10126 |
2021-07-16 07:36
|
getkey 963a91ca9da30098c75ecd5ab275f76c UPX PE File OS Processor Check PE32 VirusTotal Malware |
|
|
|
|
0.6 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10127 |
2021-07-16 07:36
|
zxx.exe 9ea8f0cefae38838925df14a6f2a29d6 RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows crashed |
2
http://www.shikhardeals.com/bsdd/?Kzux=6+V1HrHDkbuNn6Cv3YxHVO2ini0phccEfu7HbKCoxymyMS/RgpFI/Qlk71oJU9Gi5JhK/P+t&p0D=AfhDLL2 https://www.bing.com/
|
5
www.shikhardeals.com(88.99.53.105) www.dwsykj.com() www.google.com(216.58.220.100) 88.99.53.105 142.250.66.36
|
|
|
10.4 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10128 |
2021-07-16 07:39
|
nv.exe 43deb9e60877d57aba0d166976f9a735 PWS Loki[b] Loki[m] RAT Generic Malware DNS Socket HTTP KeyLogger Http API Internet API ScreenShot AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs Windows ComputerName DNS crashed |
1
|
3
www.google.com(216.58.220.100) 136.144.41.135 142.250.207.68
|
|
|
13.0 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10129 |
2021-07-16 07:40
|
ORDER.cab 04dec901031a77cd9475e98e8c2d0691 |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10130 |
2021-07-16 07:48
|
ms.doc a3d8678c5cb04fc86201d1a7a3964f9a RTF File doc VirusTotal Malware buffers extracted exploit crash unpack itself Exploit crashed |
7
http://www.satsokal.com/cojbhg.msi https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A5004E8FE4642635F3A5F9729F016D6C.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2CF94C6405A21F86FE26767B020F24F7.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-564C6866309DF88BE2B89EA3243190EF.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3ABE7E3A265370893E4E511F0CDF44A2.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3855D746CACAAC460046039CB72BF87C.html - rule_id: 2706 https://bakercost.gq/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-98FD0424CD3EFD2E8F83A6BC0491BEF4.html - rule_id: 2706
|
6
premiumservice.awsmppl.com(194.187.251.163) bakercost.gq(104.21.13.164) - mailcious www.satsokal.com(188.40.104.236) - mailcious 172.67.156.203 194.187.251.163 188.40.104.236 - mailcious
|
|
6
https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/ https://bakercost.gq/liverpool-fc-news/features/
|
4.0 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10131 |
2021-07-16 09:23
|
XPL.exe 15bd68aab0b8afd26cdcce6e420b5b70 Generic Malware Malicious Packer DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS |
|
2
xp18.ddns.net(103.133.104.146) 103.133.104.146
|
|
|
14.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10132 |
2021-07-16 09:25
|
oshjxcvjkdf.exe 5fb597b577573bcc63d5236b5bbb504e PWS .NET framework Gen1 Generic Malware Malicious Packer UPX AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL JPEG Format Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName |
9
http://erolbasa.ac.ug/softokn3.dll http://erolbasa.ac.ug/msvcp140.dll http://erolbasa.ac.ug/sqlite3.dll http://erolbasa.ac.ug/freebl3.dll http://erolbasa.ac.ug/mozglue.dll http://erolbasa.ac.ug/nss3.dll http://erolbasa.ac.ug/vcruntime140.dll http://erolbasa.ac.ug/ http://erolbasa.ac.ug/main.php
|
2
erolbasa.ac.ug(185.215.113.77) 185.215.113.77 - malware
|
|
|
17.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10133 |
2021-07-16 09:25
|
details.bin 3c21cccff5c8aabf1977f2dbdaeaafe7 PE File PE32 VirusTotal Malware PDB Windows crashed |
|
|
|
|
3.2 |
M |
48 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10134 |
2021-07-16 09:26
|
HBV.exe 1138148cde97466dd2a5ccb84b58097b Generic Malware Malicious Packer DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS |
|
2
godisgood1.hopto.org(103.155.81.71) 103.155.81.71
|
|
|
14.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10135 |
2021-07-16 09:26
|
Invoice%20062002%20from%20Quic... 01db26749ca18d3d1cadcdb367ac18ca VBA_macro MSOffice File PE File PE32 VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows DNS crashed |
|
3
jeromfastsolutions.com(128.199.243.169) - mailcious 103.133.104.146 163.172.213.69 - mailcious
|
|
|
4.6 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10136 |
2021-07-16 09:28
|
lv.exe d7e6c4becb19606663c216b687e56b32 Gen1 Gen2 Malicious Library UPX PE File PE32 DLL OS Processor Check VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows |
|
1
osfnNsqepDXDVKsvd.osfnNsqepDXDVKsvd()
|
|
|
6.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10137 |
2021-07-16 09:28
|
.wininit.exe 9c0704bd679f10208c96c3c3cb8ce6a0 Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows DNS Cryptographic key |
6
http://www.edimetics.com/u6bi/ - rule_id: 2480 http://www.dirham.world/u6bi/?8pgTVpp8=5UaZ6KJkX14tGTnPbwRbNbSk4fqM7e+s9jBDe7bIpvv1NTAZtK3u6M7E3rLX5i5V3b2rSZ4d&b6=uVBlCVR0RPFH http://www.midfirstprivagebank.com/u6bi/?8pgTVpp8=TeNjysb/SZ6LQErQfp7+ZIYIiBE8s7+FEBuAMJwPNEqhQBOWDqwk3LpXYWCmRYmyooAwenMZ&b6=uVBlCVR0RPFH http://www.dirham.world/u6bi/ http://www.midfirstprivagebank.com/u6bi/ http://www.edimetics.com/u6bi/?8pgTVpp8=d3hfJGKEWI63rOsJCiBc8ornFYDvC9/7RczIGnWXKID5Nhwh5w+67HtP0IEOiuekpHZtIKVc&b6=uVBlCVR0RPFH - rule_id: 2480
|
11
www.maxfitnesslakeoconee.com() www.dirham.world(103.139.0.9) www.rebeccacorreiadance.com() www.ukdooss.icu() www.edimetics.com(34.102.136.180) - mailcious www.aervius.com() www.midfirstprivagebank.com(212.32.237.90) 103.155.81.71 103.139.0.9 34.102.136.180 - mailcious 212.32.237.90 - mailcious
|
|
2
http://www.edimetics.com/u6bi/ http://www.edimetics.com/u6bi/
|
11.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10138 |
2021-07-16 09:30
|
cl.exe fb2fac4f3eab460c3cc7096625cf57d5 UPX AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware Buffer PE PDB Code Injection buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName |
|
|
|
|
8.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10139 |
2021-07-16 09:30
|
Invoice%2015464219%20from%20Qu... f21da7e3e7593be2c70759c67c95bb66 VBA_macro MSOffice File PE File PE32 VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows crashed |
1
http://jeromfastsolutions.com:8088/themes/details.bin
|
2
jeromfastsolutions.com(163.172.213.69) - mailcious 163.172.213.69 - mailcious
|
|
|
4.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10140 |
2021-07-16 09:33
|
Ghazals.exe 5e7dedd9beebefb268e9dddae39e5f31 RAT BitCoin Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://185.173.36.104:44030/ https://api.ip.sb/geoip
|
3
api.ip.sb(104.26.13.31) 104.26.13.31 185.173.36.104
|
|
|
12.8 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|