| 10111 |
2023-07-21 13:07
|
 Lightshot.dll d335c0fd96458200acaeae1d1b4e136e
UPX Admin Tool (Sysinternals etc ...) Malicious Library Javascript_Blob OS Processor Check MZP Format DLL PE File PE32 VirusTotal Malware Checks debugger unpack itself crashed |
|
|
|
|
1.6 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10112 |
2023-07-21 13:05
|
 file.exe 45c1bb2dd4f6dfababf59f93d90537a5
Malicious Library PE File PE32 VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
2.2 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10113 |
2023-07-21 13:04
|
 adobe-explorer.exe f6637dd80c1bf55fdf7d31f1d857a155
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself sandbox evasion Browser ComputerName |
|
2
texasgrudgecompany.com(5.8.18.42) -
5.8.18.42 -
|
|
|
6.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10114 |
2023-07-21 13:02
|
 saqoap.exe 8c1e52ac9553fab121ee950749fe1d31
UPX Malicious Library MZP Format PE File PE32 VirusTotal Malware RWX flags setting unpack itself |
|
|
|
|
2.8 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10115 |
2023-07-21 13:01
|
 reverse.exe 80cc187a15b6b6340385922631bad640
UPX PE File PE32 Malware download VirusTotal Malware Microsoft suspicious process WriteConsoleW Exploit DNS |
|
1
|
2
ET MALWARE Win32/Suspected Reverse Shell Connection
GPL EXPLOIT Microsoft cmd.exe banner
|
|
2.2 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10116 |
2023-07-21 11:35
|
 file.pdf.exe 63faba3aff1b5d9cc631bb722bf6c00e
UPX .NET framework(MSIL) AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
8.0 |
M |
50 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10117 |
2023-07-21 10:56
|
https://optimizationguide-pa.g...
Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
https://optimizationguide-pa.googleapis.com/downloads
|
2
optimizationguide-pa.googleapis.com(142.250.206.234) -
216.58.200.234 -
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10118 |
2023-07-21 10:54
|
https://optimizationguide-pa.g...
AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
1
https://optimizationguide-pa.googleapis.com/downloads
|
2
optimizationguide-pa.googleapis.com(142.250.207.106) -
142.250.199.74
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10119 |
2023-07-21 10:53
|
https://optimizationguide-pa.g...
Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
https://optimizationguide-pa.googleapis.com/downloads
|
2
optimizationguide-pa.googleapis.com(172.217.161.202)
142.250.66.74
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10120 |
2023-07-21 10:45
|
https://optimizationguide-pa.g...
Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
https://optimizationguide-pa.googleapis.com/downloads
|
2
optimizationguide-pa.googleapis.com(142.250.76.138)
172.217.31.10
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10121 |
2023-07-20 17:29
|
 arc.exe 7f4e427936de0eecd46ce643bf5c0d36
UPX .NET framework(MSIL) Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 Malware download Cobalt Strike Ursnif VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Interception Windows ComputerName DNS Cryptographic key |
10
http://45.155.249.172/zerotohero/_2F9FQStc6JLbSb0Aim/PmWWdoN5TseiAoeGXSCnHb/f3siUJm7sSMxf/G9bKoZCp/ToUTRIpO5loaw7dvIdLqAPz/Y_2FdMlaiS/sRpdSgA1rXRn2REvx/OLgHjV7rVkqr/hqKS0oziEAU/o8RF8RZV1PhOYn/3_2FI28IdRnnl1Pa_2BsI/QMarYG2EhXrJaYdB/mioJ96K9ci_2BTK/nI2nf8CFXQPE62qv02/Tw141ih4C/rGxEkCJU_2FoY51LZTFZ/JDcDUjJ1Nfm3nZTbACQ/t335aBNiwUI0fSDh/WyzuLFz.asi
http://79.132.130.230/zerotohero/h2pES8vvQ9Dvo3V/hlcSi0l1F9v5LWGLOU/lNLO_2Bf9/1ZUnyh2KkRK_2BK_2FkT/B1qvcsMLsENIIKY07e_/2BBJkDPX88nUBOmNkxpsAL/daYERlvY44cCV/bb5JGPTp/wxiwu6MqPi13_2BBhBKtdcy/2XJp_2Fubp/UWOfmfkpHbfwbD_2F/AnrdfTwDxB49/3p5ljWW0mVB/kNUkbjfVuy_2FS/gZnIixUlWrtIET_2B6yPH/BGzrFLgAm1zI1rE5/NqlChuR_2B6Px8F/XpdH_2FRUoOGbXz3eG/hUrQfJr34qTs7V_2FIaI_2/F.asi
http://185.212.47.65/zerotohero/CqWrYX36XwWQ_2BrhS/mzLEl4vFf/xc4vWmEcWAJ9YFRyVKFO/ttNPV1ulfC_2FpRAGEU/1GwPDdK1QdBxInNimrN51p/Z3ahmcuTfYBo7/Kaj8dPd2/9mf_2B4_2B44IFDmcnO_2Ft/cbq2K326U1/jZ5r_2FXzmP3hUR7N/1DixZEqKIs7T/V2_2B7W4R8n/ojByzLKN1qA5e2/xatnfWr5qeXVvqV9Ka_2B/7CLEyBcLLr3EDHwN/3rLPjXlm7dduxz8/TEh4z8Yn6bC8oMLEXG/lAd_2FiD0/mxl7zdJF6HzdACUwM/uWM8.asi
http://78.138.9.136/zerotohero/tVgvWq4_2/BvU_2B3JHn6rBZN_2F78/kvXaeOFxBvKlMcTqcE9/hW9zLHBjbqaNPH3AUetC7h/3jB4YK94wFnF_/2FLCTLTl/OQOh_2BEMlq9kORiGRX3UGM/4XDgo2LSPA/QU2PjXw5cS1FKeqzx/NSRV7tkllKkn/06MFyAN39Zz/4Vhliec7utGGCr/lxOgXn9vBfQjzB42cyR6M/jOG9REVRM2tybo10/JzR8Z2liDNL0xrJ/wCNgVlEXFNrLtvbD23/Ci_2BRGWl/fc1PXbvpNet_2F5vOd3J/14nskWbz3d_2F/UU9f.asi
http://45.155.249.172/zerotohero/NQ4F2P317cVzNCxLOhg1F/8zo2PkPH0JNTkVQD/5KFUhh5g_2BqmC_/2F12sKc7QNCiIt8Y9Q/0gkTj71es/KP_2B3LuudW8CcWsZxc0/DZrsp9UbGxLuWnZHnIL/gpU7b2Ia1zgtxAn_2FLHVS/_2FqgZrYisxlR/kVcu_2BN/3o_2BJNwhL0UcCmviyxJN_2/FJdZ77WQgG/SpaJfTloxBssHKkJS/a_2FL7B4Vl6U/2EqyTD0mKiB/kh_2FocONHpHdL/5ewrs5O8oDLjrCJpWwXFV/RZffz9rgwAJcvl3D/uvmJZnLesLqNZl7/rdtQ8vt4wMbESjvt_/2FxX.asi
http://79.132.130.230/zerotohero/mdPSIyIkqr1RaBA606yd/7lOoa9x_2F0JudJY5_2/BoI9NqeqO3W7h_2BJycshU/am8kAnvTovBLt/6GFuxlV8/Gzl_2F18zkUa4KcCypu43ZE/2IY6Vqza0M/x81isIVB6eMI72ihh/aimsSr7RxjsG/aALRWJb8SZ2/lM03TOYfbuRZmL/Tm_2FAfgkdO6imvN8FOYF/WiFzR0dhr9iymNe3/yB_2FCDb_2B_2Bx/1suMDMDn8T1iBqi7RM/677p_2Fx4/VnzhkvEcTCuWzJhcmuUD/gu0hujFj_2BFX9yMt2M/iEEoucXiRQ8gFz_2F0LbLq/Ufc4_2Fgi/XgDDD.asi
http://79.132.130.230/zerotohero/Y_2FSqUCXDqJ0i_2FAiCDUu/MYNX7B7heM/GrHKHAHhAJfZZnZLY/ZUN96plx1WtO/Yh5YpB2GQS9/ytHVCw6X6Am2me/_2BZa2gFxOKYo42X_2Bis/uHG_2Bh_2FCRyy1j/HJA3PTfuKn2mM_2/Bo6tNqNWvmwJZgUS3_/2F_2B4Q6T/YQUg16lQ1UYirz_2F3Td/dSpdyVyoXNK9gGKMgaY/pdYE5MFY9TQzkXVlCy9KAT/iuujSOGfSd9zm/l99IR7CG/RCtkfs_2FtsvJqfOZpahaQ8/lJE8rw9jHb/81KiC8i2/EDCzwKNK/_2FgN.asi
http://79.132.130.230/zerotohero/J_2FsnJcuBz7ISKZ/7yjFKK2ZjJUJF0c/4lQRo6T1DnNr4kYV5G/lapFedOu2/PSf_2BBx3S0scfjDFFdp/sbBPjxI0AXVwXA1O_2F/w5gYNLVyDOldLOd_2FoAsp/ofci1W_2BGxqp/dSahW4x5/SD_2Bvv0dL0_2FkhXU6ldx5/83ouXZGs4J/yNzEw7V31EiOeqpr8/3s6ziH104BCw/iJDCp7r6yvM/ecSlA9BwncFOHW/KL4f0g4TikWiKFj6x01xn/JXpInaNgsXT_2Bza/fDi4X844IybUwY7/J9aoupFGv_2Bxj8SiO/adKKLFnpEvrIf2_/2FG1kLm.asi
http://78.138.9.136/zerotohero/o3Qw3IIKAJX3J/UqAt8bW_/2BUZ0UoeiySDNS6_2FUW2wA/3hFn7Sl4kN/ftoKvV5fG4Hlj1TSU/x9EtzVflg8DH/M2gdAUaDeoM/xHn0zpZ5tqgQxS/UIfCGC7fdX4cy165VPzjU/qFkYEqLUusHWmxl1/03Oe4374cOZpI_2/BpUlT2zKKRN2ct1ni8/Kyaip_2FL/RdYQJnJxCQC9LMM9KItd/rGuDDOExo8f1GlIaTy_/2FY2axb2jutNFLTc8FH2gt/2NCOwCjYICOIB/thzeHDY5/OMSNh7TmOBdBV10AHn/U.asi
http://185.212.47.65/zerotohero/FgCIjqtD1C/AwnB0CDuorKMa8ksR/aEjpUJvisd_2/Fyx44HzwuYS/aidnq9yd8pDT0T/NgYDWyI2Ai5P5qt99QXPi/jA4E2_2Be_2Fc_2B/bWcqxXdiMKAL8KE/sbgN6r4ltId_2FpN0E/aiXKEXHHY/JjdAPnfNd6AGi1C5E1Wt/28f2aD9M9R2djADKBs7/7fthFgqmYQikGHLfwk_2BJ/LuUAzChbRGzy5/njcVwo6H/TC5tR2nJz_2FwX_2B29eAaL/7KU1y1ngiw/OR811oN4ZmZuRfEi1/bMuIgBALfI6hYvF/gvDV.asi
|
6
lisfwhite.ch2eck.yaheoo.com() -
listwhfite.check3.yaho1o.com() -
185.212.47.65
78.138.9.136
45.155.249.172
79.132.130.230
|
2
ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
|
|
12.2 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10122 |
2023-07-20 17:22
|
 file.exe 5c3913024841f5c14f0ef8c9f3d3a4c5
Malicious Library PE File PE32 VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
2.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10123 |
2023-07-20 17:21
|
 @zerOgr4v1ty_crypted.exe b273c68306bfba8fe55a39fe29c5a160
UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
3
api.ip.sb(104.26.13.31) -
104.26.12.31 -
94.142.138.4 -
|
4
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.4 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10124 |
2023-07-20 17:20
|
 Meduza.exe 40fbeddad5a68665f9cf789dc4658f1a
UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic Windows utilities suspicious process IP Check installed browsers check Tofsee Ransomware Windows Browser Email ComputerName Trojan Banking DNS |
|
3
api.ipify.org(104.237.62.211) -
173.231.16.76 -
5.42.77.239 -
|
3
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Protocol detection skipped
|
|
12.6 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10125 |
2023-07-20 17:19
|
 ChromeSetup.exe 34441248d5a40a61b95aa1f20b42f7c0
UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself suspicious process AppData folder Windows crashed |
|
|
|
|
4.6 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|