| 10126 |
2023-07-20 17:17
|
 3TmlkMVPhlhNLer.exe 05b44cf21b46b2eb4a99f0a30ce92bc6
.NET framework(MSIL) .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
3
api.ip.sb(104.26.12.31) -
94.131.112.27 -
104.26.13.31 -
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
|
|
8.4 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10127 |
2023-07-20 17:12
|
 file.sfx.exe de1f7210c7206cb45f95cad5e0ed8cf0
AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
2
camo.githubusercontent.com(185.199.108.133) -
185.199.110.133 -
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10128 |
2023-07-20 17:10
|
 ChromeSetup.exe 99b387d1de76dcfbb4cb6c33eb919a49
UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself AppData folder |
|
|
|
|
3.8 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10129 |
2023-07-20 13:31
|
 alg.exe 150e53a8c852ac5f23f47aceef452542
Browser Login Data Stealer Generic Malware Anti_VM PE64 PE File ZIP Format Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB MachineGuid Check memory Checks debugger Creates shortcut unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email |
|
|
|
|
4.6 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10130 |
2023-07-20 13:13
|
dbins_secure.chm aaeb059d62c448cbea4cf96f1bbf9efa
Generic Malware Antivirus AntiDebug AntiVM CHM Format PowerShell JPEG Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
20
http://ems7.mdbins.com/ems70/Check.jsp?TV9JRD04NDAzMzAxXzY4MjI3Mg==&U1RZUEU9QVVUTw==&TElTVF9UQUJMRT1FTVNfQVVUT19TRU5EX0xJU1RfMDM=&UE9TVF9JRD0yMDE5MDMyM18yMw==&VEM9MjAxOTAzMzA=&S0lORD1P
https://www.idbins.com/images/mail/common/checkMyinsurance2.gif
https://www.idbins.com/images/mail/common/promyTxt.gif
https://www.idbins.com/images/mail/common/localMenu5.gif
https://www.idbins.com/images/mail/common/btn_provicy.gif
https://www.idbins.com/images/mail/common/qrcode.gif
https://www.idbins.com/images/mail/common/blt_h4.gif
https://www.idbins.com/images/mail/common/headBG_longService_car67.jpg
https://www.idbins.com/images/mail/common/dowJones2.gif
https://www.idbins.com/images/mail/common/blt_listn.gif
https://www.idbins.com/images/mail/common/localMenu2.gif
https://www.idbins.com/images/mail/common/emblem.gif
https://www.idbins.com/images/mail/common/localMenu4.gif
https://www.idbins.com/images/mail/common/lnbBg.gif
https://www.idbins.com/images/mail/common/localMenu1.gif
https://www.idbins.com/images/mail/common/localMenu6.gif
https://www.idbins.com/images/mail/common/localMenu3.gif
https://www.idbins.com/images/mail/common/arrBullet.gif
https://www.idbins.com/images/mail/common/topLogo.gif
https://atusay.lat/kxydo
|
4
www.idbins.com(210.124.234.79) -
ems7.mdbins.com(210.124.234.52) -
210.124.234.79 -
210.124.234.52 -
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10131 |
2023-07-20 13:08
|
Message.chm 59a924bb5cb286420edebf8d30ee424b
Generic Malware Antivirus AntiDebug AntiVM CHM Format PowerShell PNG Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://img.kbanknow.com/resource/ums/email/logo_new.png
https://ppangz.mom/mjifi
|
2
img.kbanknow.com(103.77.84.31) -
103.77.85.31 -
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.0 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10132 |
2023-07-20 12:23
|
 x.vbs 9a0f47c2d84580a6936e0b83d64f93e5
Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://192.3.216.144/test/ChromeSetup.exe
|
|
|
|
5.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10133 |
2023-07-20 12:22
|
system_root.vbs ede1862a1147dbbda4c4e86db24d3b83
Generic Malware Antivirus Hide_URL PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://45.88.66.43/rumpe_vbs.jpg
|
1
|
|
|
7.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10134 |
2023-07-20 12:20
|
 idbk.hta f64cb89c952b5355259ef7373ea7982d
Generic Malware Antivirus AntiDebug AntiVM PowerShell powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key |
1
http://103.16.215.29/Explorer/wininit.exe
|
|
|
|
6.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10135 |
2023-07-20 12:20
|
 into.txt.ps1 6a5f012c5651b0fb68b449f1f4a8ece4
Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key |
1
http://139.99.3.41:222/nn.jpg
|
|
|
|
1.2 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10136 |
2023-07-20 10:04
|
 smbscanlocal-1bf850b4d9587c101... 1bf850b4d9587c1017a75a47680584c4
UPX PE File PE32 VirusTotal Malware WriteConsoleW |
|
|
|
|
3.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10137 |
2023-07-20 09:40
|
 rdpcllp.exe b938598941bc685645ce1a2f7ae93e86
Themida Packer Generic Malware UPX Malicious Library Anti_VM PE64 PE File VirusTotal Malware Windows Remote Code Execution crashed |
|
|
|
|
3.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10138 |
2023-07-20 09:38
|
 taskhostmt.exe 30f655b863ffb73cc44a54b2826ec4f3
Generic Malware Admin Tool (Sysinternals etc ...) PWS SMTP AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
1
|
3
api.ip.sb(172.67.75.172)
104.26.12.31
167.99.14.220
|
2
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10139 |
2023-07-20 09:35
|
 s.exe ab7af1b5d04d9f284f2b9d5f6eae2ff1
AsyncRAT UPX .NET framework(MSIL) Malicious Packer OS Processor Check .NET EXE PE File PE32 |
|
2
jobsearchtest.com(139.99.3.41)
139.99.3.41 - malware
|
|
|
|
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10140 |
2023-07-20 08:10
|
 file.pdf.exe 63faba3aff1b5d9cc631bb722bf6c00e
UPX .NET framework(MSIL) AntiDebug AntiVM OS Processor Check .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
15
http://www.mikepaxton.com/0jrg/?M8A=d4kw/bfNYrYxmYznqjDOqf25p/jdX39PtbYEk18vhTvgFCto6RnLNFzYKDsyAWpBlujwlxEf2+XrjjcASSXNUeya1aGp8ifaJ+aiHGc=&utM=TItOnbpUdscK4K
http://www.applechiofficial.com/0jrg/?M8A=3zKK5UDwuz/0nkuu/OPjDTyjn1NbJKfvyOVy83lA05I2Znm+9VCjNrvPVZXA6OT2uybLV9mdcV/AXXwz65Rmu4BqtsLr0osmnvAO5to=&utM=TItOnbpUdscK4K
http://www.uty186.com/0jrg/
http://www.best-prava-77.net/0jrg/?M8A=fNtr6HJu9S63tz6oxTeGrOcAVbpGUdnnHxpITgBt0lVKFQOxczFPnbryDV4cJebuzY7hEsGS0eOoVivZzLKRdR4tmAuK9pihc0o5WZw=&utM=TItOnbpUdscK4K
http://www.uty186.com/0jrg/?M8A=kRzA81s/n0DbDoMyj+ubhrzADAGpcHK1R0LjEzsa6/S6KeAwZ7Y6HWE1VIEjXtTGdJldbVroTpaKCS5z6B4hwwMKQIEM4uxTrfeYpHQ=&utM=TItOnbpUdscK4K
http://www.lufanyn.com/0jrg/
http://www.blackiquorstudios.com/0jrg/
http://www.best-prava-77.net/0jrg/
http://www.lufanyn.com/0jrg/?M8A=u4+JC4tnkO0VyH4ayuAUW0EV2BqPkEfS/EcMI7KeZzRIf7vOU8hYE03lUTRp9dfprfNQb9ez+4+YLdEOjEZLPJNVRywaCu330sHSYaA=&utM=TItOnbpUdscK4K
http://www.samhosslerwriter.com/0jrg/
http://www.samhosslerwriter.com/0jrg/?M8A=jQJkuHPq1xPE4NFgoyW4b69TouFVOEEEXNlDqeGZQB43P8GQvHFREwYOF3U/GtUc7fmXSai0uLpr8iPmXIcIU5JxaS9qTn2pUUo9qsA=&utM=TItOnbpUdscK4K
http://www.blackiquorstudios.com/0jrg/?M8A=MqXmG3VdOL0D7+rJINRd43gXbjS9iEl/fowqlYCXtG4tzan7pZ3AjzQI3cJjBxhKQzBlGWltnFB4+hYeRNDv/aNu2efN4xObYUFFcUA=&utM=TItOnbpUdscK4K
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3210000.zip
http://www.applechiofficial.com/0jrg/
http://www.mikepaxton.com/0jrg/
|
15
www.applechiofficial.com(217.144.104.212)
www.mikepaxton.com(38.239.87.27)
www.samhosslerwriter.com(160.124.147.11)
www.lufanyn.com(122.254.96.77)
www.uty186.com(122.10.20.248) - mailcious
www.blackiquorstudios.com(45.33.23.183)
www.best-prava-77.net(104.21.84.62)
38.239.87.27
172.67.187.167
45.79.19.196 - mailcious
122.254.96.77
160.124.147.11
217.144.104.212
45.33.6.223
122.10.20.248 - mailcious
|
|
|
9.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|