| 10066 |
2021-07-15 10:28
|
 va.exe 4fce8340b8819f756b9e3afedf5917fd
PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
1
http://www.bioskopmovie21.com/vn3b/?K8bdJ=LnvcSiBsuAFGVsdHAOysWE2WHRNuqqCbSTIFgvJlZsUPr6OijyBQsLHITzdsIpEPwb5WXeox&uTuD=ApdlOfE
|
4
www.navniddhiprinting.com()
www.bioskopmovie21.com(185.53.178.10)
185.53.178.10
20.43.94.199
|
|
|
8.8 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10067 |
2021-07-15 10:29
|
 Invoice%2050261765%20from%20Qu... f92a895f8781cd98115c3cb123301e1c
VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed |
1
http://buyer-remindment.com:8088/wp-theme/file11.bin
|
2
buyer-remindment.com(163.172.213.69)
128.199.243.169
|
|
|
4.0 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10068 |
2021-07-15 10:30
|
 kn.exe bf27c89acbd897d3a37e415cf7b69ee2
PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key |
2
http://www.1indiansextube.com/lvno/?Bfl=rAF+2u9d3KgVTiBieoxeqPpsTYWEus7ko5QqjmmA3DWvE6E9D5Eq7p3bgXXz1a5fxPuTqZXI&rv0PcR=4hLpHJ
http://www.myboxlaundry.com/lvno/?Bfl=h/xXIGJdRTxCaSiir8cyf6N6CA9qYBdzPp+M5mmDi6cB87EMhyfblkTlkD/tw/q0/ltecwas&rv0PcR=4hLpHJ
|
4
www.1indiansextube.com(206.119.29.156)
www.myboxlaundry.com(202.74.238.213)
202.74.238.213
206.119.29.156
|
|
|
9.0 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10069 |
2021-07-15 10:31
|
 Receipt-427172.xls cf1af8277a86596fc04df4adbddb0702
VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed |
1
http://paymentadvisry.com:8088/js/file12.bin
|
2
paymentadvisry.com(208.83.69.35)
128.199.243.169
|
|
|
3.8 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10070 |
2021-07-15 10:32
|
 driver-installer.exe 9a122ed5dd32c372318c47d47f9e605b
RAT Generic Malware UPX KeyLogger Http API Steal credential ScreenShot AntiDebug AntiVM PE64 PE File VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
2
t.me(149.154.167.99)
149.154.167.99
|
|
|
8.0 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10071 |
2021-07-15 10:33
|
 Trinn.exe 1130aadc21e61f9fc3ea418177382a2a
RAT BitCoin Generic Malware AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName Cryptographic key crashed |
2
http://xtarweanda.xyz/
https://api.ip.sb/geoip
|
4
xtarweanda.xyz(95.213.224.25)
api.ip.sb(104.26.12.31)
95.213.224.25
172.67.75.172
|
|
|
12.0 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10072 |
2021-07-15 10:35
|
 lv.exe 5cbbdb7bab881f319d1f54c8c76cb4ae
Gen1 Gen2 Malicious Library UPX DGA DNS Socket Create Service Sniff Audio HTTP Escalate priviledges KeyLogger FTP Hijack Network Code injection Http API Internet API Steal credential ScreenShot Downloader P2P persistence AntiDebug AntiVM PE32 PE File DLL VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows |
|
1
LMwWfCcmRWAmfFCNIZdgWmiWmFe.LMwWfCcmRWAmfFCNIZdgWmiWmFe()
|
|
|
7.4 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10073 |
2021-07-15 10:36
|
 Invoice%20720710%20from%20Quic... 40425d09e54ff26289dd074649f0cad9
VBA_macro MSOffice File PE32 PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed |
1
http://onlinefastsolutions.com:8088/tpls/file3.bin
|
2
onlinefastsolutions.com(163.172.213.69)
163.172.213.69
|
|
|
3.8 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10074 |
2021-07-15 10:36
|
 nn.exe 36dae96c9425608f4d2441ab5c38130f
PWS Loki[b] Loki[m] Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName DNS Software crashed |
1
http://185.227.139.18/dsaicosaicasdi.php/ZCV5nbpN4L9rd - rule_id: 2584
|
1
185.227.139.18 - mailcious
|
|
1
http://185.227.139.18/dsaicosaicasdi.php
|
13.4 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10075 |
2021-07-15 10:39
|
 file.exe 58fa567894c7dc28d2b7f0d7f3886512
RedLine Stealer UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself |
|
|
|
|
2.4 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10076 |
2021-07-15 10:41
|
 5.exe 0140b4f87910ef13e348b28a67aac23a
PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
5.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10077 |
2021-07-15 10:44
|
 sam.exe 54da6f0e11090728404d0f9807ef3674
PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key |
10
http://www.innercritictypes.com/uoe8/?Ezu=O21M2FYy2dlMOkCvFyQcwzLn3QEPeqHgQrfKHRI9jw0Ah0TH1lBJi6Gr9K83sGcpR3T5fZkw&q48=Gbt4axj8p
http://www.keydefi.com/uoe8/
http://www.bsbgraphic.com/uoe8/
http://www.keydefi.com/uoe8/?Ezu=fjN3+DCycbloadR1JYSjLl4NMX1BWoGvuTOGO0r7qvHasgjoKS6DLTuYNEAj5O9YQwFgCvIr&q48=Gbt4axj8p
http://www.swashbug.com/uoe8/?Ezu=jbWl/12LOy/8QMol1vq5On9CelmHmR3hJriw/uowHAcnrTs+PcPuE1M21NVN5bXc/q7xGzNj&q48=Gbt4axj8p - rule_id: 846
http://www.hispekdiamond.com/uoe8/
http://www.innercritictypes.com/uoe8/
http://www.swashbug.com/uoe8/ - rule_id: 846
http://www.bsbgraphic.com/uoe8/?Ezu=IJxsArLTGRxQO+Zr9zHYqepX+MoX/vO+JUx3UoPYs759hqCLjrrubWv7+QNEl9ZR5rIOa5eQ&q48=Gbt4axj8p
http://www.hispekdiamond.com/uoe8/?Ezu=UhlVi8jJ/XJooZrGm3lJbnFIbsRb97T5i2H1SjZUz4bfHF7iwjurNO0mfht8QkZ52GR+ypPo&q48=Gbt4axj8p
|
12
www.swashbug.com(169.1.24.244)
www.rangamaty.com(54.39.133.15)
www.innercritictypes.com(34.102.136.180)
www.keydefi.com(88.214.207.96)
www.bsbgraphic.com(185.10.75.4)
www.hispekdiamond.com(213.171.195.105)
185.10.75.4 - mailcious
34.102.136.180 - mailcious
54.39.133.15 - mailcious
88.214.207.96 - mailcious
213.171.195.105
169.1.24.244 - mailcious
|
|
2
http://www.swashbug.com/uoe8/
http://www.swashbug.com/uoe8/
|
9.4 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10078 |
2021-07-15 10:46
|
 ee.exe 7fa7ddc6957d2b24810e70ea30f7ca12
PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
3
http://www.pvj2019.com/bsdd/?ofrLp=qs3RZSX3rvVNtiBHpfYUl9EI97y+R4QIxAS6B4CUD5yxH0qyUw/bf6FdrR7yHxdc6ARoeO06&1bw=L6AdjD8HtbAPoXK0
http://www.spinozone.com/bsdd/?ofrLp=wKFuFBUmkFlq3cmGTOvg7BHSlGNnAbWulbUidAyrto4M17w7HJ24MBv0JTojToLONTTkfCJP&1bw=L6AdjD8HtbAPoXK0
http://www.avxrja.online/bsdd/?ofrLp=yfEHqAcgt7rxCVuuJXACbU7UrRlbrP06mrm4Odqj8j+Usq43ag+ep0r75c/W67nhYEF3s8ao&1bw=L6AdjD8HtbAPoXK0
|
7
www.pvj2019.com(13.225.134.15)
www.spinozone.com(3.223.115.185)
www.avxrja.online(159.25.16.57)
13.225.134.74
3.223.115.185 - mailcious
54.39.133.15 - mailcious
159.25.16.57
|
|
|
8.8 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10079 |
2021-07-15 11:30
|
 vbc.exe 41496ecf0772fb06472b37b7be9a7ec9
RedLine Stealer UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.8 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10080 |
2021-07-15 11:31
|
 cmd.exe 2fd35a47c26de70495d7abd6e8704e1d
RAT Generic Malware UPX AntiDebug AntiVM PE32 PE File OS Processor Check .NET EXE VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Remote Code Execution DNS |
1
http://62.109.6.34/Multisql.php?BVUh8CqgvQvV8HT7=Gn6sqVgs&23b03a1076a634776d74be03b9878d48=690e025a8f43aff654bcfa12152d46df&3cb2b07ca96824b52834776f03cfac35=wY3AzM2ITM5YWNmljN3UDO4YDN5gjYjljMhZTO3M2YmZTOilTY2cjN&BVUh8CqgvQvV8HT7=Gn6sqVgs
|
1
|
|
|
11.2 |
|
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|