9616 |
2023-08-09 17:02
|
setup294.exe bf6993bcabf40b1643e5d7abf6710762 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 DLL PDB Code Injection Checks debugger unpack itself AppData folder Remote Code Execution |
|
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9617 |
2023-08-09 14:24
|
Pass1234_file.7z 8c849c3860d4cde88ae04546492f17dc Vidar Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check DNS |
52
http://94.142.138.131/api/firegate.php - rule_id: 32650 http://94.142.138.131/api/firegate.php http://193.233.254.61/loghub/master - rule_id: 35736 http://193.233.254.61/loghub/master http://hugersi.com/dl/6523.exe - rule_id: 32660 http://hugersi.com/dl/6523.exe http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705 http://zzz.fhauiehgha.com/m/okka25.exe http://aa.imgjeoogbb.com/check/safe - rule_id: 34652 http://aa.imgjeoogbb.com/check/safe http://65.21.187.146/ http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://45.15.156.229/api/tracemap.php http://aa.imgjeoogbb.com/check/?sid=294936&key=d9eb18658941edfb01ef7f4e4f3bcf60 - rule_id: 34651 http://aa.imgjeoogbb.com/check/?sid=294936&key=d9eb18658941edfb01ef7f4e4f3bcf60 http://95.214.25.207:3002/file.exe - rule_id: 35494 http://95.214.25.207:3002/file.exe http://77.91.68.61/rock/index.php - rule_id: 35495 http://77.91.68.61/rock/index.php http://65.21.187.146/43a6ce95ca0edbaf09babc2b3d43fe58 http://87.121.221.58/g.exe http://apps.identrust.com/roots/dstrootcax3.p7c http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://94.142.138.131/api/tracemap.php http://www.maxmind.com/geoip/v2.1/city/me http://208.67.104.60/api/tracemap.php - rule_id: 28876 http://208.67.104.60/api/tracemap.php http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482 http://us.imgjeoigaa.com/sts/imagc.jpg http://65.21.187.146/files.zip http://77.91.124.231/info/photo443.exe - rule_id: 35604 http://77.91.124.231/info/photo443.exe http://176.113.115.84:8080/4.php - rule_id: 34795 http://176.113.115.84:8080/4.php https://busell.store/setup294.exe https://vk.com/doc801981293_667406864?hash=uZtMvR4ZNW8WKezoz5XxQw5zKDEIBGP5eVquLMZQIhs&dl=LPW7PFXZtcJLownI3eqGgO4ACOVJ8g7SlBJbPXo7NZX&api=1&no_preview=1#WW1 https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#test https://sun6-23.userapi.com/c909228/u801981293/docs/d20/1c1fbf1bf284/fse.bmp?extra=4_jy8uhFMEaLDwCkNxpWmgh94F8cfoFaPIan-8Dtq-90eX9YgxglCma4ibrxupgDp67zjlLLmn3oM4vn_4Lcy60SuF-xbd7WtSmxPbbqXF5I2f8XPvKEFgk5TjKmCaLP5EtabfY2xp2fEb_GZg https://vk.com/doc801981293_667454987?hash=kPpi9bC3rv9q7iZDCWdCIDMK6XFt1NWknu5RxXyxZST&dl=slQ3yZBhbXAyX5QrjOWy1faytAkizWc5WCVP1enGF7H&api=1&no_preview=1 https://steamcommunity.com/profiles/76561199532186526 - rule_id: 35698 https://steamcommunity.com/profiles/76561199532186526 https://sun6-21.userapi.com/c909618/u801981293/docs/d37/81a43648135e/WWW1.bmp?extra=t4h0dCojdHQ9CBRhBgSlMwlX__2pm62d9iqHWHxa4yaqyWbHETFz2CtZPAv8kaHxOrxQorbDrTi3sk1G5eP5MeAcS7R5Es1b2jwTgIL0nLizkKZJ7JW0MBNFmsH1raDTFmJzxnIIH3MnZK-iGw https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://sun6-23.userapi.com/c240331/u801981293/docs/d56/dab33f053e7c/PMmp.bmp?extra=a4Cg8XIbUtZZBJyBQCMW4u__V4MU2I7W7NYiQS3KlkgLS1hFGI4dFSeDqItPwxD9iGpDcky1Bw9Ddc2BJudwVjTqCJRs2To8Eqgtk_3_Zl4z_IY4-X2B8ePuzB7q8vf2ACOz8efgpXGK-A6v_Q https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 https://vk.com/doc801981293_667486594?hash=imfz8iVrsd0ACccnF0GZIUltD8XX5X3arwn4kxjKrGH&dl=7kNZPXNmlDfZM6XyNQJ0E5zKssx8LEYlz2E1h2FUgZk&api=1&no_preview=1#fse https://sun6-20.userapi.com/c240331/u801981293/docs/d8/1f5ae35150b7/siddharthabuddh4_2.bmp?extra=B7BtTuv_7jmb8cCMaLam49APjJzrtiYZZzp3rziQku1r1BN59h4GUS5Dlv0sdMxlHC6wmC-J3k578d7Nsnx7pBDX6Oy74RUAIQXIuc0nfUwip49td2R-6P-iXhn7AazYaV5F2sSahyy5VRY36g https://sun6-21.userapi.com/c909418/u801981293/docs/d20/1e2b07ec3a9d/test.bmp?extra=qMq_Hfaqw0yUQD5zYrK1RBqcLLfE3A2AU0FdG85zayvGWJs2ZFqVwwlittGHO2AiyIVbBEjb9ZK5L_1e_9_nKp7YReGxGKr0knhKpVpMJqu_rfIHNIML5L_f8elMCrbXg40EAQk9_-mEr-B2bw https://db-ip.com/ https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#stats https://vk.com/doc801981293_667588255?hash=D2CJ0xHL4AttqOVEQrcszbzjAqHflz5sitrNnCDwHML&dl=1MkLYb1Zn2lmLZ7wS6mD5tteEUeivr15Bnn3xZoovqk&api=1&no_preview=1 https://vk.com/doc801981293_667539838?hash=1wYO1Ous0beVWiHJAejgZ3eSHSzodvDxJWbbkFPgBQs&dl=SQxo7vjhnlb1LQCUeoVijfnKU0E3auPCNV18GmDNZC0&api=1&no_preview=1#test
|
59
t.me(149.154.167.99) - mailcious sun6-23.userapi.com(95.142.206.3) api.db-ip.com(104.26.4.15) api.myip.com(104.26.8.59) hugersi.com(91.215.85.147) - malware steamcommunity.com(104.76.78.101) - mailcious db-ip.com(104.26.5.15) busell.store(172.67.159.178) www.maxmind.com(104.17.214.67) zzz.fhauiehgha.com(156.236.72.121) - mailcious iplogger.org(148.251.234.83) - mailcious ipinfo.io(34.117.59.81) aa.imgjeoogbb.com(154.221.26.108) - mailcious us.imgjeoigaa.com(103.100.211.218) - mailcious fastpool.xyz(213.91.128.133) - mailcious sun6-20.userapi.com(95.142.206.0) - mailcious vk.com(93.186.225.194) - mailcious vanaheim.cn(77.232.41.127) sun6-21.userapi.com(95.142.206.1) - mailcious iplis.ru(148.251.234.93) - mailcious 148.251.234.93 - 154.221.26.108 - mailcious 87.121.221.58 - malware 209.250.248.11 104.21.9.89 91.215.85.147 - malware 65.21.187.146 208.67.104.60 - mailcious 95.214.25.207 - malware 149.154.167.99 - mailcious 172.67.75.166 172.67.75.163 193.233.254.61 - mailcious 194.26.135.162 - mailcious 87.240.132.78 - mailcious 34.117.59.81 176.113.115.84 - mailcious 148.251.234.83 77.232.41.127 45.15.156.229 - mailcious 94.142.138.131 - mailcious 176.123.9.142 - mailcious 77.91.124.231 - malware 185.225.73.32 104.17.214.67 77.91.68.61 - malware 156.236.72.121 - mailcious 23.67.53.17 104.26.4.15 95.142.206.3 163.123.143.4 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 77.91.124.54 85.208.136.10 - mailcious 62.122.184.58 103.100.211.218 - malware 213.91.128.133 - mailcious 104.76.78.101 - mailcious
|
|
15
http://94.142.138.131/api/firegate.php http://193.233.254.61/loghub/master http://hugersi.com/dl/6523.exe http://zzz.fhauiehgha.com/m/okka25.exe http://aa.imgjeoogbb.com/check/safe http://45.15.156.229/api/tracemap.php http://aa.imgjeoogbb.com/check/ http://95.214.25.207:3002/file.exe http://77.91.68.61/rock/index.php http://94.142.138.131/api/tracemap.php http://208.67.104.60/api/tracemap.php http://us.imgjeoigaa.com/sts/imagc.jpg http://77.91.124.231/info/photo443.exe http://176.113.115.84:8080/4.php https://steamcommunity.com/profiles/76561199532186526
|
6.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9618 |
2023-08-09 11:29
|
MAINNODECPa.htm 4a8582251db1eb736e1dc4c60fed358e Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key |
2
https://ccpan12.blogspot.com/////////atom.xml
https://d9e1c3dd-1fee-48c1-9089-09a70580408e.usrfiles.com/ugd/d9e1c3_4d127b508d68411bb32a1e039bce6288.txt
|
|
|
|
7.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9619 |
2023-08-09 11:24
|
logszx.exe f0ffc9ea823029c0b1c45026306957d5 PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
smtp.quartziax.com(208.91.199.224) - mailcious 208.91.199.224 - mailcious
|
|
|
10.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9620 |
2023-08-09 11:21
|
lnvoice#20336 ... 8280d77f1fe4f3ad7e067180f6cf1ad9VirusTotal Malware Check memory buffers extracted unpack itself suspicious process Interception |
2
https://www.mediafire.com/file/uobbc8hga4065u7/MAINNODECPa.htm/file https://htmmaincpla.blogspot.com/atom.xml
|
6
htmmaincpla.blogspot.com(142.250.76.129) download2357.mediafire.com(199.91.155.98) www.mediafire.com(104.16.53.48) - mailcious 199.91.155.98 104.16.54.48 - mailcious 216.58.203.65
|
|
|
5.8 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9621 |
2023-08-09 11:14
|
Konni.lnk 49fbfece9d180b55661816d29fd2af8a Generic Malware HWP PS PostScript Antivirus AntiDebug AntiVM GIF Format MSOffice File PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9622 |
2023-08-09 11:05
|
logszx.doc 2c6c2c3fbdd819ee45b543d6632f842f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash Exploit DNS crashed |
1
http://2.59.254.18/_errorpages/logszx.exe
|
3
smtp.quartziax.com(208.91.198.143) - mailcious 208.91.198.143 - mailcious 2.59.254.18 - malware
|
|
|
4.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9623 |
2023-08-09 10:24
|
ChromeSetup.exe fe2a74503249b20e4594656bb88db37d Formbook AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
3
http://www.eturnum.org/et9t/?QPQHDCK=oGB2a62R5hQvo2E9fBkXawOuNKj3Dek6/gk22RSM/jZ849uvwjkHsue2s///UvCqJC6xkWcBqYeWgpc71Q83w80Z1Wi48i4g+hNU7Ic=&IFAuCS=2Z5zi9xD - rule_id: 35685 http://www.eturnum.org/et9t/ - rule_id: 35685 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip
|
6
www.dmidevel.com(34.250.27.150) - mailcious www.eturnum.org(149.255.59.16) - mailcious www.sdrfgjf04.sbs() - mailcious 149.255.59.16 - malware 52.17.186.13 - mailcious 45.33.6.223
|
|
2
http://www.eturnum.org/et9t/ http://www.eturnum.org/et9t/
|
9.8 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9624 |
2023-08-09 10:24
|
soc64win.dll 62813c6cab9234e83949fcc563c33b57 VMProtect Malicious Library DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself DNS |
|
1
|
|
|
3.8 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9625 |
2023-08-09 09:35
|
hanacard.chm d74088ca99c5f2834e945e2330729d4c Generic Malware Antivirus AntiDebug AntiVM CHM Format PowerShell BMP Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
10
http://em.hanacard.co.kr:8080/camp_img/e_footer.gif
http://em.hanacard.co.kr:8080/camp_img/e_header_03.gif
http://em.hanacard.co.kr:8080/camp_img/e_name_bottom.gif
http://safe.amail.co.kr/ems61/safemail.jpg?Q1VTVF9JRD1oYW5hY2FyZC5pbg==&UE9TVF9JRD0yMDIyMDMxNV8zNg==&TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&RU1BSUxfSUQ9ZGY4MzU0YWZjMDg0N2U1MTdiM2NiNDZlZGU5YmZmYmM4ODcxMTM2NzZmMGE1OTczZTlmZjc1MjU1MWI1ZmU=
http://em.hanacard.co.kr:8080/camp_img/ico_bull02.gif
http://em.hanacard.co.kr:8080/camp_img/e_footer_cs01.gif
http://em.hanacard.co.kr:8080/track/Check.jsp?TV9JRD04NjAyMjYxQTAwOTI0XzE4MjMzMTU=&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1RfMDE=&UE9TVF9JRD0yMDIyMDMxNV8zNg==&VEM9MjAyMjAzMjI=&S0lORD1P
http://www.hanacard.co.kr/js/cmn/wl6.js
https://www.hanacard.co.kr/js/cmn/wl6.js
https://jutise.fun/aypbr
|
6
safe.amail.co.kr(119.207.76.21)
em.hanacard.co.kr(211.51.103.50)
www.hanacard.co.kr(1.235.101.20) 211.51.103.50
1.235.101.20
119.207.76.21
|
|
|
9.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9626 |
2023-08-09 09:29
|
payment.exe 4f11205da3e4d05588bcb5a6e518c1df UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9627 |
2023-08-09 09:29
|
000000000000000%23%23%23%23%23... b5851205722f0379cef7fa7f56e9c2c2 Formbook MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
4
http://23.94.148.61/598/ChromeSetup.exe http://www.eturnum.org/et9t/?pX7nMhZ=oGB2a62R5hQvo2E9fBkXawOuNKj3Dek6/gk22RSM/jZ849uvwjkHsue2s///UvCqJC6xkWcBqYeWgpc71Q83w80Z1Wi48i4g+hNU7Ic=&4KNm0j=RN6a - rule_id: 35685 http://www.eturnum.org/et9t/ - rule_id: 35685 http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
|
7
www.dmidevel.com(52.17.186.13) - mailcious www.eturnum.org(149.255.59.16) - mailcious www.sdrfgjf04.sbs() - mailcious 149.255.59.16 - malware 23.94.148.61 - malware 34.250.27.150 45.33.6.223
|
|
2
http://www.eturnum.org/et9t/ http://www.eturnum.org/et9t/
|
5.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9628 |
2023-08-09 09:26
|
Ahdlcrjjdjdlgf.exe 053052690586782a411f46ec2bf255fb Hide_EXE UPX Malicious Library Malicious Packer MZP Format PE File PE32 VirusTotal Malware RWX flags setting unpack itself |
|
|
|
|
2.4 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9629 |
2023-08-09 09:26
|
file.exe 01da8f20a8cd019b4d7e54a5fc46f609 UPX Malicious Library OS Processor Check PE File PE32 unpack itself Remote Code Execution |
|
|
|
|
1.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9630 |
2023-08-09 09:24
|
BR.exe 608638750dcc078dbd10555303bcce9f Themida Packer UPX Anti_VM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed |
|
1
95.143.190.57 - mailcious
|
|
|
10.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|