| 10831 |
2023-08-10 09:46
|
HGG.vbs aaa8244c698233bc249ddda1e6db6ce6
Generic Malware Antivirus PowerShell VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10832 |
2023-08-10 09:44
|
setup.vbs 2308efc0d4f8e10e983f3fb5ac87ae8c
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.27
104.21.45.138 - malware
|
|
|
9.0 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10833 |
2023-08-10 09:44
|
MSK.vbs ae98e919568e778817d4668f82242cf4
Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
5.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10834 |
2023-08-10 09:40
|
 IGUU.vbs 31e9ee45e3a0e6c4c020ac248a843a7d
Generic Malware Antivirus Hide_URL PowerShell Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
http://23.94.239.89/520/b/update.vbs
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
|
4
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.27
104.21.45.138 - malware
23.94.239.89 - mailcious
|
|
|
11.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10835 |
2023-08-10 09:40
|
 ChromeSetup.vbs 150a2b851e3ccbf928d862a05b37636c
Generic Malware Antivirus UPX Malicious Library PE File PE32 DLL PE64 PNG Format VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://104.168.46.25/890/oj/hkcmds.exe
|
1
|
|
|
9.4 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10836 |
2023-08-10 09:36
|
X.vbs bf2d0d0575cf2e9bc9de0885bd8fb666
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
121.254.136.27
172.67.215.45 - malware
|
|
|
9.4 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10837 |
2023-08-10 09:36
|
update.vbs bb0c35cecf43175858984c3d8bc97e97
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.27
104.21.45.138 - malware
|
|
|
8.4 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10838 |
2023-08-10 08:00
|
 images.exe fc0b349cceb4042ecb9759e9a519ca95
.NET framework(MSIL) .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself |
|
|
|
|
1.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10839 |
2023-08-10 07:58
|
 smss.exe 762df4801061068efc7a2dfbeb555701
.NET framework(MSIL) .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself |
|
|
|
|
1.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10840 |
2023-08-10 07:57
|
 WmiPrvSE.exe f46119800d530db454ce9d90e12d2d67
Formbook NSIS UPX Malicious Library Malicious Packer PE File PE32 suspicious privilege Check memory Creates executable files ICMP traffic unpack itself AppData folder DNS |
23
http://www.potent-tech.com/mv9h/ - rule_id: 35666
http://www.weinbrenner-stiftung.org/mv9h/?V6=KriJDkyr9ZSDK5SncDruUH89KQPsZisyljIEVA7ACCuqryEISDWc4fIbxiwjaj9YllKMJ4K263YcXqSukN/9eRkxhZw6ZQvhn0MgKpA=&2OQv=L0u7oq - rule_id: 35662
http://www.hncovnyyra.best/mv9h/ - rule_id: 35656
http://www.potent-tech.com/mv9h/?V6=5LG9sGJ0Xy0tGBfy/i4n941Vae72eun7+06/2kSJ2Ijal4TzL2poOVQfz4pDEpYGJhcAHBjd7wBR7BL0Fryth6nc1D7NW/kGG+pkqcI=&2OQv=L0u7oq - rule_id: 35666
http://www.rva.info/mv9h/?V6=VRRqi/ql977uvieqYsG4fOrDt8dXLrN86EfRdYcOQNSbko9uA8lJYMBA/4W5F4bPxRFvp/KzmV+IiXK6fR3lqPQiRqLY9cobKkCJQRY=&2OQv=L0u7oq - rule_id: 35657
http://www.ceravolt.life/mv9h/ - rule_id: 35660
http://www.rva.info/mv9h/ - rule_id: 35657
http://www.help-hair.info/mv9h/?V6=GNz0FM0e5ScvNElU2Hu2om6Rqm4e+67FZh9yl10aFczOUMs8DWUv0BGRHOdPh5hc0CAdyJzRrvN/qShJrEMPe4vi0TNirV+929KqINs=&2OQv=L0u7oq - rule_id: 35664
http://www.eventz9.com/mv9h/?V6=DhN/pfZhMnl4HQr18JX+oR8+aYaT8DsUwwvwmuFtuqFZv8xoKl2cv7n6clvWh1ER01rwIDgQIfjRcGmRjQxyMnOEIFklWxiWmR0afZM=&2OQv=L0u7oq - rule_id: 35661
http://www.ridonestore.shop/mv9h/ - rule_id: 35665
http://www.aquatic-organisms.info/mv9h/ - rule_id: 35663
http://www.help-hair.info/mv9h/ - rule_id: 35664
http://www.hncovnyyra.best/mv9h/?V6=HcykeIqVbXhfppJwoSsM/lzOWEv/63sUc26l9Pyzi/RiJWpkCKG7rYCg+zEFiCvlKsq6aaTMW0S7wU6+gIahRGdD6ziJ49MY8t7Y4AU=&2OQv=L0u7oq - rule_id: 35656
http://www.aquatic-organisms.info/mv9h/?V6=iptoip7pWRsS9xKJtuuMpZ3pZju1uspYTD6Awsn8x9vJeBkpaHApDsxm5SKYRJmJIPm4Br1em9F8LnG0RKBgEpAwWbXUGUe5zk5WzmM=&2OQv=L0u7oq - rule_id: 35663
http://www.eventz9.com/mv9h/ - rule_id: 35661
http://www.brownie.rest/mv9h/?V6=vmn/PMHMKvttZlwOVZyOjTJZ+WpUZFfmH6ozGnWYHclktmcXFHgsldQI8V2t6yLP30Sy4KtKyocnDpxwpleQA38uNlwzTJH7fcDgzks=&2OQv=L0u7oq - rule_id: 35659
http://www.ceravolt.life/mv9h/?V6=9IeKlzzeiCBmV6GZneJqnhQdGcMOrN2zpJl1PcRdXHgPlBFjKoUh2wO5Xuu1XzrnlBtm9u1a/Ow39lO36+F22xQtyEIwfDBXWZJ5lHc=&2OQv=L0u7oq - rule_id: 35660
http://www.ridonestore.shop/mv9h/?V6=9VxnjTCqrqAAIhZwG9PoTS29kvYV+Vsyiu2Fvyx7VLgNyAFzPPwxiPtN8AaY7yAV9hQiJzLhpdoSmgIbJxvhNzuKboEGgwYKJo7uw1I=&2OQv=L0u7oq - rule_id: 35665
http://www.expelledclothing.com/mv9h/?V6=9a4cyonTP0e6NuzSlLJ27FO37WvMSZ0WaVw1AMtOxtaCv+m5JRKGBAYKzIKL0anZ1A3e1EfBSBxBW9/OLTmFzaHtcxx2Mn8hsStbcMw=&2OQv=L0u7oq - rule_id: 35658
http://www.sqlite.org/2019/sqlite-dll-win32-x86-3280000.zip
http://www.weinbrenner-stiftung.org/mv9h/ - rule_id: 35662
http://www.brownie.rest/mv9h/ - rule_id: 35659
http://www.expelledclothing.com/mv9h/ - rule_id: 35658
|
24
www.ridonestore.shop(84.32.84.32) - mailcious
www.brownie.rest(202.172.26.52) - mailcious
www.rva.info(3.64.163.50) - mailcious
www.aquatic-organisms.info(199.59.243.224) - mailcious
www.expelledclothing.com(45.79.19.196) - mailcious
www.eventz9.com(35.241.18.84) - mailcious
www.help-hair.info(104.21.83.214) - mailcious
www.ceravolt.life(203.161.53.83) - mailcious
www.weinbrenner-stiftung.org(46.30.213.165) - mailcious
www.potent-tech.com(119.28.69.86) - mailcious
www.hncovnyyra.best(104.21.73.140) - mailcious
46.30.213.165 - mailcious
202.172.26.52 - phishing
5.8.18.42 - mailcious
84.32.84.32 - mailcious
119.28.69.86 - mailcious
172.67.181.247
172.67.145.145 - mailcious
35.241.18.84 - mailcious
3.64.163.50 - mailcious
45.33.23.183 - suspicious
45.33.6.223
203.161.53.83 - mailcious
199.59.243.224 - mailcious
|
|
22
http://www.potent-tech.com/mv9h/
http://www.weinbrenner-stiftung.org/mv9h/
http://www.hncovnyyra.best/mv9h/
http://www.potent-tech.com/mv9h/
http://www.rva.info/mv9h/
http://www.ceravolt.life/mv9h/
http://www.rva.info/mv9h/
http://www.help-hair.info/mv9h/
http://www.eventz9.com/mv9h/
http://www.ridonestore.shop/mv9h/
http://www.aquatic-organisms.info/mv9h/
http://www.help-hair.info/mv9h/
http://www.hncovnyyra.best/mv9h/
http://www.aquatic-organisms.info/mv9h/
http://www.eventz9.com/mv9h/
http://www.brownie.rest/mv9h/
http://www.ceravolt.life/mv9h/
http://www.ridonestore.shop/mv9h/
http://www.expelledclothing.com/mv9h/
http://www.weinbrenner-stiftung.org/mv9h/
http://www.brownie.rest/mv9h/
http://www.expelledclothing.com/mv9h/
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10841 |
2023-08-10 07:57
|
 damianozx.exe aefddcdc823f16072869862f35db8dae
AgentTesla KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
api.ipify.org(173.231.16.76)
104.237.62.211
|
|
|
9.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10842 |
2023-08-10 07:54
|
 AdobeSettings.exe e781ca8ce0cf2ede3c242c2bdc1ea2a4
NSIS UPX Malicious Library PE File PE32 DLL AppData folder |
|
|
|
|
0.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10843 |
2023-08-10 07:50
|
 defense.exe eb11d76f4db6786d48ef7ae3f6c3ad9a
UPX Malicious Library OS Processor Check PE File PE32 PDB buffers extracted unpack itself sandbox evasion Browser ComputerName DNS |
|
1
|
|
|
4.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10844 |
2023-08-10 07:49
|
 html.exe 77f82a88068d77ba9ece00d21bf3a4db
UPX Malicious Library OS Processor Check PE File PE32 PDB Code Injection Checks debugger buffers extracted unpack itself sandbox evasion Browser ComputerName DNS |
|
1
|
|
|
6.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10845 |
2023-08-10 07:48
|
 a3e34cp.exe 92031e02bc46932ace98fb8b54f261f4
Amadey UPX VMProtect Malicious Library PE File PE32 Malware AutoRuns Malicious Traffic Check memory unpack itself Windows utilities suspicious process AppData folder WriteConsoleW human activity check Windows ComputerName DNS |
2
http://45.9.74.166/b7djSDcPcZ/index.php - rule_id: 35596
http://45.9.74.141/b7djSDcPcZ/index.php - rule_id: 35595
|
2
45.9.74.141 - mailcious
45.9.74.166 - mailcious
|
|
2
http://45.9.74.166/b7djSDcPcZ/index.php
http://45.9.74.141/b7djSDcPcZ/index.php
|
8.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|