| 10126 |
2024-05-03 07:42
|
 mm.exe 90023ee5d93707bca67e178daf81830f
Malicious Packer UPX PE64 PE File VirusTotal Malware Checks debugger Check virtual network interfaces DNS |
|
1
|
|
|
3.2 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10127 |
2024-05-02 07:31
|
 be.exe 219ad549c4d74baaf85871c1eb484b2f
Downloader PE File PE32 VirusTotal Malware Check memory WriteConsoleW ComputerName |
|
|
|
|
3.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10128 |
2024-05-02 07:29
|
 setup_6053.exe a1361baff4d2c31430365cce9bc2cfff
Generic Malware Malicious Library Antivirus UPX PE64 PE File OS Processor Check Emotet Malware download NetWireRC VirusTotal Malware Code Injection buffers extracted unpack itself sandbox evasion Anonymous RAT DNS crashed |
|
2
6053.anonymousrat8.com(43.128.47.177)
43.128.47.177
|
2
ET MALWARE Anonymous RAT CnC Domain in DNS Lookup (anonymousrat8 .com)
SURICATA Applayer Protocol detection skipped
|
|
7.4 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10129 |
2024-05-02 07:27
|
 EPQ.exe 615b4b1ddc71f4928bf4afdfaa68231f
Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(172.67.74.152)
104.26.12.205
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10130 |
2024-05-02 07:26
|
 cock.exe bd909fb2282ec2e4a11400157c33494a
Generic Malware Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself WriteConsoleW Windows DNS Cryptographic key |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 1
|
|
10.0 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10131 |
2024-05-02 07:24
|
 HJCC.exe f28b5bcde00e5c363cb764426ec76324
AgentTesla Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
12.6 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10132 |
2024-05-02 07:23
|
 get.php 378532ba8c8073c2639528b08b15047b
Malicious Library PE File .NET EXE PE32 Malware download njRAT VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself DNS |
|
3
4.tcp.ngrok.io(3.133.207.110) - mailcious
3.138.180.119
3.131.147.49
|
3
ET INFO DNS Query to a *.ngrok domain (ngrok.io)
ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
SURICATA Applayer Detect protocol only one direction
|
|
2.8 |
|
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10133 |
2024-05-02 07:22
|
 jSB8SNaV.exe af593a9f7ef816da78b444227537c5f2
Gen1 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.6 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10134 |
2024-05-02 07:20
|
 see.exe e908276b036728bc78a3dea637580af2
AgentTesla Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
1
|
2
api.ipify.org(104.26.13.205)
104.26.12.205
|
3
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.2 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10135 |
2024-05-02 07:20
|
 scg.exe 9e5e6b8901f999088856e0eb04746864
Malicious Library Malicious Packer UPX PE64 PE File VirusTotal Malware MachineGuid |
|
2
scll.netlify.com(18.139.194.139)
46.137.195.11 - malware
|
|
|
3.2 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10136 |
2024-05-01 17:04
|
wedesingedfisherboattoundersta... 0930bc0ba7c5af0fd2ee2a78a98faa22
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
|
3
paste.ee(104.21.84.67) - mailcious
107.172.31.6 - mailcious
104.21.84.67 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10137 |
2024-05-01 17:02
|
fishermansaidyouaremyloverbeca... 1d4987e736173e36c054c48f4354ab4d
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
|
4
paste.ee(104.21.84.67) - mailcious
107.175.242.96 - mailcious
172.67.187.200 - mailcious
45.33.6.223
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10138 |
2024-05-01 17:01
|
 bin.exe 4160db87b054d159be5eb8ee4cd27c38
Generic Malware Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS |
21
http://www.agoraeubebo.com/nrup/
http://www.zopter.dev/nrup/?xaRt=i3HAzC/U9OJxIpd/cVIqioUroH7qJoGS67PrGCHTQB0skmoYQlANVfiIbPI4IH/9kWpHr7erIPqYDzJ48SYt+oJ/0g0iC6yZWX/8c4ct4DQ3d1iauYFK6CebNAulbWCgMaeXdHw=&c18u_=M74HXBoKY4
http://www.quirkyquotients.online/nrup/
http://www.297tamatest1kb.com/nrup/
http://www.deniztemiz.fun/nrup/
http://www.sqlite.org/2016/sqlite-dll-win32-x86-3150000.zip
http://www.nimaster.com/nrup/?xaRt=QRCJemSun6KfUPjbw7Wl+EOfwXHgZ1iyr2LzNdaeeYxuOQk1p7mHourK8lVarsbBIBvr9aHYFlgCj6gFp9RacDqO10qGjeH1kC54hh2O/YnQ/xfdeKLFPyrwmVjF+1gbpdrtHJA=&c18u_=M74HXBoKY4
http://www.nimaster.com/nrup/
http://www.hggg2qyws.sbs/nrup/?xaRt=cxIeN1iVhQqOwsowvitnNvuwmm+qqrvfdqpS9UswCbkbA/58Vi1sucBg6AEQyfE3zCqKK/TeeNcUyXCS2fazATIsLYQU9UjmCyAW0hXXUGLfcbDiNK6ibWhgqHsNoHkz1gGc9BA=&c18u_=M74HXBoKY4
http://www.quirkyquotients.online/nrup/?xaRt=rSdoiViGYDYLrRKaJiLWx0o3GtWbUyMrBzK7mFXa25NHqewciJOPoSpxRDHHO+kRgCzM5kcGIwbMEKTHJRshE8TECWuxqnWE5XbWOupO3d188GRCRjny7znmim8cpOOWG3XQuQg=&c18u_=M74HXBoKY4
http://www.297tamatest1kb.com/nrup/?xaRt=aN7x9cBVxwix9wZx9HG3+EyfX6HqMCI/orbHVM7uweNeZbe3aghpRaSsJCdVU54yexiCzw7M43tjxUam+UkaT2wmXrLzq3RCnmrT+WsLWscIcK9ZkaiF0pmbsoq7wiXgkQMFFG4=&c18u_=M74HXBoKY4
http://www.thechurchinkaty.com/nrup/?xaRt=a+HLDFsiIkHuV4rg7wup8csxdWPagIuMO9xbFOtVeNEzn7JMPDdWHI+uhZWQfHs/Ujvr+dR2RkWjKuppUanuG8WbeCSiVE7Ei81rIR6FZpKHS1/3Xety/MDmz3VaKjqLYqmj5Ic=&c18u_=M74HXBoKY4
http://www.hggg2qyws.sbs/nrup/
http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip
http://www.deniztemiz.fun/nrup/?xaRt=3O5z/vVa1aiBIg/20FYhZ9gN3gEIDgA4MhhTC4igeHW13Qm1DZfDyX2p9mwAZMK6YdFTnsLdJzS54TsXooWKxMFKzkTPzf0/wvcz0IEqhbvScFDLwEMJ7HljO9/d9GWeP3ZvlWk=&c18u_=M74HXBoKY4
http://www.gudvain.top/nrup/?xaRt=SizHnN/9xgcqSIkRxdV/yLkuLlfb9ih/0t0LsappuxDuweYFtCvxWsRrJ8CRzXcbZvFBcd4a+abpRctwr4ssx6D/64ygBVY2l9ARrA+Cnd/k0rcrBh5k0YyNTI11ygD5K0ma9bo=&c18u_=M74HXBoKY4
http://www.thechurchinkaty.com/nrup/
http://www.zopter.dev/nrup/
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip
http://www.gudvain.top/nrup/
http://www.agoraeubebo.com/nrup/?xaRt=dWrD1PFadq7V5KkT+bFohqEZffGVUNdu4bG3e9Abb7XIEj/TR5WiVjbbrLaqi43PNcTkySoUuB0roTQbaYzLsbJy/Bzx6mO/iyMVNYumf/O/IEDIdi+XIYrNNSqPi1S0X8+SZl8=&c18u_=M74HXBoKY4
|
21
www.hggg2qyws.sbs(47.238.226.135)
www.deniztemiz.fun(46.28.105.2)
www.quirkyquotients.online(66.96.162.142)
www.gudvain.top(203.161.62.199)
www.thechurchinkaty.com(91.195.240.19)
www.5597043.com(91.195.240.94)
www.agoraeubebo.com(162.240.81.18)
www.297tamatest1kb.com(162.255.119.150)
www.zopter.dev(192.185.225.30)
www.nimaster.com(217.26.48.101)
91.195.240.19 - mailcious
46.28.105.2 - mailcious
162.255.119.150
203.161.62.199
66.96.162.142 - mailcious
47.238.226.135
217.26.48.101 - mailcious
45.33.6.223
192.185.225.30 - phishing
162.240.81.18 - mailcious
91.195.240.94 - phishing
|
2
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
|
|
11.0 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10139 |
2024-05-01 17:01
|
softmindwithagoodheartpersonwi... 086511c0267905cbda55ede83eb8d7d0
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
|
1
|
|
|
5.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10140 |
2024-05-01 17:00
|
 jfesawdr.exe 9fb56dd5b5beb0b9c5d0102f22373c0b
Generic Malware Downloader Malicious Library UPX VMProtect Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Processo VirusTotal Malware PDB Code Injection Creates executable files unpack itself AppData folder ComputerName RCE |
|
|
|
|
4.6 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|