9886 |
2021-07-10 09:11
|
4c6b7cd617a0dcf2d783efd0d73e87... c9fa1e8906a247f5bea95fe6851a8628 Gen1 Gen2 Generic Malware PE32 OS Processor Check PE File DLL VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion IP Check ComputerName |
3
http://ol.gamegame.info/report7.4.php - rule_id: 1518 http://ip-api.com/json/?fields=8198 http://iw.gamegame.info/report7.4.php - rule_id: 1517
|
7
ip-api.com(208.95.112.1) iw.gamegame.info(172.67.200.215) - mailcious ol.gamegame.info(172.67.200.215) - mailcious google.vrthcobj.com(34.97.69.225) 34.97.69.225 104.21.21.221 - mailcious 208.95.112.1
|
|
2
http://ol.gamegame.info/report7.4.php http://iw.gamegame.info/report7.4.php
|
7.4 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9887 |
2021-07-10 09:13
|
sysWow64-e1.exe 715788fb520b3873db406fdf59521afa PE32 OS Processor Check PE File VirusTotal Malware AutoRuns Windows ComputerName DNS |
|
1
|
|
|
3.0 |
|
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9888 |
2021-07-10 09:13
|
.wininit.exe ee61976fd8615f8ca2216abbd2da78e3 Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
6
http://www.sdnjjywlc.com/u6bi/?MvZXHps=bK+Z2QCmb4u7fikP/oCQzTpaclbhKc7MX25Oj4g0cEEIn6f/U5wR+VzXeWehSIx5eqTbt79v&WPUD3=GdS0 http://www.2021cacondo.com/u6bi/?MvZXHps=OCatVl/HxP9LSoxl3pI1zJ3If3DnqK1+RysL2U+jvU6gCDAnxqUdLaoRZ60A7ltEpEYQWsLq&WPUD3=GdS0 http://www.sint-ecommerce.com/u6bi/?MvZXHps=w2s295loKfJMVFbGUdfcYliRI2chPZn4DGCH61iVg+VnO5bLmd7xwLXDYjltKqBsEq3wHVjr&WPUD3=GdS0 http://www.divineryoga.com/u6bi/?MvZXHps=deWNSkh3tSSTPM/Ho/CFwJ6QdLWqgVMn4qt9MKMDmoYqIx8j0PsRTC+VhkgftOnLSKrC+ARJ&WPUD3=GdS0 http://www.kslife.net/u6bi/?MvZXHps=iNvyT4CqLMChP3e6Ge76qlbtGatm/FOjD6+EIrw4iNXlKmgdt1I05b7hDy3w2CW6vTCJ8tUN&WPUD3=GdS0 http://www.vartomp.wales/u6bi/?MvZXHps=7H4fYAqkCuUMmpQIRNaXruuxEBA9ulKuj0WQeNCK4JJQrql6o416QATUa5HMbVavY73qak70&WPUD3=GdS0
|
13
www.vac.one() www.sdnjjywlc.com(154.84.8.2) www.vartomp.wales(45.8.124.55) www.divineryoga.com(34.102.136.180) www.kslife.net(154.214.113.130) www.2021cacondo.com(34.102.136.180) www.sint-ecommerce.com(217.160.0.209) 154.84.8.2 217.160.0.209 - malware 34.102.136.180 - mailcious 154.214.113.130 45.8.124.55 104.21.19.200
|
|
|
8.8 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9889 |
2021-07-10 09:15
|
vbc.exe d85950bc6166358539e77a46202d80d9 Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
2.8 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9890 |
2021-07-10 10:38
|
sysWow64-e1.exe 715788fb520b3873db406fdf59521afa NetWire RAT PE32 OS Processor Check PE File VirusTotal Malware AutoRuns Windows ComputerName DNS |
|
1
|
|
|
3.0 |
|
54 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9891 |
2021-07-10 10:59
|
ethminer.exe c6dedabf9eae985f537f6270d8f91808 CoinMiner QuickMiner PE64 PE File OS Processor Check VirusTotal Malware |
|
|
|
|
0.8 |
|
14 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9892 |
2021-07-11 23:45
|
KillAura.class 00c3a76b736f3378343486db0932f99a AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName |
|
|
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9893 |
2021-07-12 09:41
|
information_01913.xlsb 876840f5faa0b20d0713a7e8435b19b7VirusTotal Malware Creates executable files unpack itself suspicious process |
1
https://free.mynowministries.com/app.dll
|
2
free.mynowministries.com(162.241.253.78) 162.241.253.78
|
|
|
3.2 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9894 |
2021-07-12 09:43
|
P3GlorySetp.exe ab709667f7fda587f65ced022c09e455 Generic Malware PE File PE32 .NET EXE OS Processor Check VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder Ransomware Windows ComputerName Cryptographic key crashed |
10
http://netoterizi.xyz/ - rule_id: 2569 https://videoconvert-download38.xyz/?user=p3_5 - rule_id: 2241 https://videoconvert-download38.xyz/?user=p3_4 - rule_id: 2241 https://iplogger.org/1WTBy7 https://videoconvert-download38.xyz/?user=p3_6 - rule_id: 2241 https://videoconvert-download38.xyz/?user=p3_1 - rule_id: 2241 https://videoconvert-download38.xyz/?user=p3_3 - rule_id: 2241 https://videoconvert-download38.xyz/?user=p3_2 - rule_id: 2241 https://videoconvert-download38.xyz/?user=bld - rule_id: 2241 https://iplogger.org/1WYBy7
|
6
netoterizi.xyz(185.14.31.80) - mailcious videoconvert-download38.xyz(172.67.201.250) - mailcious iplogger.org(88.99.66.31) - mailcious 88.99.66.31 - mailcious 172.67.201.250 - mailcious 185.14.31.80 - mailcious
|
|
8
http://netoterizi.xyz/ https://videoconvert-download38.xyz/ https://videoconvert-download38.xyz/ https://videoconvert-download38.xyz/ https://videoconvert-download38.xyz/ https://videoconvert-download38.xyz/ https://videoconvert-download38.xyz/ https://videoconvert-download38.xyz/
|
10.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9895 |
2021-07-12 09:44
|
08388e25.png.doc b53accbf466304e55d3abdda94c1fe5d MSOffice File VirusTotal Malware unpack itself DNS |
|
1
|
|
|
3.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9896 |
2021-07-12 09:44
|
batgo.exe 5ee0b97e90e31e11ce72b3a7c76c3e6f Gen1 PE File PE32 JPEG Format DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Windows Browser Email ComputerName Firmware DNS Software crashed |
10
http://162.55.223.232/softokn3.dll http://162.55.223.232/947 http://162.55.223.232/msvcp140.dll http://162.55.223.232/ - rule_id: 2605 http://162.55.223.232/ http://162.55.223.232/freebl3.dll http://162.55.223.232/vcruntime140.dll http://162.55.223.232/mozglue.dll http://162.55.223.232/nss3.dll https://sergeevih43.tumblr.com/ - rule_id: 2338
|
3
sergeevih43.tumblr.com(74.114.154.22) - mailcious 162.55.223.232 74.114.154.22 - mailcious
|
|
2
http://162.55.223.232/ https://sergeevih43.tumblr.com/
|
16.4 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9897 |
2021-07-12 09:45
|
instalKP.exe 7d20b144fbf477138bcad9c1db44f6c1 PWS .NET framework RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
9.4 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9898 |
2021-07-12 09:46
|
jop.exe 6e23d791b07e987b4329a0f076133cd1 Themida Packer PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself Checks Bios Detects VMWare Check virtual network interfaces VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed |
|
1
185.215.113.81 - mailcious
|
|
|
8.6 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9899 |
2021-07-12 09:48
|
powerpoint.exe e7e37e58de40b390fcded847360e0c49 AgentTesla PWS .NET framework browser info stealer Generic Malware Google Chrome User Data Malicious Packer Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence DGA DNS Create Service HTTP FTP Http API Steal Buffer PE AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities WriteConsoleW Windows |
|
|
|
|
9.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9900 |
2021-07-12 09:49
|
batman.exe 40a828eb521c1465984eb4bd44af3334 Gen1 PE File PE32 JPEG Format DLL OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Malicious Traffic Check memory WMI Creates executable files ICMP traffic unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Windows Browser Email ComputerName Firmware DNS Software crashed |
10
http://162.55.223.232/softokn3.dll http://162.55.223.232/947 http://162.55.223.232/msvcp140.dll http://162.55.223.232/ - rule_id: 2605 http://162.55.223.232/ http://162.55.223.232/freebl3.dll http://162.55.223.232/vcruntime140.dll http://162.55.223.232/mozglue.dll http://162.55.223.232/nss3.dll https://sergeevih43.tumblr.com/ - rule_id: 2338
|
3
sergeevih43.tumblr.com(74.114.154.18) - mailcious 162.55.223.232 74.114.154.22 - mailcious
|
|
2
http://162.55.223.232/ https://sergeevih43.tumblr.com/
|
17.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|