txt
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 182.162.106.32
104.21.45.138 - malware
|
|
|
8.8 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9463 |
2023-08-15 10:36
|
ewrqqfaaa.exe 3798e6dae3df606799111b63bf54aad9 UPX Malicious Packer OS Processor Check PE File PE32 VirusTotal Malware Checks debugger Remote Code Execution |
|
|
|
|
1.6 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9464 |
2023-08-15 10:35
|
C1pNaIqyfDshEdy.exe c36113ac380951204651c549f3eab824 Formbook NSIS UPX Malicious Library ASPack PE File PE32 OS Processor Check DLL VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
4
http://www.foreverenamored.com/s27k/?jPg8=K0JmOqXr9HCtj2qTWz3wm1ISclVIfppkL5EMoSSMyzeFhY/mEgvox6BxsSrLYXaYq3j87tFB&0rn=WHrpcFC0d - rule_id: 35578 http://www.recetasfaciles.online/s27k/?jPg8=IP+gCJr4i0UK4WoLUFibm9NvX6KUa6cqerNF0fRTUawEz/u35uLTKVzQ6VGTVmNLPMnAirAk&0rn=WHrpcFC0d http://www.amitravel.info/s27k/?jPg8=YmgXLomuRRyTNUFYOSs0S8Nfvo95Vs+Z6enyvD/2a16SVN4BDc3+Cwr4kMuk0uzccTKbOYcD&0rn=WHrpcFC0d http://www.blkfence.com/s27k/?jPg8=rkgaiCJU3/PxhQ34LZviyD3FUF4aIN30Rtnx7Sh2laJQr1EMwvmKNq6J82ijchkqGalg+gl9&0rn=WHrpcFC0d
|
8
www.blkfence.com(108.163.217.86) www.recetasfaciles.online(199.59.243.224) www.amitravel.info(34.98.99.30) www.foreverenamored.com(185.181.104.242) - mailcious 199.59.243.224 - mailcious 108.163.217.86 185.181.104.242 - mailcious 34.98.99.30 - phishing
|
|
1
http://www.foreverenamored.com/s27k/
|
4.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9465 |
2023-08-15 10:33
|
chrme.exe 5b04c44af744f95bf670840cea457616 ASPack PE File PE32 VirusTotal Malware suspicious privilege sandbox evasion Browser ComputerName Remote Code Execution |
|
|
|
|
3.6 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|