| 11161 |
2023-07-28 14:13
|
SWISSSWISSSWISSSWISSSIWSSSIWIS... b0361a874f097e9000ffc073ad1cccb5
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://192.3.216.144/650/system.vbs
|
3
cdn.pixelbin.io(54.230.167.117) - malware
54.230.167.16
192.3.216.144 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host VBS Request
|
|
4.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11162 |
2023-07-28 14:13
|
 wininit.exe 2cee30219b059ac64f0b4f363edcf0f5
Formbook .NET framework(MSIL) AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs |
12
http://www.sisbom.online/pta7/ - rule_id: 35245
http://www.maytag36.com/pta7/?HBbpS=I+8B7hWWd8/aZc0LyOI98FU2kxxJYUgzWPkNKI3Xu1M4KTmr5ikbSLVEKd5DC7LZ6l0Rcp22A4fkoHEesbNwOWp7sSOEDutN8WpeiG4=&BN5djo=jJBlAlRoi0mcT - rule_id: 35246
http://www.yh66985.com/pta7/ - rule_id: 35249
http://www.yh66985.com/pta7/?HBbpS=r0Znjcl108fWq3DW2uMZlKkUpEOS0il4WTIwHqnkDlhXNTmyDe2k/moWxs1adkJw8OOtkgeu00hRWSJDuXN3qGN9obJjMdXlYosByRw=&BN5djo=jJBlAlRoi0mcT - rule_id: 35249
http://www.selfstorage.koeln/pta7/?HBbpS=nRxaeJY0qwDQ0+6frQxSN5E2QFq7X4AyNJuuilycF0k/wVU2rXenu/JIKS0/EAOQo/d8R3vVu9XtC/4/t+jNl01+sEHp/xYpCFlSqjU=&BN5djo=jJBlAlRoi0mcT - rule_id: 35247
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
http://www.cosmicearthgoddess.com/pta7/ - rule_id: 35248
http://www.sisbom.online/pta7/?HBbpS=9K+XUf37kaVDuc0IEb/en1sQBc6oG59LX1JpxUbzLe92mNGRZFlQ32afb7pO3FMoswo/Nr7Bt7+lgxXjhaaHcK0lGMXqPnmX0dOCo/8=&BN5djo=jJBlAlRoi0mcT - rule_id: 35245
http://www.cosmicearthgoddess.com/pta7/?HBbpS=13fhjxEBwouEnUsG2Zptbc3oT5vv/DEuG4iFtfSUwau/qJ9Hv2KIb5nyZ/MG0WCg1U40rxerqpJjqyPhopVWfuMIqg+QB/xDsz3LaOk=&BN5djo=jJBlAlRoi0mcT - rule_id: 35248
http://www.maytag36.com/pta7/ - rule_id: 35246
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip
http://www.selfstorage.koeln/pta7/ - rule_id: 35247
|
11
www.sisbom.online(162.240.81.18) - mailcious
www.selfstorage.koeln(81.169.145.157) - mailcious
www.yh66985.com(154.215.247.58) - mailcious
www.cosmicearthgoddess.com(74.208.236.61) - mailcious
www.maytag36.com(76.223.26.96) - mailcious
81.169.145.157 - mailcious
154.215.247.58 - mailcious
76.223.26.96 - mailcious
45.33.6.223
162.240.81.18 - mailcious
74.208.236.61 - mailcious
|
|
10
http://www.sisbom.online/pta7/
http://www.maytag36.com/pta7/
http://www.yh66985.com/pta7/
http://www.yh66985.com/pta7/
http://www.selfstorage.koeln/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.sisbom.online/pta7/
http://www.cosmicearthgoddess.com/pta7/
http://www.maytag36.com/pta7/
http://www.selfstorage.koeln/pta7/
|
9.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11163 |
2023-07-28 14:12
|
system.vbs bb9912b2bbc3c22d1d4a261020afa0d3
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://cdn.pixelbin.io/v2/red-wildflower-1b0af4/original/universo_vbs.jpeg
http://195.178.120.24/cousin_GEF_BAS64dgfhjgfxzjgfzgfjzz.txt
|
2
cdn.pixelbin.io(54.230.167.126) - malware
54.230.167.16
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
|
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11164 |
2023-07-28 14:10
|
CHMSDFHIDSFIHSIDFHIH%23%23%23%... 937cc2aa6de4c6b3475b2106c7549bbf
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
1
http://23.94.37.197/320/chromium.exe
|
1
|
1
ET INFO Executable Download from dotted-quad Host
|
|
4.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11165 |
2023-07-28 14:09
|
 clip64.dll 7480f4019e4d41ea6508ce29adab0d2c
Amadey UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11166 |
2023-07-28 14:07
|
 777888_2023-07-27_14-57.exe d106422018f67d798c142062e70a5810
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11167 |
2023-07-28 14:07
|
 iwAmDsFecs.exe 8b1de7ff7c5f0d495c4c66c9ae3e9613
Malicious Library KeyLogger AntiDebug AntiVM PE64 PE File VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Windows Cryptographic key crashed |
|
|
|
|
7.0 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11168 |
2023-07-28 10:40
|
 yzhuQFZOKoMax.exe 71c0a5043a21ae67b76f291325de7506
Malicious Library PE64 PE File VirusTotal Malware Check memory Checks debugger unpack itself DNS |
|
1
|
|
|
3.0 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11169 |
2023-07-28 10:39
|
system.vbs d64e719c50dcf19c9d911e8eb353a37e
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
https://cdn.pixelbin.io/v2/flat-wave-f37060/original/bat_native.jpeg
http://192.3.243.146/hcls/ROOT.txt
|
2
cdn.pixelbin.io(54.230.167.117) - malware
54.230.167.126
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.0 |
M |
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11170 |
2023-07-28 10:39
|
 Aloic.bmp 7c75d25fcb55e27a84dba451969ba2e3
Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader .NET framework(MSIL) Create Service Socket Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Remcos VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS keylogger |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50)
178.237.33.50
172.96.14.18
|
1
ET JA3 Hash - Remcos 3.x TLS Connection
|
|
10.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11171 |
2023-07-28 10:36
|
FeeeeeeeeeeeeeeFeeeeeeeeeeeeee... 4f6911ba2cfb8db577523bafa3d70a78
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
1
http://192.3.243.146/hcls/IBM/system.vbs
|
1
192.3.243.146 - mailcious
|
1
ET INFO Dotted Quad Host VBS Request
|
|
4.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11172 |
2023-07-28 10:35
|
 123.exe 0e6d97f2465f51dadc93192c8e162f11
RedLine stealer UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
|
|
11.8 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11173 |
2023-07-28 10:33
|
 jesus.exe 7b6580f08a43949b795aa68c0e5e45cc
UPX .NET framework(MSIL) Malicious Library Malicious Packer Antivirus OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11174 |
2023-07-28 10:31
|
 wininit.exe 52911cc84b7dae18ea666f124700b68e
UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed |
|
|
|
|
3.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11175 |
2023-07-28 10:30
|
 ChromeSetup.exe 6f9433489c234b56f12a5e807ad4bfcb
UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.4 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|