| 9781 |
2023-08-04 09:07
|
810000000%23%23%23%23%23%23%23... 925753e9dd326a0cedae8e21f0c23f14
MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed |
1
http://23.94.148.61/810/ChromeSetup.exe
|
1
|
5
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
3.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9782 |
2023-08-04 09:07
|
 ohoyeczx.exe f3ba23553ad0411c937414c4de068c5b
Gen1 email stealer Downloader UPX .NET framework(MSIL) Malicious Packer Malicious Library Escalate priviledges PWS DNS Code injection persistence KeyLogger AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 DLL Browser Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key crashed |
|
1
91.207.102.163 - mailcious
|
|
|
14.4 |
M |
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9783 |
2023-08-04 09:06
|
012004040003030030%23%23%23%23... 9196f5d37dd1750c7ab2ea6becaddbb9
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed |
6
http://www.eturnum.org/et9t/?XFkk=oGB2a62R5hQvo2E9fBkXawOuNKj3Dek6/gk22RSM/jZ849uvwjkHsue2s///UvCqJC6xkWcBqYeWgpc71Q83w80Z1Wi48i4g+hNU7Ic=&25vCm=ziVcI1CGgxu
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
http://www.eturnum.org/et9t/
http://23.94.148.61/800/ChromeSetup.exe
http://www.sdrfgjf04.sbs/et9t/
http://www.sdrfgjf04.sbs/et9t/?XFkk=fyGICc5TieCCYxLA9A3YXfgdgdyUYVbgq7FJ/PFTCWHsrK2PzodQNgOuC22hjbDQxS9NYwBdAOx0BZ+otaqny3v5VddjKMYrJbXKRJI=&25vCm=ziVcI1CGgxu
|
8
www.dmidevel.com(52.17.186.13)
www.eturnum.org(149.255.59.16)
www.sdrfgjf04.sbs(154.23.176.81)
149.255.59.16 - malware
154.23.176.81
52.17.186.13
45.33.6.223
23.94.148.61 - malware
|
5
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.6 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9784 |
2023-08-04 09:05
|
 update_SC.bat 9d383592178e4a3170a1e8e4772749ba
Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger Anti_VM AntiDebug AntiVM VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
4.4 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9785 |
2023-08-04 09:04
|
 ChromeSetup.exe 1ef8e255010d20c6343df3670cce06e6
Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
api.ipify.org(64.185.227.156)
173.231.16.76
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9786 |
2023-08-04 09:03
|
 a.bat e9da2dbc0577f419fcafa37a6b5a3faa
Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger Anti_VM AntiDebug AntiVM VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
4.4 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9787 |
2023-08-04 09:02
|
 IB_iso.exe d27e13ce5271639c09cf59b9f6eaee10
NSIS UPX Malicious Library PE File PE32 DLL FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder suspicious TLD DNS |
2
http://www.vinteligencia.com/sy22/?EZX0sf=bFBzPUMpurqsSaAEhywdCFYwBQqPS0zKvFatuRp4xXu+SuvLn4C9Xg+acXGhzE1ceHoH+Iro&qL3=gjnL3zDh_r
http://www.mercardosupltda.shop/sy22/?EZX0sf=3bMgBYp3T8Et67riN3kA3/aeujAUMemYR9Y/JjuHDcyhHg+qjpOYOJGYEHV0e9MGAbxHoQdS&qL3=gjnL3zDh_r
|
7
www.asgnelwin.com()
www.03ss.vip()
www.sofbks.top()
www.mercardosupltda.shop(154.49.247.55)
www.vinteligencia.com(104.21.52.110)
172.67.198.50
154.49.247.55
|
2
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE FormBook CnC Checkin (GET)
|
|
5.8 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9788 |
2023-08-04 09:02
|
 ChromeSetup.exe 4bf3697cc2dc73c5a4f5e9d66444d87d
NSIS Generic Malware UPX Malicious Library PE File PE32 DLL VirusTotal Malware AppData folder |
|
|
|
|
1.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9789 |
2023-08-04 09:00
|
000100000200003000004000050000... 4d3e4367bfd1e8e2adb2d90cd5f07399
MS_RTF_Obfuscation_Objects RTF File doc LokiBot Malware download VirusTotal Malware c&c Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed |
2
http://194.55.224.9/fresh1/five/fre.php
http://103.37.60.77/400/chrome.exe
|
2
103.37.60.77 - malware
194.55.224.9
|
12
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
4.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9790 |
2023-08-04 08:59
|
 ChromeSetups.exe 1892d8096709dd77655414e73ad6d25f
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9791 |
2023-08-04 08:58
|
 IBS_Cortana.exe 9cd26ed910554ae5b86e53ef892e7117
UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed |
|
|
|
|
3.4 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9792 |
2023-08-04 08:57
|
 utilsx.exe 413157ad1210bff496058fb2d23269c3
UPX Malicious Library PE64 PE File VirusTotal Malware Creates executable files Windows utilities WriteConsoleW Windows |
|
|
|
|
3.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9793 |
2023-08-03 16:52
|
 mount_U (1).cmd 589178271568a61598725543f1d56d47
Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM Check memory Windows utilities Check virtual network interfaces WriteConsoleW Windows |
1
http://saalzunit4.file.core.windows.net/
|
2
saalzunit4.file.core.windows.net(52.239.141.40)
52.239.141.40
|
|
|
3.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9794 |
2023-08-03 14:07
|
 smss.exe 6308cc22d136d3cc309205ca43233bec
Malicious Library PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.6 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9795 |
2023-08-03 13:57
|
pablozx.doc 1ed1a3c75c699312d7ecffaf02f7cfb8
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed |
1
http://2.59.254.18/_errorpages/pablozx.exe
|
2
2.59.254.18 - malware
62.102.148.185
|
5
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
4.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|