10306 |
2021-07-22 08:47
|
suntogether.png 23058318c8080fe49fe723765f748141 UPX PE32 OS Processor Check PE File Dridex TrickBot Malware Report suspicious privilege Malicious Traffic buffers extracted unpack itself Check virtual network interfaces suspicious process Kovter ComputerName Remote Code Execution DNS crashed |
1
https://60.51.47.65/rob110/TEST22-PC_W617601.069B970E33206BB7EEBB7361338F377D/5/file/
|
7
185.56.76.28 - mailcious 60.51.47.65 - mailcious 204.138.26.60 - mailcious 74.85.157.139 - mailcious 38.110.103.136 - mailcious 97.83.40.67 38.110.103.18 - mailcious
|
4
ET CNC Feodo Tracker Reported CnC Server group 22 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) ET CNC Feodo Tracker Reported CnC Server group 25
|
|
6.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10307 |
2021-07-22 10:15
|
Invoice_961423.xls 8939f905920f2c23d01ae9dfd3ac653a Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://taskremindment.com:8088/wp-theme/h8f6.png
|
2
taskremindment.com(208.83.69.35) - malware 208.83.69.35 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10308 |
2021-07-22 10:15
|
oQE8Qo7.png adb1d947f0901a4f3cb0b8ad1a6ee385 Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.0 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10309 |
2021-07-22 10:16
|
xDG6fC.png e92d48a038b4208fafd89f2ed6c630fb Dridex PE32 DLL PE File |
|
|
|
|
0.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10310 |
2021-07-22 10:16
|
OcXP6U.png 0b1a2653ee163b6138a01b38b8f6d22a Dridex PE32 DLL PE File |
|
|
|
|
0.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10311 |
2021-07-22 10:16
|
xpt9.png 8b8ec117d4cc2eb8cb246433c1090dec Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10312 |
2021-07-22 10:17
|
P4GlorySetp.exe 3f6b84ccd4292674328ab4754f4a5ba2 RAT Generic Malware PE32 .NET EXE PE File OS Processor Check Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Windows Browser ComputerName Cryptographic key crashed |
10
http://kalamaivig.xyz/ https://music-s.xyz/?user=p4_6 https://music-s.xyz/?user=p4_4 https://music-s.xyz/?user=p4_5 https://music-s.xyz/?user=p4_2 https://music-s.xyz/?user=p4_3 https://music-s.xyz/?user=p4_1 https://iplogger.org/1XqVr7 https://api.ip.sb/geoip https://iplogger.org/1DSJe7
|
8
iplogger.org(88.99.66.31) - mailcious api.ip.sb(104.26.13.31) music-s.xyz(172.67.130.27) kalamaivig.xyz(212.224.105.79) 88.99.66.31 - mailcious 172.67.75.172 212.224.105.79 104.21.7.102
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10313 |
2021-07-22 10:18
|
Invoice_76421482.xls 0340ceae3de84b3968aee6c555fda030 Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://paymetconfirm.com:8088/uploads/h8f6.png
|
2
paymetconfirm.com(208.83.69.35) - mailcious 128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10314 |
2021-07-22 10:18
|
FICvR.png 56c09545b796f22000b20c84bf6b505b Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10315 |
2021-07-22 10:18
|
m0gy97Q.png 86a93f39f3390d3c284b99e81e8b1a7d Dridex PE32 DLL PE File VirusTotal Malware |
|
|
|
|
1.2 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10316 |
2021-07-22 10:19
|
Invoice_4415840.xls e14a0a927e2e4f5492df393e7cb9633c Dridex VBA_macro MSOffice File PE32 DLL PE File Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://waunake.com:8088/js/xpt9.png
|
2
waunake.com(128.199.243.169) 128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10317 |
2021-07-22 10:20
|
Invoice_730621.xls 15d1252024d046b76737f80017b31b5e Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://taskremindment.com:8088/css/b486Pv.png
|
2
taskremindment.com(128.199.243.169) - malware 128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.0 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10318 |
2021-07-22 10:20
|
1d6vP.png dc8803148639b547891db02a455575bb Dridex PE32 DLL PE File |
|
|
|
|
0.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10319 |
2021-07-22 10:21
|
Invoice_46470539.xls 5d15ccd61fa8f1488c26d0d4e39904dd Dridex VBA_macro MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows DNS |
1
http://taskremindment.com:8088/tpls/h8f6.png
|
3
taskremindment.com(208.83.69.35) - malware 128.199.243.169 - malware 20.43.94.199
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
4.2 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10320 |
2021-07-22 10:23
|
Red.exe d21abe71ba2abf923b575299dc17854f UPX PE32 PE File VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|