| 9616 |
2023-08-09 17:02
|
 setup294.exe bf6993bcabf40b1643e5d7abf6710762
UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 DLL PDB Code Injection Checks debugger unpack itself AppData folder Remote Code Execution |
|
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9617 |
2023-08-09 14:24
|
Pass1234_file.7z 8c849c3860d4cde88ae04546492f17dc
Vidar Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check DNS |
52
http://94.142.138.131/api/firegate.php - rule_id: 32650
http://94.142.138.131/api/firegate.php
http://193.233.254.61/loghub/master - rule_id: 35736
http://193.233.254.61/loghub/master
http://hugersi.com/dl/6523.exe - rule_id: 32660
http://hugersi.com/dl/6523.exe
http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705
http://zzz.fhauiehgha.com/m/okka25.exe
http://aa.imgjeoogbb.com/check/safe - rule_id: 34652
http://aa.imgjeoogbb.com/check/safe
http://65.21.187.146/
http://45.15.156.229/api/tracemap.php - rule_id: 33783
http://45.15.156.229/api/tracemap.php
http://aa.imgjeoogbb.com/check/?sid=294936&key=d9eb18658941edfb01ef7f4e4f3bcf60 - rule_id: 34651
http://aa.imgjeoogbb.com/check/?sid=294936&key=d9eb18658941edfb01ef7f4e4f3bcf60
http://95.214.25.207:3002/file.exe - rule_id: 35494
http://95.214.25.207:3002/file.exe
http://77.91.68.61/rock/index.php - rule_id: 35495
http://77.91.68.61/rock/index.php
http://65.21.187.146/43a6ce95ca0edbaf09babc2b3d43fe58
http://87.121.221.58/g.exe
http://apps.identrust.com/roots/dstrootcax3.p7c
http://94.142.138.131/api/tracemap.php - rule_id: 28311
http://94.142.138.131/api/tracemap.php
http://www.maxmind.com/geoip/v2.1/city/me
http://208.67.104.60/api/tracemap.php - rule_id: 28876
http://208.67.104.60/api/tracemap.php
http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482
http://us.imgjeoigaa.com/sts/imagc.jpg
http://65.21.187.146/files.zip
http://77.91.124.231/info/photo443.exe - rule_id: 35604
http://77.91.124.231/info/photo443.exe
http://176.113.115.84:8080/4.php - rule_id: 34795
http://176.113.115.84:8080/4.php
https://busell.store/setup294.exe
https://vk.com/doc801981293_667406864?hash=uZtMvR4ZNW8WKezoz5XxQw5zKDEIBGP5eVquLMZQIhs&dl=LPW7PFXZtcJLownI3eqGgO4ACOVJ8g7SlBJbPXo7NZX&api=1&no_preview=1#WW1
https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#test
https://sun6-23.userapi.com/c909228/u801981293/docs/d20/1c1fbf1bf284/fse.bmp?extra=4_jy8uhFMEaLDwCkNxpWmgh94F8cfoFaPIan-8Dtq-90eX9YgxglCma4ibrxupgDp67zjlLLmn3oM4vn_4Lcy60SuF-xbd7WtSmxPbbqXF5I2f8XPvKEFgk5TjKmCaLP5EtabfY2xp2fEb_GZg
https://vk.com/doc801981293_667454987?hash=kPpi9bC3rv9q7iZDCWdCIDMK6XFt1NWknu5RxXyxZST&dl=slQ3yZBhbXAyX5QrjOWy1faytAkizWc5WCVP1enGF7H&api=1&no_preview=1
https://steamcommunity.com/profiles/76561199532186526 - rule_id: 35698
https://steamcommunity.com/profiles/76561199532186526
https://sun6-21.userapi.com/c909618/u801981293/docs/d37/81a43648135e/WWW1.bmp?extra=t4h0dCojdHQ9CBRhBgSlMwlX__2pm62d9iqHWHxa4yaqyWbHETFz2CtZPAv8kaHxOrxQorbDrTi3sk1G5eP5MeAcS7R5Es1b2jwTgIL0nLizkKZJ7JW0MBNFmsH1raDTFmJzxnIIH3MnZK-iGw
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
https://sun6-23.userapi.com/c240331/u801981293/docs/d56/dab33f053e7c/PMmp.bmp?extra=a4Cg8XIbUtZZBJyBQCMW4u__V4MU2I7W7NYiQS3KlkgLS1hFGI4dFSeDqItPwxD9iGpDcky1Bw9Ddc2BJudwVjTqCJRs2To8Eqgtk_3_Zl4z_IY4-X2B8ePuzB7q8vf2ACOz8efgpXGK-A6v_Q
https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1
https://vk.com/doc801981293_667486594?hash=imfz8iVrsd0ACccnF0GZIUltD8XX5X3arwn4kxjKrGH&dl=7kNZPXNmlDfZM6XyNQJ0E5zKssx8LEYlz2E1h2FUgZk&api=1&no_preview=1#fse
https://sun6-20.userapi.com/c240331/u801981293/docs/d8/1f5ae35150b7/siddharthabuddh4_2.bmp?extra=B7BtTuv_7jmb8cCMaLam49APjJzrtiYZZzp3rziQku1r1BN59h4GUS5Dlv0sdMxlHC6wmC-J3k578d7Nsnx7pBDX6Oy74RUAIQXIuc0nfUwip49td2R-6P-iXhn7AazYaV5F2sSahyy5VRY36g
https://sun6-21.userapi.com/c909418/u801981293/docs/d20/1e2b07ec3a9d/test.bmp?extra=qMq_Hfaqw0yUQD5zYrK1RBqcLLfE3A2AU0FdG85zayvGWJs2ZFqVwwlittGHO2AiyIVbBEjb9ZK5L_1e_9_nKp7YReGxGKr0knhKpVpMJqu_rfIHNIML5L_f8elMCrbXg40EAQk9_-mEr-B2bw
https://db-ip.com/
https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#stats
https://vk.com/doc801981293_667588255?hash=D2CJ0xHL4AttqOVEQrcszbzjAqHflz5sitrNnCDwHML&dl=1MkLYb1Zn2lmLZ7wS6mD5tteEUeivr15Bnn3xZoovqk&api=1&no_preview=1
https://vk.com/doc801981293_667539838?hash=1wYO1Ous0beVWiHJAejgZ3eSHSzodvDxJWbbkFPgBQs&dl=SQxo7vjhnlb1LQCUeoVijfnKU0E3auPCNV18GmDNZC0&api=1&no_preview=1#test
|
59
t.me(149.154.167.99) - mailcious
sun6-23.userapi.com(95.142.206.3)
api.db-ip.com(104.26.4.15)
api.myip.com(104.26.8.59)
hugersi.com(91.215.85.147) - malware
steamcommunity.com(104.76.78.101) - mailcious
db-ip.com(104.26.5.15)
busell.store(172.67.159.178)
www.maxmind.com(104.17.214.67)
zzz.fhauiehgha.com(156.236.72.121) - mailcious
iplogger.org(148.251.234.83) - mailcious
ipinfo.io(34.117.59.81)
aa.imgjeoogbb.com(154.221.26.108) - mailcious
us.imgjeoigaa.com(103.100.211.218) - mailcious
fastpool.xyz(213.91.128.133) - mailcious
sun6-20.userapi.com(95.142.206.0) - mailcious
vk.com(93.186.225.194) - mailcious
vanaheim.cn(77.232.41.127)
sun6-21.userapi.com(95.142.206.1) - mailcious
iplis.ru(148.251.234.93) - mailcious
148.251.234.93 -
154.221.26.108 - mailcious
87.121.221.58 - malware
209.250.248.11
104.21.9.89
91.215.85.147 - malware
65.21.187.146
208.67.104.60 - mailcious
95.214.25.207 - malware
149.154.167.99 - mailcious
172.67.75.166
172.67.75.163
193.233.254.61 - mailcious
194.26.135.162 - mailcious
87.240.132.78 - mailcious
34.117.59.81
176.113.115.84 - mailcious
148.251.234.83
77.232.41.127
45.15.156.229 - mailcious
94.142.138.131 - mailcious
176.123.9.142 - mailcious
77.91.124.231 - malware
185.225.73.32
104.17.214.67
77.91.68.61 - malware
156.236.72.121 - mailcious
23.67.53.17
104.26.4.15
95.142.206.3
163.123.143.4 - mailcious
95.142.206.1 - mailcious
95.142.206.0 - mailcious
77.91.124.54
85.208.136.10 - mailcious
62.122.184.58
103.100.211.218 - malware
213.91.128.133 - mailcious
104.76.78.101 - mailcious
|
|
15
http://94.142.138.131/api/firegate.php
http://193.233.254.61/loghub/master
http://hugersi.com/dl/6523.exe
http://zzz.fhauiehgha.com/m/okka25.exe
http://aa.imgjeoogbb.com/check/safe
http://45.15.156.229/api/tracemap.php
http://aa.imgjeoogbb.com/check/
http://95.214.25.207:3002/file.exe
http://77.91.68.61/rock/index.php
http://94.142.138.131/api/tracemap.php
http://208.67.104.60/api/tracemap.php
http://us.imgjeoigaa.com/sts/imagc.jpg
http://77.91.124.231/info/photo443.exe
http://176.113.115.84:8080/4.php
https://steamcommunity.com/profiles/76561199532186526
|
6.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9618 |
2023-08-09 11:29
|
 MAINNODECPa.htm 4a8582251db1eb736e1dc4c60fed358e
Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key |
2
https://ccpan12.blogspot.com/////////atom.xml
https://d9e1c3dd-1fee-48c1-9089-09a70580408e.usrfiles.com/ugd/d9e1c3_4d127b508d68411bb32a1e039bce6288.txt
|
|
|
|
7.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9619 |
2023-08-09 11:24
|
 logszx.exe f0ffc9ea823029c0b1c45026306957d5
PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
smtp.quartziax.com(208.91.199.224) - mailcious
208.91.199.224 - mailcious
|
|
|
10.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9620 |
2023-08-09 11:21
|
 lnvoice#20336 ... 8280d77f1fe4f3ad7e067180f6cf1ad9VirusTotal Malware Check memory buffers extracted unpack itself suspicious process Interception |
2
https://www.mediafire.com/file/uobbc8hga4065u7/MAINNODECPa.htm/file
https://htmmaincpla.blogspot.com/atom.xml
|
6
htmmaincpla.blogspot.com(142.250.76.129)
download2357.mediafire.com(199.91.155.98)
www.mediafire.com(104.16.53.48) - mailcious
199.91.155.98
104.16.54.48 - mailcious
216.58.203.65
|
|
|
5.8 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9621 |
2023-08-09 11:14
|
Konni.lnk 49fbfece9d180b55661816d29fd2af8a
Generic Malware HWP PS PostScript Antivirus AntiDebug AntiVM GIF Format MSOffice File PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9622 |
2023-08-09 11:05
|
logszx.doc 2c6c2c3fbdd819ee45b543d6632f842f
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash Exploit DNS crashed |
1
http://2.59.254.18/_errorpages/logszx.exe
|
3
smtp.quartziax.com(208.91.198.143) - mailcious
208.91.198.143 - mailcious
2.59.254.18 - malware
|
|
|
4.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9623 |
2023-08-09 10:24
|
 ChromeSetup.exe fe2a74503249b20e4594656bb88db37d
Formbook AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
3
http://www.eturnum.org/et9t/?QPQHDCK=oGB2a62R5hQvo2E9fBkXawOuNKj3Dek6/gk22RSM/jZ849uvwjkHsue2s///UvCqJC6xkWcBqYeWgpc71Q83w80Z1Wi48i4g+hNU7Ic=&IFAuCS=2Z5zi9xD - rule_id: 35685
http://www.eturnum.org/et9t/ - rule_id: 35685
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip
|
6
www.dmidevel.com(34.250.27.150) - mailcious
www.eturnum.org(149.255.59.16) - mailcious
www.sdrfgjf04.sbs() - mailcious
149.255.59.16 - malware
52.17.186.13 - mailcious
45.33.6.223
|
|
2
http://www.eturnum.org/et9t/
http://www.eturnum.org/et9t/
|
9.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9624 |
2023-08-09 10:24
|
 soc64win.dll 62813c6cab9234e83949fcc563c33b57
VMProtect Malicious Library DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself DNS |
|
1
|
|
|
3.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9625 |
2023-08-09 09:35
|
hanacard.chm d74088ca99c5f2834e945e2330729d4c
Generic Malware Antivirus AntiDebug AntiVM CHM Format PowerShell BMP Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
10
http://em.hanacard.co.kr:8080/camp_img/e_footer.gif
http://em.hanacard.co.kr:8080/camp_img/e_header_03.gif
http://em.hanacard.co.kr:8080/camp_img/e_name_bottom.gif
http://safe.amail.co.kr/ems61/safemail.jpg?Q1VTVF9JRD1oYW5hY2FyZC5pbg==&UE9TVF9JRD0yMDIyMDMxNV8zNg==&TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&RU1BSUxfSUQ9ZGY4MzU0YWZjMDg0N2U1MTdiM2NiNDZlZGU5YmZmYmM4ODcxMTM2NzZmMGE1OTczZTlmZjc1MjU1MWI1ZmU=
http://em.hanacard.co.kr:8080/camp_img/ico_bull02.gif
http://em.hanacard.co.kr:8080/camp_img/e_footer_cs01.gif
http://em.hanacard.co.kr:8080/track/Check.jsp?TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1RfMDE=&UE9TVF9JRD0yMDIyMDMxNV8zNg==&VEM9MjAyMjAzMjI=&S0lORD1P
http://www.hanacard.co.kr/js/cmn/wl6.js
https://www.hanacard.co.kr/js/cmn/wl6.js
https://jutise.fun/aypbr
|
6
safe.amail.co.kr(119.207.76.21)
em.hanacard.co.kr(211.51.103.50)
www.hanacard.co.kr(1.235.101.20)
211.51.103.50
1.235.101.20
119.207.76.21
|
|
|
9.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9626 |
2023-08-09 09:29
|
 payment.exe 4f11205da3e4d05588bcb5a6e518c1df
UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9627 |
2023-08-09 09:29
|
000000000000000%23%23%23%23%23... b5851205722f0379cef7fa7f56e9c2c2
Formbook MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
4
http://23.94.148.61/598/ChromeSetup.exe
http://www.eturnum.org/et9t/?pX7nMhZ=oGB2a62R5hQvo2E9fBkXawOuNKj3Dek6/gk22RSM/jZ849uvwjkHsue2s///UvCqJC6xkWcBqYeWgpc71Q83w80Z1Wi48i4g+hNU7Ic=&4KNm0j=RN6a - rule_id: 35685
http://www.eturnum.org/et9t/ - rule_id: 35685
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
|
7
www.dmidevel.com(52.17.186.13) - mailcious
www.eturnum.org(149.255.59.16) - mailcious
www.sdrfgjf04.sbs() - mailcious
149.255.59.16 - malware
23.94.148.61 - malware
34.250.27.150
45.33.6.223
|
|
2
http://www.eturnum.org/et9t/
http://www.eturnum.org/et9t/
|
5.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9628 |
2023-08-09 09:26
|
 Ahdlcrjjdjdlgf.exe 053052690586782a411f46ec2bf255fb
Hide_EXE UPX Malicious Library Malicious Packer MZP Format PE File PE32 VirusTotal Malware RWX flags setting unpack itself |
|
|
|
|
2.4 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9629 |
2023-08-09 09:26
|
 file.exe 01da8f20a8cd019b4d7e54a5fc46f609
UPX Malicious Library OS Processor Check PE File PE32 unpack itself Remote Code Execution |
|
|
|
|
1.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9630 |
2023-08-09 09:24
|
 BR.exe 608638750dcc078dbd10555303bcce9f
Themida Packer UPX Anti_VM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed |
|
1
95.143.190.57 - mailcious
|
|
|
10.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|