10396 |
2023-07-12 07:33
|
win.exe 4db28116d59c1667b312039549196abb UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.4 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10397 |
2023-07-12 07:33
|
KHW.exe 9fba2532f5509e75359b0b5adbad9da6 PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
4
mail.awelleh3.top(185.198.59.26) - mailcious api.ipify.org(173.231.16.76) 185.198.59.26 - mailcious 64.185.227.156
|
4
ET DNS Query to a *.top domain - Likely Hostile ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Detect protocol only one direction
|
|
14.0 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10398 |
2023-07-12 07:32
|
wins.exe 5ee9e77231b275cafb560643b6254ef2 Generic Malware Antivirus .NET EXE PE File PE32 VirusTotal Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
8.0 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10399 |
2023-07-12 07:29
|
lt2.1.exe 86faedbcbc10593066fe8bfe81eecb0a .NET framework(MSIL) .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10400 |
2023-07-11 18:54
|
USDT.exe b9ade4e25308a1bfe4a8e4d9433937ba AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
|
3
camo.githubusercontent.com(185.199.108.133) - 108.181.20.35 - 185.199.108.133 -
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
3.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10401 |
2023-07-11 18:51
|
worldperform.exe 5b5fd4b5ce374372b49e7cc0da6f0e4c Gen1 Emotet Malicious Library UPX Malicious Packer .NET framework(MSIL) CAB PE64 PE File OS Processor Check .NET EXE PE32 VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows Remote Code Execution Cryptographic key |
|
2
files.catbox.moe(108.181.20.35) - 108.181.20.35 -
|
2
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10402 |
2023-07-11 18:45
|
fub23489bgf8uy32bf23%27r.exe 909570c37d5cd3165461458d9cd60c4b UPX Malicious Library PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.0 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10403 |
2023-07-11 18:43
|
MGH.exe 2ca0fd657c122f59abb813053a610478 .NET framework(MSIL) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
4
mail.awelleh3.top(185.198.59.26) - mailcious api.ipify.org(64.185.227.156) 173.231.16.76 185.198.59.26 - mailcious
|
4
ET DNS Query to a *.top domain - Likely Hostile SURICATA Applayer Detect protocol only one direction ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.8 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10404 |
2023-07-11 15:02
|
Apppdfread.msi c328b1c0c6809ae49d020d353bcc843a Generic Malware Malicious Library Antivirus OS Processor Check CAB MSOffice File Malware download NetWireRC VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check human activity check BitRAT ComputerName DNS |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
|
|
3.2 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10405 |
2023-07-11 10:06
|
Lst.exe 163d4e2d75f8ce6c838bab888bf9629c Gen1 UPX Malicious Library Malicious Packer Anti_VM OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files crashed |
|
|
|
|
2.6 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10406 |
2023-07-11 10:05
|
into.txt.vbs 77b99c19d7f1d83eba555f7415a70986 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://45.12.253.107:222/d.png
|
2
185.157.162.126
45.12.253.107 - malware
|
2
ET HUNTING [TW] Likely Hex Executable String ET WEB_CLIENT DRIVEBY GENERIC ShellExecute in Hex No Seps
|
|
8.0 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10407 |
2023-07-11 10:05
|
rev.bat 4986cda33d79aa6d6034cd666895dd09 Generic Malware Downloader Antivirus Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM Malware download NetWireRC VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Tofsee BitRAT Windows ComputerName DNS Cryptographic key |
2
https://fesad.s3.eu-north-1.amazonaws.com/Apppdfread.msi - rule_id: 35021 https://fesad.s3.eu-north-1.amazonaws.com/Apppdfread.msi
|
3
fesad.s3.eu-north-1.amazonaws.com(16.12.9.14) - mailcious 185.157.162.126 52.95.171.4
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
|
1
https://fesad.s3.eu-north-1.amazonaws.com/Apppdfread.msi
|
7.6 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10408 |
2023-07-11 10:04
|
SysdiagHelp.bat f4987b97440b898fd438b292a5fdab17 Generic Malware Downloader Antivirus Create Service Escalate priviledges Socket P2P DGA Steal credential Http API PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM Malware download NetWireRC VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Tofsee BitRAT Windows ComputerName DNS Cryptographic key |
2
https://fesad.s3.eu-north-1.amazonaws.com/Apppdfread.msi - rule_id: 35021 https://fesad.s3.eu-north-1.amazonaws.com/Apppdfread.msi
|
3
fesad.s3.eu-north-1.amazonaws.com(16.12.9.26) - mailcious 185.157.162.126 16.12.11.30
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT) ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
|
1
https://fesad.s3.eu-north-1.amazonaws.com/Apppdfread.msi
|
7.0 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10409 |
2023-07-11 09:39
|
h.html 1c87f3cd6fb4a0197977a9d7365a5e09 Generic Malware Antivirus AntiDebug AntiVM PowerShell powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key |
1
https://propagandaetrafego.com/bv6.jpg
|
2
propagandaetrafego.com(216.172.161.107) - malware 216.172.161.107 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10410 |
2023-07-11 09:38
|
bv6.jpg.ps1 8f1d7cb8f3b9b72dd69fc451fca11a64 Generic Malware Antivirus powershell Check memory unpack itself Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://propagandaetrafego.com/julhovenom.txt
https://propagandaetrafego.com/runpe.txt
|
2
propagandaetrafego.com(216.172.161.107) - malware 216.172.161.107 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|