| 10861 |
2023-08-09 17:12
|
 smokeyzx.exe 023724470a84b79a9efbde752322ddec
AgentTesla SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
2
api.ipify.org(104.237.62.211) -
173.231.16.76 -
|
|
|
12.8 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10862 |
2023-08-09 17:11
|
kellyzx.doc b98806523c4916585df3f414296d0905
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed |
|
|
|
|
3.2 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10863 |
2023-08-09 17:10
|
 built.exe 4f0138b76666d40673be97ceaa9245b4
UPX .NET framework(MSIL) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
2.8 |
|
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10864 |
2023-08-09 17:08
|
 loki.exe 137141a66c13ca84d8d5856f1bc176c1
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.0 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10865 |
2023-08-09 17:08
|
alertzx.doc f46867432dd7f3b315b6c29d52ed0edb
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed |
1
http://2.59.254.18/_errorpages/alertzx.exe
|
3
smtp.hengshlusa.com(208.91.199.225) -
208.91.198.143 -
2.59.254.18 -
|
|
|
5.0 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10866 |
2023-08-09 17:07
|
 MinerFullDetect.exe f810de3ef202723a9fa3637e69115da6
UPX Malicious Library PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed |
|
|
|
|
1.8 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10867 |
2023-08-09 17:07
|
 Amday_soft.exe c9e4b5e6adfd9dc39449b3de59e562de
Amadey UPX Admin Tool (Sysinternals etc ...) Http API HTTP Code injection Internet API AntiDebug AntiVM .NET EXE PE File PE32 GIF Format VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Windows ComputerName DNS |
2
http://45.9.74.182/b7djSDcPcZ/index.php - rule_id: 35747
http://45.9.74.182/b7djSDcPcZ/index.php
|
1
|
|
1
http://45.9.74.182/b7djSDcPcZ/index.php
|
12.0 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10868 |
2023-08-09 17:07
|
rovezx.doc 4c86d493d7393a80dc6638a810daed30
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS DDNS crashed |
2
http://194.55.224.13/_errorpages/rove.exe
http://64.188.25.4/gnTHyJvVqELjdK41.bin
|
4
agent.servegame.com(192.154.229.70) -
192.154.229.70 -
64.188.25.4 -
194.55.224.13 -
|
|
|
6.0 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10869 |
2023-08-09 17:03
|
damianozx.doc 86588b34f68fad2817ac9c8b7eee8568
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Exploit DNS crashed |
1
http://2.59.254.18/_errorpages/damianozx.exe
|
3
api.ipify.org(104.237.62.211) -
2.59.254.18 -
104.237.62.211 -
|
|
|
4.8 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10870 |
2023-08-09 17:03
|
 rainbow_loop.exe d6dc6b4155cfc36fe8ea78aa82949533
PE File PE32 VirusTotal Malware |
|
|
|
|
1.0 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10871 |
2023-08-09 17:03
|
 kellyzx.exe 7bb907d4c3ec7bb44a0f25f41bad22d2
LokiBot Socket PWS DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://194.55.224.15/kelly/five/fre.php
|
1
|
|
|
15.0 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10872 |
2023-08-09 17:02
|
 setup294.exe bf6993bcabf40b1643e5d7abf6710762
UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 DLL PDB Code Injection Checks debugger unpack itself AppData folder Remote Code Execution |
|
|
|
|
2.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10873 |
2023-08-09 14:24
|
Pass1234_file.7z 8c849c3860d4cde88ae04546492f17dc
Vidar Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check DNS |
52
http://94.142.138.131/api/firegate.php - rule_id: 32650
http://94.142.138.131/api/firegate.php
http://193.233.254.61/loghub/master - rule_id: 35736
http://193.233.254.61/loghub/master
http://hugersi.com/dl/6523.exe - rule_id: 32660
http://hugersi.com/dl/6523.exe
http://zzz.fhauiehgha.com/m/okka25.exe - rule_id: 34705
http://zzz.fhauiehgha.com/m/okka25.exe
http://aa.imgjeoogbb.com/check/safe - rule_id: 34652
http://aa.imgjeoogbb.com/check/safe
http://65.21.187.146/
http://45.15.156.229/api/tracemap.php - rule_id: 33783
http://45.15.156.229/api/tracemap.php
http://aa.imgjeoogbb.com/check/?sid=294936&key=d9eb18658941edfb01ef7f4e4f3bcf60 - rule_id: 34651
http://aa.imgjeoogbb.com/check/?sid=294936&key=d9eb18658941edfb01ef7f4e4f3bcf60
http://95.214.25.207:3002/file.exe - rule_id: 35494
http://95.214.25.207:3002/file.exe
http://77.91.68.61/rock/index.php - rule_id: 35495
http://77.91.68.61/rock/index.php
http://65.21.187.146/43a6ce95ca0edbaf09babc2b3d43fe58
http://87.121.221.58/g.exe
http://apps.identrust.com/roots/dstrootcax3.p7c
http://94.142.138.131/api/tracemap.php - rule_id: 28311
http://94.142.138.131/api/tracemap.php
http://www.maxmind.com/geoip/v2.1/city/me
http://208.67.104.60/api/tracemap.php - rule_id: 28876
http://208.67.104.60/api/tracemap.php
http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482
http://us.imgjeoigaa.com/sts/imagc.jpg
http://65.21.187.146/files.zip
http://77.91.124.231/info/photo443.exe - rule_id: 35604
http://77.91.124.231/info/photo443.exe
http://176.113.115.84:8080/4.php - rule_id: 34795
http://176.113.115.84:8080/4.php
https://busell.store/setup294.exe
https://vk.com/doc801981293_667406864?hash=uZtMvR4ZNW8WKezoz5XxQw5zKDEIBGP5eVquLMZQIhs&dl=LPW7PFXZtcJLownI3eqGgO4ACOVJ8g7SlBJbPXo7NZX&api=1&no_preview=1#WW1
https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#test
https://sun6-23.userapi.com/c909228/u801981293/docs/d20/1c1fbf1bf284/fse.bmp?extra=4_jy8uhFMEaLDwCkNxpWmgh94F8cfoFaPIan-8Dtq-90eX9YgxglCma4ibrxupgDp67zjlLLmn3oM4vn_4Lcy60SuF-xbd7WtSmxPbbqXF5I2f8XPvKEFgk5TjKmCaLP5EtabfY2xp2fEb_GZg
https://vk.com/doc801981293_667454987?hash=kPpi9bC3rv9q7iZDCWdCIDMK6XFt1NWknu5RxXyxZST&dl=slQ3yZBhbXAyX5QrjOWy1faytAkizWc5WCVP1enGF7H&api=1&no_preview=1
https://steamcommunity.com/profiles/76561199532186526 - rule_id: 35698
https://steamcommunity.com/profiles/76561199532186526
https://sun6-21.userapi.com/c909618/u801981293/docs/d37/81a43648135e/WWW1.bmp?extra=t4h0dCojdHQ9CBRhBgSlMwlX__2pm62d9iqHWHxa4yaqyWbHETFz2CtZPAv8kaHxOrxQorbDrTi3sk1G5eP5MeAcS7R5Es1b2jwTgIL0nLizkKZJ7JW0MBNFmsH1raDTFmJzxnIIH3MnZK-iGw
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
https://sun6-23.userapi.com/c240331/u801981293/docs/d56/dab33f053e7c/PMmp.bmp?extra=a4Cg8XIbUtZZBJyBQCMW4u__V4MU2I7W7NYiQS3KlkgLS1hFGI4dFSeDqItPwxD9iGpDcky1Bw9Ddc2BJudwVjTqCJRs2To8Eqgtk_3_Zl4z_IY4-X2B8ePuzB7q8vf2ACOz8efgpXGK-A6v_Q
https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1
https://vk.com/doc801981293_667486594?hash=imfz8iVrsd0ACccnF0GZIUltD8XX5X3arwn4kxjKrGH&dl=7kNZPXNmlDfZM6XyNQJ0E5zKssx8LEYlz2E1h2FUgZk&api=1&no_preview=1#fse
https://sun6-20.userapi.com/c240331/u801981293/docs/d8/1f5ae35150b7/siddharthabuddh4_2.bmp?extra=B7BtTuv_7jmb8cCMaLam49APjJzrtiYZZzp3rziQku1r1BN59h4GUS5Dlv0sdMxlHC6wmC-J3k578d7Nsnx7pBDX6Oy74RUAIQXIuc0nfUwip49td2R-6P-iXhn7AazYaV5F2sSahyy5VRY36g
https://sun6-21.userapi.com/c909418/u801981293/docs/d20/1e2b07ec3a9d/test.bmp?extra=qMq_Hfaqw0yUQD5zYrK1RBqcLLfE3A2AU0FdG85zayvGWJs2ZFqVwwlittGHO2AiyIVbBEjb9ZK5L_1e_9_nKp7YReGxGKr0knhKpVpMJqu_rfIHNIML5L_f8elMCrbXg40EAQk9_-mEr-B2bw
https://db-ip.com/
https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#stats
https://vk.com/doc801981293_667588255?hash=D2CJ0xHL4AttqOVEQrcszbzjAqHflz5sitrNnCDwHML&dl=1MkLYb1Zn2lmLZ7wS6mD5tteEUeivr15Bnn3xZoovqk&api=1&no_preview=1
https://vk.com/doc801981293_667539838?hash=1wYO1Ous0beVWiHJAejgZ3eSHSzodvDxJWbbkFPgBQs&dl=SQxo7vjhnlb1LQCUeoVijfnKU0E3auPCNV18GmDNZC0&api=1&no_preview=1#test
|
59
t.me(149.154.167.99) - mailcious
sun6-23.userapi.com(95.142.206.3)
api.db-ip.com(104.26.4.15)
api.myip.com(104.26.8.59)
hugersi.com(91.215.85.147) - malware
steamcommunity.com(104.76.78.101) - mailcious
db-ip.com(104.26.5.15)
busell.store(172.67.159.178)
www.maxmind.com(104.17.214.67)
zzz.fhauiehgha.com(156.236.72.121) - mailcious
iplogger.org(148.251.234.83) - mailcious
ipinfo.io(34.117.59.81)
aa.imgjeoogbb.com(154.221.26.108) - mailcious
us.imgjeoigaa.com(103.100.211.218) - mailcious
fastpool.xyz(213.91.128.133) - mailcious
sun6-20.userapi.com(95.142.206.0) - mailcious
vk.com(93.186.225.194) - mailcious
vanaheim.cn(77.232.41.127)
sun6-21.userapi.com(95.142.206.1) - mailcious
iplis.ru(148.251.234.93) - mailcious
148.251.234.93 -
154.221.26.108 - mailcious
87.121.221.58 - malware
209.250.248.11
104.21.9.89
91.215.85.147 - malware
65.21.187.146
208.67.104.60 - mailcious
95.214.25.207 - malware
149.154.167.99 - mailcious
172.67.75.166
172.67.75.163
193.233.254.61 - mailcious
194.26.135.162 - mailcious
87.240.132.78 - mailcious
34.117.59.81
176.113.115.84 - mailcious
148.251.234.83
77.232.41.127
45.15.156.229 - mailcious
94.142.138.131 - mailcious
176.123.9.142 - mailcious
77.91.124.231 - malware
185.225.73.32
104.17.214.67
77.91.68.61 - malware
156.236.72.121 - mailcious
23.67.53.17
104.26.4.15
95.142.206.3
163.123.143.4 - mailcious
95.142.206.1 - mailcious
95.142.206.0 - mailcious
77.91.124.54
85.208.136.10 - mailcious
62.122.184.58
103.100.211.218 - malware
213.91.128.133 - mailcious
104.76.78.101 - mailcious
|
|
15
http://94.142.138.131/api/firegate.php
http://193.233.254.61/loghub/master
http://hugersi.com/dl/6523.exe
http://zzz.fhauiehgha.com/m/okka25.exe
http://aa.imgjeoogbb.com/check/safe
http://45.15.156.229/api/tracemap.php
http://aa.imgjeoogbb.com/check/
http://95.214.25.207:3002/file.exe
http://77.91.68.61/rock/index.php
http://94.142.138.131/api/tracemap.php
http://208.67.104.60/api/tracemap.php
http://us.imgjeoigaa.com/sts/imagc.jpg
http://77.91.124.231/info/photo443.exe
http://176.113.115.84:8080/4.php
https://steamcommunity.com/profiles/76561199532186526
|
6.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10874 |
2023-08-09 11:29
|
 MAINNODECPa.htm 4a8582251db1eb736e1dc4c60fed358e
Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key |
2
https://ccpan12.blogspot.com/////////atom.xml
https://d9e1c3dd-1fee-48c1-9089-09a70580408e.usrfiles.com/ugd/d9e1c3_4d127b508d68411bb32a1e039bce6288.txt
|
|
|
|
7.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10875 |
2023-08-09 11:24
|
 logszx.exe f0ffc9ea823029c0b1c45026306957d5
PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
smtp.quartziax.com(208.91.199.224) - mailcious
208.91.199.224 - mailcious
|
|
|
10.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|