10456 |
2023-07-08 14:07
|
PTT_20230707-WA01120xlsx.exe 74c5ede3fd6bf983ae8bf512cdab90ad AgentTesla Generic Malware UPX .NET framework(MSIL) Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
api.ipify.org(173.231.16.76) - 64.185.227.156 -
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.8 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10457 |
2023-07-08 14:05
|
class-wp-image-editors.php 2796bf32abbebdd11a35603f3453214d Generic Malware task schedule UPX Malicious Library Antivirus AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed |
8
https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys - rule_id: 34841 https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys https://pastebin.com/raw/PTNbBX9V - rule_id: 34840 https://pastebin.com/raw/PTNbBX9V https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe - rule_id: 21519 https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe - rule_id: 21520 https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe
|
4
github.com(20.200.245.247) - pastebin.com(172.67.34.170) - 104.20.68.143 - 20.200.245.247 -
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
4
https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys https://pastebin.com/raw/PTNbBX9V https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe
|
15.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10458 |
2023-07-08 14:03
|
rcoekta.exe a4341997cbad7d63be6f3a07b9783804 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
3
api.ip.sb(104.26.12.31) - 104.211.55.2 - 104.26.12.31 -
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RedLine Stealer TCP CnC net.tcp Init
|
|
7.4 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10459 |
2023-07-08 14:02
|
clip64.dll 065b19dd4e0258a3cd9b5ef57a405eac UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.0 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10460 |
2023-07-07 18:55
|
enstomc2.1.exe dc1ced16440c1685cfc2bfe7c9fda083 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
4
http://www.deliciasbethel.info/c20s/?DVBX=0MD65XWqEGmfQ0385QOYLMWXUmbCICRz+ZxGu9aOkLt7+ZM+opJpio0/V1ouAxNLj4ViaBph&UbGD=qFNxA0YxDdFXnlHP http://www.rastreosonline.lat/c20s/?DVBX=3rfdN+WQ4K5ti9+PcEtUR+xxfPddEUd2ubj+kG8ODpULlQc0d7OahN6Fp1kUWJZerpn6yhMk&UbGD=qFNxA0YxDdFXnlHP http://www.lawyercriminal.online/c20s/?DVBX=OqT4TDZXX8n4nzhgSqDClvlTeNzDX736vbjdAvptvkJx+VGp3lprU3NJ1OqV6uSCFtdB5HHf&UbGD=qFNxA0YxDdFXnlHP http://www.globalservice.fun/c20s/?DVBX=8GjTKD1P5krVnnM+7bBe0gOYwBaMV8hxPnCdvjlSRTD5gVIx5fO8N6aCbhO/gOACPtm11bCQ&UbGD=qFNxA0YxDdFXnlHP
|
8
www.rastreosonline.lat(35.186.223.180) - www.lawyercriminal.online(74.208.236.124) - www.globalservice.fun(198.143.186.151) - www.deliciasbethel.info(199.115.116.43) - 35.186.223.180 - 199.115.116.43 - 74.208.236.124 - 198.143.186.151 -
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.4 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10461 |
2023-07-07 18:43
|
9bd765cdd4c71309_a-lmrnrp.dll b9a0d96f9ff58f51d53387be146360aa .NET DLL DLL PE File PE32 PDB |
|
|
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10462 |
2023-07-07 18:39
|
LoaderWPF.exe 2f3080389c8825e786dfaffc4969db2a .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.0 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10463 |
2023-07-07 18:37
|
Evolion%20Launcher.exe ca5edac1d63d63c4e4422fec79b538d4 UPX Malicious Library OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.4 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10464 |
2023-07-07 18:35
|
Evolion%20Launcher.exe 6cadcd483bbc4c11225938b4efb0ac1c .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.6 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10465 |
2023-07-07 18:34
|
IntelRealTech.exe 8c9eb4d9d60900fbb2a07e7990f2fad0 PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee |
|
2
i.ibb.co(172.96.161.50) - 172.96.161.50 -
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.4 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10466 |
2023-07-07 18:32
|
out.ps1 fd7e758aa92a90eaae39ed45b2d6bacd RedLine stealer Formbook Hide_EXE Generic Malware Antivirus AntiDebug AntiVM .NET DLL DLL PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder Windows DNS Cryptographic key |
|
1
|
|
|
9.6 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10467 |
2023-07-07 18:28
|
Evolion%20Launcher.exe 876283f1527fa588ad861dc2b6cc1b08 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.0 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10468 |
2023-07-07 18:12
|
clip64.dll dc587d08b8ca3cd62e5dc057d41a966b UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself DNS |
|
1
|
|
|
2.6 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10469 |
2023-07-07 18:08
|
AMDx46.exe 759300ac41209528786f5445346ae591 Malicious Library PE64 PE File Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency Malicious Traffic DNS CoinMiner |
1
http://45.142.182.146/dashboard/para/un/api/endpoint.php
|
3
xmr.2miners.com(162.19.139.184) - 162.19.139.184 - 45.142.182.146 -
|
3
ET POLICY Cryptocurrency Miner Checkin ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com) ET MALWARE Win32/Pripyat Activity (POST)
|
|
3.2 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10470 |
2023-07-07 10:13
|
page.html f6b00338f9b1aa52396ffb72af40bf04 AntiDebug AntiVM MSOffice File Code Injection unpack itself Windows utilities Tofsee Windows DNS |
4
http://apps.identrust.com/roots/dstrootcax3.p7c http://www.gstatic.com/generate_204 http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/n3xmszuzmcp4pxq3qhmant63nm_9.45.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.45.0_all_ecp3yewcq3fuvht5wyi7t7s37y.crx3 http://bit.ly/2TwPVOe
|
34
edgedl.me.gvt1.com(34.104.35.123) - bit.ly(67.199.248.11) - www.google.com(142.250.207.100) - www.gstatic.com(142.250.76.131) - pdf-readonline.website(45.83.122.52) - _googlecast._tcp.local() - fonts.googleapis.com(142.250.206.202) - clients2.googleusercontent.com(142.250.76.129) - accounts.google.com(172.217.25.173) - dhqidctjo3ugevk9u5sev1r.webdav.drivehq.com(66.220.9.58) - fonts.gstatic.com(142.250.206.195) - apis.google.com(142.250.76.142) - dhqidlnsxx2qigisdvn7x2f.webdav.drivehq.com(66.220.9.58) - p13n.adobe.io(54.224.241.105) - dhqid45r064utd5gygt2jy6.webdav.drivehq.com(66.220.9.58) - www.smartsheet.com(151.101.194.191) - clientservices.googleapis.com(172.217.25.163) - 142.250.204.35 - 52.6.155.20 - 142.250.207.99 - 146.75.50.191 - 142.250.66.132 - 216.58.200.227 - 67.199.248.10 - 66.220.9.58 - 121.254.136.27 - 142.250.204.129 - 142.250.204.46 - 142.250.66.77 - 172.217.24.99 - 142.250.204.110 - 45.83.122.52 - 142.250.204.74 - 34.104.35.123 -
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|