| 9856 |
2021-07-09 18:19
|
 strt.exe b214cee84b16aeb61636a83879b2fc9a
PWS .NET framework email stealer Generic Malware Malicious Packer DNS Socket Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS crashed |
|
1
|
|
|
12.8 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9857 |
2021-07-09 18:21
|
 rremit.exe 2f2570c8950c559876c0f5e68b47a03a
RAT Generic Malware PDF AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key crashed |
12
http://www.apmtrk.com/dkao/
http://www.punchandjudy.world/dkao/
http://www.fennel.life/dkao/?GXITO=1R+MGTrzrh9wg0iyyxd8N850lG7CTjyoypoygWbQkoKUPbc7VU8VDmRXO2tCzWEN7ulrJ3DS&Jt7=XPv4nRqP
http://www.gamblingtechintelligence.com/dkao/?GXITO=MXE2VtJ7Fo4hosq40s7o5Gb6Ku7gG0c1S7EHg0XRH6GvyO+aa1OLhg1lpqww8m7BivuDipB6&Jt7=XPv4nRqP
http://www.mitsubishi3s-saigon.com/dkao/
http://www.engineeringyourfi.com/dkao/?GXITO=jah6DQdcmki18eoKMUf+yVQkg8vwGKWocc1DYzlV4ahqccoj7fVYZlTgMYj3hjJa2cQsuYsy&Jt7=XPv4nRqP
http://www.gamblingtechintelligence.com/dkao/
http://www.engineeringyourfi.com/dkao/
http://www.mitsubishi3s-saigon.com/dkao/?GXITO=Z8LkfEnue97lQSidOFiccUZjcdY8S7xS7vIAY1UrYKbP5DA34VPhltV+QohXTHFmE2+V//AK&Jt7=XPv4nRqP
http://www.apmtrk.com/dkao/?GXITO=BP1fS3MMSahq3d+qNOazUt+FTqb3aZxzOPrNXxXBdZI3b0J/H7GVqgCf/GWzB31PSvyM67YL&Jt7=XPv4nRqP
http://www.punchandjudy.world/dkao/?GXITO=dTaSRiPfc0G6Gk0PZutJtF/VfjeAEQEHTYSysyM56DCXqRoND2+HpoQSaQWvcFJcsdOAvv9Q&Jt7=XPv4nRqP
http://www.fennel.life/dkao/
|
12
www.engineeringyourfi.com(31.170.166.182)
www.apmtrk.com(156.240.20.69)
www.fennel.life(34.102.136.180)
www.valentinefrazer.com()
www.punchandjudy.world(34.102.136.180)
www.mitsubishi3s-saigon.com(42.112.16.123)
www.gamblingtechintelligence.com(194.9.94.85)
156.240.20.69
42.112.16.123 - malware
34.102.136.180 - mailcious
194.9.94.86 - mailcious
31.170.166.182
|
|
|
9.8 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9858 |
2021-07-09 18:21
|
1.txt 175e623cb74600fba53df0db094894b0
ScreenShot AntiDebug AntiVM ELF VirusTotal Malware Check memory unpack itself DNS |
|
2
147.124.213.132
104.21.19.200
|
|
|
2.8 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9859 |
2021-07-09 18:22
|
 shell.exe 5e982c02cb02514fbbf943021003ae16
RAT Generic Malware Antivirus AntiDebug AntiVM PE32 OS Processor Check PE File .NET EXE VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key |
1
http://141.95.28.201/Eternalgeolongpoll.php?zmmU4y0BK0q7=pWRbeU&wHb5BPEN9v83zF=3ri&86283da538984625b0c0b7a1d601a43c=ba9080f7f667b6e443a9c41f6ee90437&d58ad9b66d8bd761c3897f13d132f6a0=wY3AzM2ITM5YWNmljN3UDO4YDN5gjYjljMhZTO3M2YmZTOilTY2cjN&zmmU4y0BK0q7=pWRbeU&wHb5BPEN9v83zF=3ri
|
1
|
|
|
12.2 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9860 |
2021-07-09 18:24
|
 01_extracted.exe 901cb4e371ce84b11a1b54eef6877acb
RAT Generic Malware UPX .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Cryptographic key |
2
https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-62BEDD3412B830284DE6BD1369CE9454.html
https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-7FC1D003FF6FD1A498E2B92CE1A09ECA.html
|
5
dash.cloudflare.com(104.17.111.184)
bakercost.gq(172.67.156.203)
104.17.111.184
104.21.13.164
104.17.110.184
|
|
|
6.4 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9861 |
2021-07-09 18:24
|
1a.txt 429164dbad09cd108d22105e628a3daa
ScreenShot AntiDebug AntiVM ELF VirusTotal Malware Check memory unpack itself DNS |
|
1
|
|
|
2.6 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9862 |
2021-07-09 18:26
|
 ETL_013265_511_0758.exe 9efd7cdf4c6ee05497ccd8de4588301b
PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs VMware IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(172.67.188.154)
checkip.dyndns.org(131.186.161.70)
131.186.161.70
104.21.19.200
|
|
|
14.6 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9863 |
2021-07-09 18:27
|
 app.dll f3be390b01c85970deeae124ca36ce2d
Generic Malware DLL PE32 OS Processor Check PE File VirusTotal Malware PDB MachineGuid ICMP traffic unpack itself ComputerName |
6
http://app.bighomegl.at/2xwPNaPWy1ZQiexiLbC6/VZ0GzYn7Pl8FGmoMK_2/F_2BmVt10PLNgWt6lgCkjZ/BQJaGkF5_2Bj2/WQk2vLCU/LVe9CiRaoW7DV4pZVQWpnOZ/v93d3I_2BO/snk70e4PO2P8yI7S3/FDNXnkjMgqfN/ssx_2BpUoFx/oWN5XIxgaRF3g6/7zZVvJTAYy9RIuxxE7_2F/E4_2BUZPu7ZpzK8K/KyosgQGgQ9Og3_2/Fq_2FFI_2BrekPPdWQ/LVGGqVTt6/UUoLX8uAy9wNYRtRVDrU/OdKLgk5lXT0ZTRQ9vBZ/10fuxVuwUS4Tz1WJiMsW6a/GYpAbcM5bYbiT/NLhLy71_2FFPbr5T/VtDd
http://gtr.antoinfer.com/84nY4wtJBmCucm9DepJToo/tGtvaSc2UVcDR/2zHlzO1F/bNkW36xdnhqYoRr7YBQcCNa/y93Q11QS9a/D8M_2ByJBHO9XlQca/n0ujUh20zcI9/JxJawuOL3k9/qfxd1yRLYOgD3c/1_2BR23dLn0o7lTOlQj6I/kUuwdswHQj7W4QHw/RX5E9sxU1Nf_2F_/2FCk0NWnZZALbW1qUN/3laNV7YkW/bzwdg6OC4ss5aY7xDZL0/DepNLT7uvNFMwSTHHfJ/uKwzVAwpPaOOwc9YjByXIP/qHz3wHqzdYAk1/Ks_2B6Hl/6S7a417_2FAxN9VWj_2Fu/i
http://gtr.antoinfer.com/x0jwbi_2BVmvEJ/YY788UXko9WdP0lwUg9z4/xlr6eiTfr0M5_2F_/2B0hv6DVnmCYhu9/xBeBELJQLY7LGafuS2/z2RiTrGJD/J7ilpXhwqBeUfihrroZj/75PMFlX8LLWp9_2FLuj/VP9Q9nczTM8JpiGHr_2Bsl/C0AUAdOLMj_2B/BOOsuxWQ/sGToIoAjZaqeTO1iS_2FD6Y/0lCNBNK1V2/4B6MXLmQ15_2FCAnG/Hk47_2F5FoI9/rrpFAK_2BSL/7_2FiPuxAedUkd/nhoiovuceGmnNgARH3TBI/udLsB2l1pS1UMDs_/2FFv5W7m_2BNYUS/AxCMP5Q_2FZBzQxvVQ/zgIxA4nIG/1CFhC38
http://app.bighomegl.at/k2XsNn4vNtbKN4bxM/cop2C8FLD9PQ/CIZDrhO4KbH/OEKMyhaO98VXTV/PdCUWIyDHFLKp_2BVqhyR/0oMHkaAYJpcU85cO/giOE9rYmV0qAJui/QzEO9VV5_2F5pR29Ko/Duva_2ByL/h3UWNQc1BSOW7Tv0hFEv/ozPQ_2BA8pr_2BwXOBQ/XMxOiuiw0_2BbxTN1C4C7T/U_2FU7vzVRo1y/3Opur3u_/2FD_2BwAWJgFY7JfA0YAmLg/sOto_2BflZ/kmF6_2BPE97VsUc6q/bRIzbX7qJLyG/ViK0hV0cJmx/XH4kEaBelmujO7/9zdTLa_2BuF0RLvgBGZNg/6vkXeVpV9j284H5Fcq3P/l
http://app.bighomegl.at/6PHRJExJgv9F3f/RKCmZ5SZKe2U6BzdtHmIg/b2mAWCKN8AlBapky/mwvBC3HeM3_2F7H/v9jEttxUzMvPWSf413/oDSl46mjD/GXmTB73zEAxAZybtTx5Q/ujdPaxD7506Nju1VLqn/LkT3ohS0LepSgyWTtS99GU/_2BTVBhdt8fiG/jU9_2FHC/Ya_2FfttFjtqRe0PbxWVe4M/4CuA6rJL_2/BVrvg2P0Bcd3X_2F5/jJ3GBttmpYNT/puVl6lw5ksU/4ltOesholmlw2Z/MQTQhMeDD2FupfpKz_2BP/OTzI7HG86CMXh9M3/Sxfg4ilUgQDTcjQ/sd6dZ5Z6MfaGCm/zMavyA
http://gtr.antoinfer.com/4mJue7_2FcPXhGPUkX1/rZFMwThbRasJYpzKNyzQzF/PSIg_2FXxk2wK/9Xz5OIly/Azc15kWESgqkvrg0YqgNbAB/ATDYoeq3xM/RBX01ZO_2BmeeEXMF/vj2wmHEa78z0/VHOqBBPXHyd/fS1ggK8erWH8nj/T0IfWVXaWZeufwtSbDUKQ/bMVoueTwDeGQ8L96/P1YqEr_2FPbvkPa/8PoIMYg_2BkG5matIU/Qv4oxHYee/VIrubMVZ3xhpW28NYWRR/nbNkiLj_2Fl7OhdObFa/4jnEr6P7bT_2Bk4uVTVD82/Vzy_2FWij6yj5/PpFiUfS_/2F4mgRqCJ3Tp_2BCJyaydDc/NSCEziz
|
3
gtr.antoinfer.com(165.232.183.49)
app.bighomegl.at(165.232.183.49)
165.232.183.49
|
|
|
3.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9864 |
2021-07-09 18:28
|
 PL_0260_63_108_117.exe d34220b859ea98b86761794b9e581d53
PWS Loki[b] Loki[m] .NET framework Generic Malware DNS AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
1
209.141.34.39 - mailcious
|
|
|
15.0 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9865 |
2021-07-09 18:29
|
 startuppp.exe 86494bc0ef5f71fa7364129fa22a9a8f
Malicious Library PE32 PE File DLL VirusTotal Malware AutoRuns Check memory Creates executable files AppData folder Windows |
|
|
|
|
3.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9866 |
2021-07-09 18:30
|
 FL_00185203246.exe 96d403623e4027119487b7c528f560a7
RAT Generic Malware SMTP KeyLogger PDF AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs VMware IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200)
checkip.dyndns.org(131.186.161.70)
162.88.193.70
104.21.19.200
|
|
|
14.8 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9867 |
2021-07-09 18:31
|
 start.exe 0a22bbcf3c149176032a88da9591c6c1
RAT Generic Malware PE64 PE File VirusTotal Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName |
2
https://raw.githubusercontent.com/UnamSanctam/SilentETHMiner/master/SilentETHMiner/Resources/ethminer.zip
https://github.com/UnamSanctam/SilentETHMiner/raw/master/SilentETHMiner/Resources/ethminer.zip
|
4
github.com(52.78.231.108) - mailcious
raw.githubusercontent.com(185.199.108.133) - malware
15.164.81.167 - malware
185.199.109.133 - mailcious
|
|
|
8.4 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9868 |
2021-07-09 18:32
|
 gunzipped.exe 6f283b376513b69168994c9deeebf4b4
Generic Malware Admin Tool (Sysinternals etc ...) .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9869 |
2021-07-09 18:33
|
 ETL_01605_511_0752.exe 71ea7e46efc155382d6d0b20d8bde755
PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs VMware IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
5
freegeoip.app(172.67.188.154)
checkip.dyndns.org(131.186.161.70)
216.146.43.70 - suspicious
15.164.81.167 - malware
104.21.19.200
|
|
|
14.8 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9870 |
2021-07-09 18:35
|
 schhosts.exe 2ed8294ecebf96b2271f6f962e8edd66
PE32 PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
2.8 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|