| 10486 |
2021-07-25 11:13
|
 osxcjhgfd.exe 36d1e716d8da89c2f49be65feaeadca5
PWS .NET framework Gen1 Generic Malware Malicious Packer UPX Malicious Library AntiDebug AntiVM PE32 .NET EXE PE File OS Processor Check DLL VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows |
8
http://danielmax.ac.ug/softokn3.dll
http://danielmax.ac.ug/msvcp140.dll
http://danielmax.ac.ug/sqlite3.dll
http://danielmax.ac.ug/vcruntime140.dll
http://danielmax.ac.ug/freebl3.dll
http://danielmax.ac.ug/mozglue.dll
http://danielmax.ac.ug/main.php
http://danielmax.ac.ug/nss3.dll
|
2
danielmax.ac.ug(185.215.113.77)
185.215.113.77 - malware
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
9.0 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10487 |
2021-07-25 11:14
|
 file4.exe f3cf8f5fb6694a2facf07326cc1df2ce
UPX Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10488 |
2021-07-25 11:16
|
 vbc.exe 3c6ca48961f11343d68ad63242af5eaa
PWS .NET framework RAT Generic Malware UPX Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.6 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10489 |
2021-07-25 11:19
|
 NetFramework.exe 18851ac1b5161ebdb1b2cf9a9e69ffaa
PWS .NET framework RAT Generic Malware UPX PE32 OS Processor Check .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed |
2
http://yonicathal.xyz/
https://api.ip.sb/geoip
|
4
yonicathal.xyz(91.235.129.135)
api.ip.sb(172.67.75.172)
104.26.12.31
91.235.129.135
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
|
|
7.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10490 |
2021-07-25 11:21
|
 ac.exe 877446a3230a1bdc809f50ad1477c3fd
PWS .NET framework Generic Malware Malicious Packer AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName |
|
3
omkarusdajvc.ac.ug()
omomom.ac.ug(194.5.98.107)
194.5.98.107
|
|
|
12.6 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10491 |
2021-07-25 12:07
|
 .csrss.exe 63fda29f4ba3e51aecc86992494144d2
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
6.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10492 |
2021-07-25 12:08
|
 toolspab1.exe 66599922c76c5fba265f7a0a9d544dff
UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
2.8 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10493 |
2021-07-25 12:10
|
 pdf.exe 06daa4f472383226392964c70e34c376
Antivirus KeyLogger ScreenShot AntiDebug AntiVM PE64 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Cryptographic key |
2
http://www.hughesconsulting.agency/jn7g/?RzuPnV=ajcMCBFDYNrcQR4M5/AD8FiopJRVDH4Khp6kfbop7hPsk3lSAcKT1amqvir1ji1uf6qUYpWI&QL3=uTyXxNyxQZxHE
https://cdn.discordapp.com/attachments/858793322087710753/863898136854003722/me.jpg - rule_id: 3231
|
8
www.856380176.xyz(103.88.34.80) - mailcious
google.com(172.217.175.78)
www.hughesconsulting.agency(198.54.117.212)
cdn.discordapp.com(162.159.129.233) - malware
162.159.134.233 - malware
216.58.220.206 - suspicious
198.54.117.212 - mailcious
103.88.34.80 - suspicious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE FormBook CnC Checkin (GET)
|
1
https://cdn.discordapp.com/attachments/858793322087710753/863898136854003722/me.jpg
|
14.6 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10494 |
2021-07-25 12:10
|
 toolspab2.exe 71b85af14fc8e5832d492a4c265916cb
UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
2.8 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10495 |
2021-07-25 12:12
|
 asxcjhgfd.exe 377170928109b8cf902b223b247cab87
PWS Loki[b] Loki[m] .NET framework Generic Malware Malicious Packer UPX DNS Socket KeyLogger HTTP Internet API ScreenShot Http API AntiDebug AntiVM PE32 .NET EXE PE File OS Processor Check DLL VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder malicious URLs Windows ComputerName |
4
http://danielmi.ac.ug/index.php
http://danielmax.ac.ug/sqlite3.dll
http://danielmax.ac.ug/softokn3.dll
http://danielmax.ac.ug/freebl3.dll
|
3
danielmi.ac.ug(185.215.113.77) - malware
danielmax.ac.ug(185.215.113.77)
185.215.113.77 - malware
|
5
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Download from dotted-quad Host
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
12.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10496 |
2021-07-25 12:13
|
 vbc.exe 3a23d766503a54317f86c1a175aa4b28
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE32 .NET EXE PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
10
http://www.roq.media/p1nr/
http://www.aaliyahchhabra.com/p1nr/?AjR=Od7bmnq1WRFk76F1ogkU4Mi+HONosEbzYL+WP8P50nM5a3VF2POZT1SyF5qsPepAKH1aqMJk&njn8dT=9rt0FPEHohgT
http://www.unlimitedfp.com/p1nr/
http://www.aaliyahchhabra.com/p1nr/
http://www.roq.media/p1nr/?AjR=U3lPnqGjwXsrwhyp5sFY7nRVaxZeJb2XQUDL3p9c1JxeBujj/xnCy1hFpAyiVGcEQaCdUYMf&njn8dT=9rt0FPEHohgT
http://www.viruswaarheid.club/p1nr/
http://www.cydip.com/p1nr/
http://www.viruswaarheid.club/p1nr/?AjR=5bJlupc6xb34bDBlIcNCs6/s3CZhfCPrV+jvRTcCmGNXsfZOWTkNxEbjIRjoEINWuvjAhau8&njn8dT=9rt0FPEHohgT
http://www.unlimitedfp.com/p1nr/?AjR=ck6tzDHMirLRaCF0a9F3iHlzRV0lrjZg5pC5jzBkRAU3dlywyeIgUh5ApEd5/gzrFW3zzC5E&njn8dT=9rt0FPEHohgT
http://www.cydip.com/p1nr/?AjR=ZGaWET/m5aRCM9pakCj6ctG5V4spLUeE07bass/N5tQ/1dOLPCE7TRyiJFuh9iNzw4wcgE0D&njn8dT=9rt0FPEHohgT
|
10
www.unlimitedfp.com(34.102.136.180)
www.cydip.com(123.206.44.194)
www.roq.media(34.80.190.141)
www.aaliyahchhabra.com(34.102.136.180)
www.viruswaarheid.club(162.255.119.118)
www.501581.com()
34.80.190.141 - mailcious
162.255.119.118
34.102.136.180 - mailcious
123.206.44.194
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.2 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10497 |
2021-07-25 12:14
|
vodafone 43245acd2bfc4fb651961933a72da0ad
AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email |
|
|
|
|
4.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10498 |
2021-07-25 12:14
|
 nzezx.exe 49903bdde201f45c4879d5b446d0510a
PWS .NET framework RAT Generic Malware Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed |
|
1
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
|
|
10.0 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10499 |
2021-07-25 12:16
|
 r.txt cfada30d54f8a6ebedf7b7edd3c57b4f
Generic Malware Admin Tool (Sysinternals etc ...) PE32 .NET EXE PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder WriteConsoleW shadowcopy delete Tofsee Windows ComputerName crashed |
|
2
shinolocker.com(188.166.237.163)
188.166.237.163
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10500 |
2021-07-25 12:19
|
 toolspab3.exe e1efc9ffe52d619e45016f1b81a3415a
UPX Malicious Library PE32 OS Processor Check PE File VirusTotal Malware PDB unpack itself Windows Remote Code Execution crashed |
|
|
|
|
2.8 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|