9856 |
2021-07-09 18:19
|
strt.exe b214cee84b16aeb61636a83879b2fc9a PWS .NET framework email stealer Generic Malware Malicious Packer DNS Socket Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS crashed |
|
1
|
|
|
12.8 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9857 |
2021-07-09 18:21
|
rremit.exe 2f2570c8950c559876c0f5e68b47a03a RAT Generic Malware PDF AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Cryptographic key crashed |
12
http://www.apmtrk.com/dkao/ http://www.punchandjudy.world/dkao/ http://www.fennel.life/dkao/?GXITO=1R+MGTrzrh9wg0iyyxd8N850lG7CTjyoypoygWbQkoKUPbc7VU8VDmRXO2tCzWEN7ulrJ3DS&Jt7=XPv4nRqP http://www.gamblingtechintelligence.com/dkao/?GXITO=MXE2VtJ7Fo4hosq40s7o5Gb6Ku7gG0c1S7EHg0XRH6GvyO+aa1OLhg1lpqww8m7BivuDipB6&Jt7=XPv4nRqP http://www.mitsubishi3s-saigon.com/dkao/ http://www.engineeringyourfi.com/dkao/?GXITO=jah6DQdcmki18eoKMUf+yVQkg8vwGKWocc1DYzlV4ahqccoj7fVYZlTgMYj3hjJa2cQsuYsy&Jt7=XPv4nRqP http://www.gamblingtechintelligence.com/dkao/ http://www.engineeringyourfi.com/dkao/ http://www.mitsubishi3s-saigon.com/dkao/?GXITO=Z8LkfEnue97lQSidOFiccUZjcdY8S7xS7vIAY1UrYKbP5DA34VPhltV+QohXTHFmE2+V//AK&Jt7=XPv4nRqP http://www.apmtrk.com/dkao/?GXITO=BP1fS3MMSahq3d+qNOazUt+FTqb3aZxzOPrNXxXBdZI3b0J/H7GVqgCf/GWzB31PSvyM67YL&Jt7=XPv4nRqP http://www.punchandjudy.world/dkao/?GXITO=dTaSRiPfc0G6Gk0PZutJtF/VfjeAEQEHTYSysyM56DCXqRoND2+HpoQSaQWvcFJcsdOAvv9Q&Jt7=XPv4nRqP http://www.fennel.life/dkao/
|
12
www.engineeringyourfi.com(31.170.166.182) www.apmtrk.com(156.240.20.69) www.fennel.life(34.102.136.180) www.valentinefrazer.com() www.punchandjudy.world(34.102.136.180) www.mitsubishi3s-saigon.com(42.112.16.123) www.gamblingtechintelligence.com(194.9.94.85) 156.240.20.69 42.112.16.123 - malware 34.102.136.180 - mailcious 194.9.94.86 - mailcious 31.170.166.182
|
|
|
9.8 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9858 |
2021-07-09 18:21
|
1.txt 175e623cb74600fba53df0db094894b0 ScreenShot AntiDebug AntiVM ELF VirusTotal Malware Check memory unpack itself DNS |
|
2
147.124.213.132 104.21.19.200
|
|
|
2.8 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9859 |
2021-07-09 18:22
|
shell.exe 5e982c02cb02514fbbf943021003ae16 RAT Generic Malware Antivirus AntiDebug AntiVM PE32 OS Processor Check PE File .NET EXE VirusTotal Malware powershell AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key |
1
http://141.95.28.201/Eternalgeolongpoll.php?zmmU4y0BK0q7=pWRbeU&wHb5BPEN9v83zF=3ri&86283da538984625b0c0b7a1d601a43c=ba9080f7f667b6e443a9c41f6ee90437&d58ad9b66d8bd761c3897f13d132f6a0=wY3AzM2ITM5YWNmljN3UDO4YDN5gjYjljMhZTO3M2YmZTOilTY2cjN&zmmU4y0BK0q7=pWRbeU&wHb5BPEN9v83zF=3ri
|
1
|
|
|
12.2 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9860 |
2021-07-09 18:24
|
01_extracted.exe 901cb4e371ce84b11a1b54eef6877acb RAT Generic Malware UPX .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Cryptographic key |
2
https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-62BEDD3412B830284DE6BD1369CE9454.html https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-7FC1D003FF6FD1A498E2B92CE1A09ECA.html
|
5
dash.cloudflare.com(104.17.111.184) bakercost.gq(172.67.156.203) 104.17.111.184 104.21.13.164 104.17.110.184
|
|
|
6.4 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9861 |
2021-07-09 18:24
|
1a.txt 429164dbad09cd108d22105e628a3daa ScreenShot AntiDebug AntiVM ELF VirusTotal Malware Check memory unpack itself DNS |
|
1
|
|
|
2.6 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9862 |
2021-07-09 18:26
|
ETL_013265_511_0758.exe 9efd7cdf4c6ee05497ccd8de4588301b PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs VMware IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(172.67.188.154) checkip.dyndns.org(131.186.161.70) 131.186.161.70 104.21.19.200
|
|
|
14.6 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9863 |
2021-07-09 18:27
|
app.dll f3be390b01c85970deeae124ca36ce2d Generic Malware DLL PE32 OS Processor Check PE File VirusTotal Malware PDB MachineGuid ICMP traffic unpack itself ComputerName |
6
http://app.bighomegl.at/2xwPNaPWy1ZQiexiLbC6/VZ0GzYn7Pl8FGmoMK_2/F_2BmVt10PLNgWt6lgCkjZ/BQJaGkF5_2Bj2/WQk2vLCU/LVe9CiRaoW7DV4pZVQWpnOZ/v93d3I_2BO/snk70e4PO2P8yI7S3/FDNXnkjMgqfN/ssx_2BpUoFx/oWN5XIxgaRF3g6/7zZVvJTAYy9RIuxxE7_2F/E4_2BUZPu7ZpzK8K/KyosgQGgQ9Og3_2/Fq_2FFI_2BrekPPdWQ/LVGGqVTt6/UUoLX8uAy9wNYRtRVDrU/OdKLgk5lXT0ZTRQ9vBZ/10fuxVuwUS4Tz1WJiMsW6a/GYpAbcM5bYbiT/NLhLy71_2FFPbr5T/VtDd http://gtr.antoinfer.com/84nY4wtJBmCucm9DepJToo/tGtvaSc2UVcDR/2zHlzO1F/bNkW36xdnhqYoRr7YBQcCNa/y93Q11QS9a/D8M_2ByJBHO9XlQca/n0ujUh20zcI9/JxJawuOL3k9/qfxd1yRLYOgD3c/1_2BR23dLn0o7lTOlQj6I/kUuwdswHQj7W4QHw/RX5E9sxU1Nf_2F_/2FCk0NWnZZALbW1qUN/3laNV7YkW/bzwdg6OC4ss5aY7xDZL0/DepNLT7uvNFMwSTHHfJ/uKwzVAwpPaOOwc9YjByXIP/qHz3wHqzdYAk1/Ks_2B6Hl/6S7a417_2FAxN9VWj_2Fu/i http://gtr.antoinfer.com/x0jwbi_2BVmvEJ/YY788UXko9WdP0lwUg9z4/xlr6eiTfr0M5_2F_/2B0hv6DVnmCYhu9/xBeBELJQLY7LGafuS2/z2RiTrGJD/J7ilpXhwqBeUfihrroZj/75PMFlX8LLWp9_2FLuj/VP9Q9nczTM8JpiGHr_2Bsl/C0AUAdOLMj_2B/BOOsuxWQ/sGToIoAjZaqeTO1iS_2FD6Y/0lCNBNK1V2/4B6MXLmQ15_2FCAnG/Hk47_2F5FoI9/rrpFAK_2BSL/7_2FiPuxAedUkd/nhoiovuceGmnNgARH3TBI/udLsB2l1pS1UMDs_/2FFv5W7m_2BNYUS/AxCMP5Q_2FZBzQxvVQ/zgIxA4nIG/1CFhC38 http://app.bighomegl.at/k2XsNn4vNtbKN4bxM/cop2C8FLD9PQ/CIZDrhO4KbH/OEKMyhaO98VXTV/PdCUWIyDHFLKp_2BVqhyR/0oMHkaAYJpcU85cO/giOE9rYmV0qAJui/QzEO9VV5_2F5pR29Ko/Duva_2ByL/h3UWNQc1BSOW7Tv0hFEv/ozPQ_2BA8pr_2BwXOBQ/XMxOiuiw0_2BbxTN1C4C7T/U_2FU7vzVRo1y/3Opur3u_/2FD_2BwAWJgFY7JfA0YAmLg/sOto_2BflZ/kmF6_2BPE97VsUc6q/bRIzbX7qJLyG/ViK0hV0cJmx/XH4kEaBelmujO7/9zdTLa_2BuF0RLvgBGZNg/6vkXeVpV9j284H5Fcq3P/l http://app.bighomegl.at/6PHRJExJgv9F3f/RKCmZ5SZKe2U6BzdtHmIg/b2mAWCKN8AlBapky/mwvBC3HeM3_2F7H/v9jEttxUzMvPWSf413/oDSl46mjD/GXmTB73zEAxAZybtTx5Q/ujdPaxD7506Nju1VLqn/LkT3ohS0LepSgyWTtS99GU/_2BTVBhdt8fiG/jU9_2FHC/Ya_2FfttFjtqRe0PbxWVe4M/4CuA6rJL_2/BVrvg2P0Bcd3X_2F5/jJ3GBttmpYNT/puVl6lw5ksU/4ltOesholmlw2Z/MQTQhMeDD2FupfpKz_2BP/OTzI7HG86CMXh9M3/Sxfg4ilUgQDTcjQ/sd6dZ5Z6MfaGCm/zMavyA http://gtr.antoinfer.com/4mJue7_2FcPXhGPUkX1/rZFMwThbRasJYpzKNyzQzF/PSIg_2FXxk2wK/9Xz5OIly/Azc15kWESgqkvrg0YqgNbAB/ATDYoeq3xM/RBX01ZO_2BmeeEXMF/vj2wmHEa78z0/VHOqBBPXHyd/fS1ggK8erWH8nj/T0IfWVXaWZeufwtSbDUKQ/bMVoueTwDeGQ8L96/P1YqEr_2FPbvkPa/8PoIMYg_2BkG5matIU/Qv4oxHYee/VIrubMVZ3xhpW28NYWRR/nbNkiLj_2Fl7OhdObFa/4jnEr6P7bT_2Bk4uVTVD82/Vzy_2FWij6yj5/PpFiUfS_/2F4mgRqCJ3Tp_2BCJyaydDc/NSCEziz
|
3
gtr.antoinfer.com(165.232.183.49) app.bighomegl.at(165.232.183.49) 165.232.183.49
|
|
|
3.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9864 |
2021-07-09 18:28
|
PL_0260_63_108_117.exe d34220b859ea98b86761794b9e581d53 PWS Loki[b] Loki[m] .NET framework Generic Malware DNS AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
1
209.141.34.39 - mailcious
|
|
|
15.0 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9865 |
2021-07-09 18:29
|
startuppp.exe 86494bc0ef5f71fa7364129fa22a9a8f Malicious Library PE32 PE File DLL VirusTotal Malware AutoRuns Check memory Creates executable files AppData folder Windows |
|
|
|
|
3.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9866 |
2021-07-09 18:30
|
FL_00185203246.exe 96d403623e4027119487b7c528f560a7 RAT Generic Malware SMTP KeyLogger PDF AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs VMware IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200) checkip.dyndns.org(131.186.161.70) 162.88.193.70 104.21.19.200
|
|
|
14.8 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9867 |
2021-07-09 18:31
|
start.exe 0a22bbcf3c149176032a88da9591c6c1 RAT Generic Malware PE64 PE File VirusTotal Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName |
2
https://raw.githubusercontent.com/UnamSanctam/SilentETHMiner/master/SilentETHMiner/Resources/ethminer.zip https://github.com/UnamSanctam/SilentETHMiner/raw/master/SilentETHMiner/Resources/ethminer.zip
|
4
github.com(52.78.231.108) - mailcious raw.githubusercontent.com(185.199.108.133) - malware 15.164.81.167 - malware 185.199.109.133 - mailcious
|
|
|
8.4 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9868 |
2021-07-09 18:32
|
gunzipped.exe 6f283b376513b69168994c9deeebf4b4 Generic Malware Admin Tool (Sysinternals etc ...) .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9869 |
2021-07-09 18:33
|
ETL_01605_511_0752.exe 71ea7e46efc155382d6d0b20d8bde755 PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs VMware IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/ https://freegeoip.app/xml/175.208.134.150
|
5
freegeoip.app(172.67.188.154) checkip.dyndns.org(131.186.161.70) 216.146.43.70 - suspicious 15.164.81.167 - malware 104.21.19.200
|
|
|
14.8 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9870 |
2021-07-09 18:35
|
schhosts.exe 2ed8294ecebf96b2271f6f962e8edd66 PE32 PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
2.8 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|