10036 |
2021-07-14 17:00
|
rc.exe 0d1a243f89e21f7c54a6210e5aa36d69 UPX DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Code injection Http API Internet API Steal credential ScreenShot Downloader P2P AntiDebug AntiVM PE32 PE File VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName keylogger |
1
https://cdn.discordapp.com/attachments/854297276549169165/864158213217321006/Mnzbrgxuodrjpaspnuzrcxakfetqbfg
|
4
arsaxa.ac.ug(79.134.225.25) cdn.discordapp.com(162.159.130.233) - malware 79.134.225.25 162.159.129.233 - malware
|
|
|
16.0 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10037 |
2021-07-14 17:02
|
vbc.exe 7cb96438c874f4727c226553d9ca8a18 Loki PWS Loki[b] Loki[m] Gen2 Emotet .NET framework RAT Gen1 Generic Malware NSIS UPX Malicious Library Antivirus Admin Tool (Sysinternals etc ...) Anti_VM DNS AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files AppData folder malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser Email ComputerName Software |
2
http://adminserver.xyz/Bn4/fre.php - rule_id: 2716 http://adminserver.xyz/Bn4/fre.php
|
2
adminserver.xyz(172.67.151.89) 104.21.80.157
|
|
1
http://adminserver.xyz/Bn4/fre.php
|
12.2 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10038 |
2021-07-15 09:13
|
ytmp3_work_youtube-to-mp3.exe d7f0e7382a50544f271617647794a604 RAT Generic Malware UPX KeyLogger Http API Steal credential ScreenShot AntiDebug AntiVM PE64 PE File VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
2
t.me(149.154.167.99) 149.154.167.99
|
|
|
8.2 |
|
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10039 |
2021-07-15 09:13
|
Receipt-51930517.xls d07a6a28431175d0d6d9e968f4227478 VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed |
1
http://onlinefastsolutions.com:8088/css/file10.bin
|
2
onlinefastsolutions.com(208.83.69.35) 163.172.213.69
|
|
|
3.8 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10040 |
2021-07-15 09:16
|
Invoice%203716517%20from%20Qui... cd0650a304a2fa6b3e7f80946189a0ed VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed |
1
http://paymentadvisry.com:8088/img/file6.bin
|
2
paymentadvisry.com(208.83.69.35) 128.199.243.169
|
|
|
4.0 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10041 |
2021-07-15 09:16
|
Invoice%20811806%20from%20Quic... 6eac93f907e5b905676bd99a7f947552 VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed |
1
http://buyer-remindment.com:8088/plugins/file4.bin
|
2
buyer-remindment.com(128.199.243.169) 163.172.213.69
|
|
|
4.4 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10042 |
2021-07-15 09:18
|
PO-20892.ppt d728d510f2b3020f9f5966787d11097d VBA_macro MSOffice File VirusTotal Malware |
|
|
|
|
0.8 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10043 |
2021-07-15 09:24
|
PO-20892.ppt d728d510f2b3020f9f5966787d11097d VBA_macro MSOffice File VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process Interception |
1
https://bitly.com/ywuiqdbnasqwyudasbnd
|
2
bitly.com(67.199.248.15) - mailcious 67.199.248.15 - mailcious
|
|
|
3.4 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10044 |
2021-07-15 09:36
|
qwerty.html 1f96ffb7047012fa5c58c669e95cd26f AntiDebug AntiVM PNG Format MSOffice File Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
32
https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png https://resources.blogblog.com/img/anon36.png https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D4778963473423104316%26pageID%3D2262483659192645202%26blogspotRpcToken%3D7841598%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D4778963473423104316%26pageID%3D2262483659192645202%26blogspotRpcToken%3D7841598%26bpli%3D1&passive=true&go=true https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN_r8OUuhv.woff https://www.blogger.com/static/v1/jsbin/1161973359-cmt__en_gb.js https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff https://www.google-analytics.com/analytics.js https://www.blogger.com/static/v1/widgets/3822632116-css_bundle_v2.css https://www.blogger.com/img/share_buttons_20_3.png https://www.blogger.com/static/v1/widgets/292860765-widgets.js https://www.blogger.com/comment-iframe-bg.g?bgresponse=js_disabled&iemode=9&page=1&bgint=6DYwHkUoXZwtgZB1HGKlMBxhGzC8Vmya6AAbCv_TcS0 https://www.blogger.com/comment-iframe.g?blogID=4778963473423104316&pageID=2262483659192645202&blogspotRpcToken=7841598 https://www.blogger.com/static/v1/v-css/281434096-static_pages.css https://www.blogger.com/dyn-css/authorization.css?targetBlogID=4778963473423104316&zx=bf80a9f2-d4e7-49ec-9747-e5b4ae0f3fcb https://resources.blogblog.com/img/blank.gif https://www.google.com/js/bg/6DYwHkUoXZwtgZB1HGKlMBxhGzC8Vmya6AAbCv_TcS0.js https://fonts.googleapis.com/css?family=Open+Sans:300 https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff https://www.google.com/css/maia.css https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://randikhanaekminar.blogspot.com/p/qwerty.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://randikhanaekminar.blogspot.com/p/qwerty.html%26type%3Dblog%26bpli%3D1&passive=true&go=true https://www.blogger.com/comment-iframe.g?blogID=4778963473423104316&pageID=2262483659192645202&blogspotRpcToken=7841598&bpli=1 https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Frandikhanaekminar.blogspot.com%2Fp%2Fqwerty.html&type=blog&bpli=1 https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg https://fonts.googleapis.com/css?lang=ko&family=Product+Sans|Roboto:400,700 https://www.blogger.com/img/blogger-logotype-color-black-1x.png https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js https://www.blogger.com/static/v1/v-css/2621646369-cmtfp.css https://www.blogger.com/static/v1/jsbin/1639926472-comment_from_post_iframe.js https://www.blogger.com/static/v1/jsbin/3775400722-ieretrofit.js https://resources.blogblog.com/img/icon18_edit_allbkg.gif https://www.blogger.com/blogin.g?blogspotURL=https://randikhanaekminar.blogspot.com/p/qwerty.html&type=blog
|
16
resources.blogblog.com(172.217.25.105) www.google.com(142.250.196.132) www.gstatic.com(172.217.25.99) fonts.googleapis.com(172.217.161.74) accounts.google.com(216.58.220.141) www.google-analytics.com(172.217.175.78) fonts.gstatic.com(172.217.31.131) www.blogger.com(172.217.25.105) 142.250.204.109 172.217.24.78 142.250.204.106 142.250.66.137 142.250.66.35 142.250.204.68 216.58.200.73 142.250.66.67
|
|
|
4.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10045 |
2021-07-15 10:06
|
file13.bin 3a7d9e9c7b17f37cea12b4a9f2c6581b PE32 PE File VirusTotal Malware PDB unpack itself Windows crashed |
|
|
|
|
2.6 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10046 |
2021-07-15 10:06
|
file8.bin 622f4aa2d5e82438f3a40a35ab4902d5 PE32 PE File VirusTotal Malware PDB unpack itself Windows crashed |
|
|
|
|
2.6 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10047 |
2021-07-15 10:08
|
details.bin 3c21cccff5c8aabf1977f2dbdaeaafe7 PE32 PE File VirusTotal Malware PDB Windows crashed |
|
|
|
|
3.0 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10048 |
2021-07-15 10:08
|
Invoice%202930928%20from%20Qui... 1c54dba00a0049d433c29f7eabf1b486 VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed |
1
http://fasteasyupdates.com:8088/templates/file4.bin
|
2
fasteasyupdates.com(128.199.243.169) 128.199.243.169
|
|
|
4.4 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10049 |
2021-07-15 10:10
|
964937807.exe e82ce292a4c410c44c1f4da25d02a167 RAT BitCoin Generic Malware AntiDebug AntiVM PE32 PE File .NET EXE PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process suspicious TLD WriteConsoleW installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
3
http://185.215.113.63:23098/ https://y40.miraimibun.ru/1321168167.exe https://api.ip.sb/geoip
|
5
y40.miraimibun.ru(217.107.34.191) api.ip.sb(104.26.13.31) 104.26.12.31 185.215.113.63 217.107.34.191 - mailcious
|
|
|
17.2 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10050 |
2021-07-15 10:10
|
file4.bin 363431c16f8b0a0196b67b11adf75ebd PE32 PE File PDB Windows crashed |
|
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|