10411 |
2021-07-23 09:26
|
pool.exe d71ee93843d5159da740a11e0944d987 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
4
http://www.gaigoilaocai.com/wufn/?zL08l=+cvcaH9t4IGOvfSH2s/pGQCzCoMlKLNX9S4pg+CdqO+ehvTRSw4m6C0WiIEOYf+cYXNRRXby&rDHph=0Rm8pfsh - rule_id: 2912 http://www.kingdomvets.com/wufn/?zL08l=o6NP/38pvTDlv+JV19NTB11bpLiuGI0dHMB5Vx/enan56b3Zy4geNSKYW/CwegZqLuXFQkxp&rDHph=0Rm8pfsh http://www.rsautoluxe.com/wufn/?zL08l=w5EnrSKap8oRy2zPlnddF8gTSk3mhpsg6+K+ZUM/zOnILWZ553OzJd1vgJ8iXK568zhVN9hj&rDHph=0Rm8pfsh http://www.prinothhusky.com/wufn/?zL08l=GFt2TzYQfdSiNG603WLL+Cz/jkuaKDaMw91O9Wlio7W/+JMlkABrabAp9DL5ExKj8sqeUNNS&rDHph=0Rm8pfsh
|
8
www.chinanl168.com() www.rsautoluxe.com(103.48.133.134) www.prinothhusky.com(34.102.136.180) www.kingdomvets.com(34.102.136.180) www.gaigoilaocai.com(104.21.84.71) 103.48.133.134 34.102.136.180 - mailcious 104.21.84.71
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
1
http://www.gaigoilaocai.com/wufn/
|
8.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10412 |
2021-07-23 09:28
|
egdgh.exe 5d751931eb3477f5e7d340606b381db2 PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket KeyLogger HTTP Internet API ScreenShot Http API AntiDebug AntiVM PE32 .NET EXE PE File Malware download Azorult VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key |
1
http://itthonfiatalon.hu/temp/reo/index.php
|
2
itthonfiatalon.hu(178.48.186.151) 178.48.186.151
|
1
ET MALWARE AZORult Variant.4 Checkin M2
|
|
9.0 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10413 |
2021-07-23 09:28
|
Invoice_801658.xls 0e5fe8af64b1c5ead75e629b8afd34c0 Dridex VBA_macro Malicious Library MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://waunake.com:8088/css/oQE8Qo7.png
|
2
waunake.com(128.199.243.169) - mailcious 208.83.69.35 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.6 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10414 |
2021-07-23 09:29
|
faster4pc.exe b8371590264db62ecbba4b7f481a21a8 PE64 PE File VirusTotal Malware crashed |
|
|
|
|
1.6 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10415 |
2021-07-23 09:30
|
dllhost.exe f961d6f3eb82bc072a1c85287efb2ed4 PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
5.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10416 |
2021-07-23 09:32
|
NoEscape.exe 989ae3d195203b323aa2b3adf04e9833 Malicious Packer PE32 PE File VirusTotal Malware |
|
|
|
|
1.8 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10417 |
2021-07-23 09:32
|
0722_7087881301.xls 1a78008b2f07c1a067c4d84fcc63c413 Generic Malware VBA_macro Malicious Library KeyLogger ScreenShot AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection unpack itself |
|
|
|
|
2.6 |
|
18 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10418 |
2021-07-23 09:34
|
vbc.exe 4f71bce958bbbe6c82bde2df84e4d61e PE32 PE File VirusTotal Malware RWX flags setting unpack itself |
|
|
|
|
1.4 |
M |
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10419 |
2021-07-23 09:34
|
bobbyzx.exe 7fd6bff5fc36687c58d1ac8f9f3a0c0e PWS Loki[b] Loki[m] .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) DNS Socket AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName Cryptographic key Software |
1
http://manvim.co/fd12/fre.php
|
2
manvim.co(64.227.79.88) - mailcious 64.227.79.88
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
|
|
14.0 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10420 |
2021-07-23 09:37
|
obi.exe f5041ec4ce468a07ecbfd076bc0f879b Gen2 Gen1 Antivirus Malicious Packer UPX Malicious Library KeyLogger ScreenShot AntiDebug AntiVM PE64 PE File PE32 FormBook Malware download VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself Windows utilities powershell.exe wrote suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Cryptographic key |
3
http://www.910portablestorage.com/pjje/?GPJ=1E2I7JoHvdI70zlyJUP47wtv7Dh3ZKuKkZTH8Pyg1+E0ALH7TJKdn5Z7YfOHaHfy4lnzl3gM&oX=Txo8nZfpMrz4 http://www.virtualtheaterlive.com/pjje/?GPJ=6Wbigwba73Ivpg80txDuveuG+BEOuPRPTnNbnDcrL/ql6Uyn3+aOReH08cRiULEL8ZXywzTc&oX=Txo8nZfpMrz4 https://cdn.discordapp.com/attachments/858793322087710753/863891857608015902/oad.jpg
|
7
www.virtualtheaterlive.com(34.102.136.180) google.com(172.217.175.46) www.910portablestorage.com(34.102.136.180) cdn.discordapp.com(162.159.129.233) - malware 162.159.134.233 - malware 34.102.136.180 - mailcious 172.217.26.142
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE FormBook CnC Checkin (GET)
|
|
15.4 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10421 |
2021-07-23 09:37
|
Invoice_576113.xls a411479d9de4f5c8bcc364d6adad2854 Dridex VBA_macro Malicious Library MSOffice File PE32 DLL PE File VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself suspicious process Windows |
1
http://properlysolutionsco.com:8088/wp-theme/1d6vP.png
|
2
properlysolutionsco.com(208.83.69.35) - mailcious 128.199.243.169 - malware
|
1
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
3.8 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10422 |
2021-07-23 09:38
|
Fbck.jpg ee991f2813337a82a3329f3e84b4c184VirusTotal Malware |
|
|
|
|
0.4 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10423 |
2021-07-23 09:39
|
.wininit.exe 7ceecb14777497d950fef12be23cb30d PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key |
5
http://www.indiasofannapolis.com/u6bi/?uZi0=hnwtVQD0+B+MQPZpcDE1NNpG3Nai+Nu6AThFwFNLL4lTXEwceySaeonWyTyDhXyHcy6CNZQD&Vnt48=GTd0sn7PSL8h7XY http://www.tiltyi.com/u6bi/?uZi0=0lcolF/goa0wiSK9zn4wqSgLP7QiLxlxd0aymDwYqu6uvSn8m8r2waxqzS3OeY9qdFguZpFc&Vnt48=GTd0sn7PSL8h7XY http://www.2021cacondo.com/u6bi/?uZi0=OCatVl/HxP9LSoxl3pI1zJ3If3DnqK1+RysL2U+jvU6gCDAnxqUdLaoRZ60A7ltEpEYQWsLq&Vnt48=GTd0sn7PSL8h7XY - rule_id: 2630 http://www.morganrealtyinc.net/u6bi/?uZi0=Ye3/aYwSGVSMqbEcyzTtjLRiM72zOrRvzjnFiBnjlTUjwTcTjYcMsnrzWJmQ5zMidmWLc8t+&Vnt48=GTd0sn7PSL8h7XY http://www.uluuclub.com/u6bi/?uZi0=14o2Zx8XrTHtbcw01fk3Ww5UUYjDZfSZMoRVLzjNmU7sqVPBG/wL8GxkrU1vvFuY/Bg1FPed&Vnt48=GTd0sn7PSL8h7XY - rule_id: 2651
|
11
www.itsoriente.com(159.69.59.11) www.uluuclub.com(34.102.136.180) - mailcious www.indiasofannapolis.com(35.163.94.115) www.2021cacondo.com(34.102.136.180) - mailcious www.tiltyi.com(104.21.37.201) www.morganrealtyinc.net(104.154.23.229) 159.69.59.11 172.67.212.227 34.102.136.180 - mailcious 104.154.23.229 35.163.94.115
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
2
http://www.2021cacondo.com/u6bi/ http://www.uluuclub.com/u6bi/
|
10.0 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10424 |
2021-07-23 09:41
|
0722_4622335706.xls 36602114154e804d08aeaa258f3c9b94 Generic Malware VBA_macro Malicious Library KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection unpack itself |
|
|
|
|
2.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10425 |
2021-07-23 09:42
|
.svchost.exe c937fc9ed4325e6ab24d49a3175f3a5c Generic Malware Malicious Packer UPX PE32 PE File VirusTotal Malware Check memory RWX flags setting unpack itself ComputerName |
|
|
|
|
2.2 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|