| 9736 |
2024-05-23 18:09
|
 csrss.exe b616cc8c02b88cff3a1d36ab29673399
NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Ransomware |
|
|
|
|
4.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9737 |
2024-05-23 18:08
|
 1.hta a77becccca5571c00ebc9e516fd96ce8
AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.6 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9738 |
2024-05-23 18:06
|
 crypted.exe 5f3aeb71b5f03a122bce55ffc079fa63
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9739 |
2024-05-23 18:04
|
lionisthetruekingsofthejunglew... 0305665fe64e9a6f1ece3d43bc5d5112
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed |
2
http://www.synergyinnovationsgroup.com/amjEkz102.bin
http://192.3.109.164/5445/csrss.exe
|
3
www.synergyinnovationsgroup.com(199.217.106.226)
199.217.106.226 - mailcious
192.3.109.164 - malware
|
6
ET INFO Executable Download from dotted-quad Host
ET HUNTING Suspicious csrss.exe in URI
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9740 |
2024-05-23 18:04
|
 xin.exe ca039a10eadbf91b4d5363e4f1090141
AntiDebug AntiVM MSOffice File Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
17
widget.uservoice.com(104.17.27.92)
fonts.googleapis.com(74.125.203.95)
camo.githubusercontent.com(185.199.108.133)
www.google-analytics.com(142.250.76.142)
142.250.207.78
104.17.29.92
104.17.30.92
142.250.66.106
104.17.27.92
104.17.28.92
104.17.31.92
216.239.38.178
216.239.34.178
216.239.36.178
185.199.110.133 - malware
216.239.32.178
172.217.25.10
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9741 |
2024-05-23 09:51
|
lionisthekingofthejunglewhohav... 6aec8d3f4cf4fad632339f01c93cfd52
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
https://paste.ee/d/AiiY9
http://198.12.81.178/ma36/lionisthekingofthejunglewhichcanadvice.bmp
|
3
paste.ee(104.21.84.67) - mailcious
172.67.187.200 - mailcious
198.12.81.178 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9742 |
2024-05-23 09:49
|
lionisthekingofthejunglewhosur... 0185e99b23980e018cdb8575daa7aca0
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
https://paste.ee/d/d1fcB
http://103.182.19.148/36U/lioniskingofjungleimagesHDisthis.bmp
|
3
paste.ee(172.67.187.200) - mailcious
103.182.19.148 - malware
104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9743 |
2024-05-23 09:47
|
bluelinkimagesgreatwithlionpic... 579ae7684b44059c6df7f843af04fd72
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
2
https://paste.ee/d/VBx1m
http://198.12.81.178/rev44/importedlionsbluelinkimagesview.bmp
|
3
paste.ee(104.21.84.67) - mailcious
104.21.84.67 - malware
198.12.81.178 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9744 |
2024-05-23 09:46
|
lionshavethebeautiuflthingswhi... aee84865f46aa4a99f5298a9100c7965
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
2
https://paste.ee/d/KQnGa
http://107.172.148.210/XAMPP/kob/lionsbeautiuflpictureinHDquality.bmp
|
3
paste.ee(104.21.84.67) - mailcious
107.172.148.210 - malware
172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9745 |
2024-05-23 09:44
|
 wxijgyp.exe ca82319fef771a184d1f98750e5bbb21
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Browser Email ComputerName crashed |
1
http://ip-api.com/line/?fields=hosting
|
2
ip-api.com(208.95.112.1)
208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
|
6.8 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9746 |
2024-05-23 09:41
|
 gywervcyuj.exe d90f41701d76908bf5a1519fe7b99f23
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
1
|
2
api.ipify.org(104.26.12.205)
104.26.12.205
|
3
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
|
|
8.0 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9747 |
2024-05-23 09:39
|
 AGambXYA.exe 6983f7001de10f4d19fc2d794c3eb534
Malicious Library PE File PE32 VirusTotal Malware Check memory WriteConsoleW |
|
|
|
|
1.6 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9748 |
2024-05-23 09:39
|
 ngown.exe 66e5c9de148b496d53b2968c6a03c257
Process Kill Generic Malware Suspicious_Script_Bin Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed |
|
|
|
|
5.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9749 |
2024-05-23 09:37
|
 AAozznaq.exe a9438d893c19d866cf720a581c9476bc
Malicious Library PE File PE32 VirusTotal Malware crashed |
|
|
|
|
2.0 |
M |
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9750 |
2024-05-23 09:35
|
 downexcel.php cb04460ddd619b8c8ee5640700e68505
Downloader PE64 PE File DLL Checks debugger unpack itself suspicious process Tofsee crashed |
1
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt
|
2
www.siguefutbol.com(194.124.213.167)
194.124.213.167
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|