10081 |
2021-07-15 11:32
|
file5.exe c967c0f03185ddce3718e11221cd9dbf UPX PE32 PE File VirusTotal Malware PDB unpack itself DNS |
|
1
|
|
|
3.2 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10082 |
2021-07-15 11:34
|
.wininit.exe a4231c7431f34ce5f1aeecd2c366008a Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
16
http://www.sneakerssupermarket.com/7bun/?GzuX=PvR5U4CzamzH6G3sNGXTSLQaZtYsYmwgNdhhHTSdAYxz5ww0kg2mXAm8Th9XkZs+eILT2cdA&AnB=O2MxwrzxV http://www.modelsclinic.com/7bun/?GzuX=m3w4Bdh9bpVNFCkrZz/g9Z5fhYKoHVPPCMLJMgvkrgV2SA7hLU3dgzZ+CJeMd9qFkfdDn2KB&AnB=O2MxwrzxV http://www.2018luzy.com/7bun/ http://www.thehaphazardhomeschool.com/7bun/ http://www.2018luzy.com/7bun/?GzuX=g35u4EyrkW3rEL1JEcpIEg1/sczhXn0QOEPPJxt5HYf46Nv5O0mcuIhE9EM9an3WCxnyXQE9&AnB=O2MxwrzxV http://www.scholarlyleadership.com/7bun/ http://www.enlightenmenttalk.com/7bun/ http://www.scholarlyleadership.com/7bun/?GzuX=hk4hT8PvzN7nHrw/p5MDcjpW73fNgGMfvTyI/m77+fOFqrLM/OlrUKGASMrwZBUx6zw+ZdSx&AnB=O2MxwrzxV http://www.bk-707.com/7bun/ http://www.enlightenmenttalk.com/7bun/?GzuX=e+jirH21b6Bs+4mj+0HfmShjT7e/46sxFP9zszjSk6qxzG6Gc5dc28nSJf5O5wgSAQmXXH7R&AnB=O2MxwrzxV http://www.thehaphazardhomeschool.com/7bun/?GzuX=XsE2DkapAHCJ4LAsoDXWOSELWcifcHP4gCVqiw16EiKnX6rAYptoaBMRcr+2q0gKis7ji90s&AnB=O2MxwrzxV http://www.sneakerssupermarket.com/7bun/ http://www.chameocarajf.com/7bun/ http://www.bk-707.com/7bun/?GzuX=U8dEOFQwatqmMeUIf8+xjfMEi+QHZ78yHCVkXGW0zuDP3xp5Sb4izGVZ6gnoCR9Zglx5uhU/&AnB=O2MxwrzxV http://www.chameocarajf.com/7bun/?GzuX=wvDqrLAPMF2RNpFbOT3QZsFyHSWghwlMvddKBC7GRap2w/vObToqQirxvXj+lV8cPNTq78JX&AnB=O2MxwrzxV http://www.modelsclinic.com/7bun/
|
15
www.enlightenmenttalk.com(34.98.99.30) www.chameocarajf.com(162.241.62.75) www.thehaphazardhomeschool.com(162.241.216.80) www.sneakerssupermarket.com(34.102.136.180) www.modelsclinic.com(34.102.136.180) www.ravelcophx.com() www.bk-707.com(104.21.70.228) www.2018luzy.com(45.39.16.117) www.scholarlyleadership.com(34.102.136.180) 45.39.16.117 162.241.216.80 162.241.62.75 34.102.136.180 - mailcious 172.67.140.42 34.98.99.30 - phishing
|
|
|
9.0 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10083 |
2021-07-15 11:35
|
Receipt-9650354.xls 0d3e86171d4980d63304aa3a12c74c45 VBA_macro MSOffice File PE32 PE File Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed |
1
http://buyer-remindment.com:8088/templates/file6.bin
|
2
buyer-remindment.com(128.199.243.169) 128.199.243.169
|
|
|
3.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10084 |
2021-07-15 11:36
|
build2.exe 66bde9ddd0fb80ac7309176c23d03804 PWS Loki[b] Loki[m] AgentTesla RedLine Stealer Gen1 browser info stealer UPX ScreenShot AntiDebug AntiVM PE32 PE File OS Processor Check DLL JPEG Format Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName DNS Software |
9
http://116.202.183.50/mozglue.dll http://116.202.183.50/nss3.dll http://116.202.183.50/vcruntime140.dll http://116.202.183.50/ http://116.202.183.50/softokn3.dll http://116.202.183.50/msvcp140.dll http://116.202.183.50/517 http://116.202.183.50/freebl3.dll https://sslamlssa1.tumblr.com/
|
3
sslamlssa1.tumblr.com(74.114.154.18) 116.202.183.50 74.114.154.22 - mailcious
|
|
|
17.6 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10085 |
2021-07-15 11:37
|
svchost.exe 09fb8646753f7041cb0dc124b3c571cf PWS .NET framework RAT Generic Malware PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.8 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10086 |
2021-07-15 11:38
|
Toner-RecoverSetup.exe 01f89223a45a7b657998b8ee28bfa281 Emotet Generic Malware UPX PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Browser ComputerName DNS |
7
http://google.com/ http://www.google.com/ https://www.google.com/favicon.ico https://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png https://ssl.gstatic.com/gb/images/i1_1967ca6a.png https://www.google.com/?gws_rd=ssl https://iplogger.org/2BD837
|
8
google.com(172.217.175.14) www.google.com(142.250.196.132) ssl.gstatic.com(172.217.26.3) iplogger.org(88.99.66.31) - mailcious 172.217.163.228 88.99.66.31 - mailcious 172.217.31.227 172.217.24.78
|
|
|
6.6 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10087 |
2021-07-15 11:38
|
NMemo1Setp.exe f12aa4983f77ed85b3a618f7656807c2 Generic Malware PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself |
2
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/
|
|
|
|
2.6 |
M |
56 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10088 |
2021-07-15 11:39
|
vbc.exe 7f2b563b83d45e66744954b67fc2a179 Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
10.6 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10089 |
2021-07-15 11:40
|
smartx.exe bce6b0dd0454052f8952f5174c26cec0 RAT Generic Malware UPX AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder malicious URLs Windows Cryptographic key crashed |
10
http://192.168.56.103:2869/upnphost/udhisapi.dll?content=uuid:d96d86f3-ac35-41f2-9523-f4e50073f2f3 http://www.uyutny-svet.online/eqp3/ http://192.168.56.103:5357/da8ea474-550f-433d-b444-54d2081d1d24/ http://www.grapaojanjao.com/eqp3/ http://www.uyutny-svet.online/eqp3/?5j=CblEKO/jDHV1Nnreuzchc3HA1n3gtrd3+z5w8OSuzqrO8fXW1FPAwPQOqH5frdTlUpEtne+w&EZ442V=IdnTot6xhnFH http://www.simplicitylawyers.com/eqp3/?5j=1JlRKKc1ryObS2zWGCQwmyDXo7172X9qd+uj8VkBQN2btU1eXDdLeMaQ7yjeIPrl/st+y4Ki&EZ442V=IdnTot6xhnFH http://www.easyrepairsauto.com/eqp3/?5j=41nwx5lqGKzWHGUJCEbmzMcyKtNa2An7naJr3NNPKeswF3W6GX4ZmdROpgQ+0CPydD3Pj/yn&EZ442V=IdnTot6xhnFH http://www.simplicitylawyers.com/eqp3/ http://www.easyrepairsauto.com/eqp3/ http://www.grapaojanjao.com/eqp3/?5j=vhPMJ3ABFjMy54CV7tnGHjN8rnNhE2JoEzYPOiwetEI4estIKvVLL5Og+cRbULzo6BPqJ8aM&EZ442V=IdnTot6xhnFH
|
10
www.ccminghang.com() www.grapaojanjao.com(122.155.167.48) www.10system.club() www.easyrepairsauto.com(182.50.132.242) www.simplicitylawyers.com(34.102.136.180) www.uyutny-svet.online(209.99.40.222) 209.99.40.222 - mailcious 122.155.167.48 182.50.132.242 - mailcious 34.102.136.180 - mailcious
|
|
|
11.4 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10090 |
2021-07-15 11:50
|
wininit.exe e2ff5a2d8427e0c6132177f27052bbdb PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
5.6 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10091 |
2021-07-15 11:50
|
file6.exe 00ff8d20b68ba14dfa8579b8132547f1 RAT BitCoin Generic Malware AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
3
kathonaror.xyz(141.136.0.74) - mailcious 141.136.0.74 - mailcious 104.26.13.31
|
|
|
9.2 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10092 |
2021-07-15 11:51
|
file8.exe 91b80d727ddd4512e60ca369a4cc6034 PWS .NET framework RAT BitCoin Generic Malware AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://185.244.182.34:56068/ https://api.ip.sb/geoip
|
3
api.ip.sb(172.67.75.172) 185.244.182.34 104.26.13.31
|
|
|
12.8 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10093 |
2021-07-15 11:51
|
SecurityHealthSystray.exe 1cd60e5192988ae5841a861ef8c45a61 PWS .NET framework RAT Generic Malware UPX PE32 PE File .NET EXE VirusTotal Malware WriteConsoleW IP Check ComputerName |
1
|
4
stellacy.tk(173.44.55.155) ip-api.com(208.95.112.1) 208.95.112.1 173.44.55.155
|
|
|
3.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10094 |
2021-07-15 11:53
|
mazx.exe 27cbc615d2a1fef5e46ae9d91943812c RAT Generic Malware UPX Antivirus SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
4
https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-614C0E3B50F117FBCE10F2095FA19897.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-614C0E3B50F117FBCE10F2095FA19897.html https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A32F45A97F0071468825E8B67D10D74B.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A32F45A97F0071468825E8B67D10D74B.html
|
2
bakercost.gq(104.21.13.164) 172.67.156.203
|
|
2
https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/
|
14.8 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10095 |
2021-07-15 11:55
|
kaguya.exe 309b8d030730272ff323308ced7aa981 Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket ScreenShot AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications sandbox evasion anti-virtualization IP Check installed browsers check Ransomware Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
http://api.ipify.org/?format=xml
|
3
api.ipify.org(54.225.245.108) 195.133.40.204 54.243.175.83
|
|
|
14.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|