| 11446 |
2021-08-18 11:31
|
 winDriversavesruntimecrt.exe 728f3575ead222e4e13b9558291547be
RAT Generic Malware UPX Malicious Packer PE File OS Processor Check .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces AntiVM_Disk VM Disk Size Check Windows ComputerName DNS crashed |
5
http://94.103.80.73/Packetbasetraffic.php?Hs=cT9lWF0Oi8Od5dGFi&kzkV6EALBVLNHYHv1yGuaVH3w=qQ0SQmSPh24HW&7d323b4a145837be4f4782fd94aa04b9=wY1YmNwUWYkZmZzEWZlZTOldjN3AjMhljM0YzMlJ2Y2Q2NlFTZiVmMzADMxUTMxITOzQTN0YTN&0a843b55ae7380be744bbf239c8d0d28=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&bcc7f967af6d5d0e73d62e6ee3cfb999=0VfiIiOiMDNyUjM4kDMhNDOiVmN5MjM5UDM5MWNmFGZwEjMhdTOiwiImVWN0czY0UmY2czN1MzM0EWOiFzNiBjZ3kzNjZjM5MmYwgDN5QmNiJiOiQWZ3IzMxgDM4IWN0UTMhVWO5EjNkNzMidDM1YGNiZ2YiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiQWOmZTNjNWO1YGNyU2N2AjZwATO1YmM1ATZwQmYygDOis3W - rule_id: 3624
http://94.103.80.73/Packetbasetraffic.php?Hs=cT9lWF0Oi8Od5dGFi&kzkV6EALBVLNHYHv1yGuaVH3w=qQ0SQmSPh24HW&7d323b4a145837be4f4782fd94aa04b9=wY1YmNwUWYkZmZzEWZlZTOldjN3AjMhljM0YzMlJ2Y2Q2NlFTZiVmMzADMxUTMxITOzQTN0YTN&0a843b55ae7380be744bbf239c8d0d28=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&a3729499a3865912c422a5dac7bbf881=0VfiIiOiMDNyUjM4kDMhNDOiVmN5MjM5UDM5MWNmFGZwEjMhdTOiwiImVWN0czY0UmY2czN1MzM0EWOiFzNiBjZ3kzNjZjM5MmYwgDN5QmNiJiOiQWZ3IzMxgDM4IWN0UTMhVWO5EjNkNzMidDM1YGNiZ2YiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiQWOmZTNjNWO1YGNyU2N2AjZwATO1YmM1ATZwQmYygDOis3W - rule_id: 3624
http://94.103.80.73/Packetbasetraffic.php?Hs=cT9lWF0Oi8Od5dGFi&kzkV6EALBVLNHYHv1yGuaVH3w=qQ0SQmSPh24HW&7d323b4a145837be4f4782fd94aa04b9=wY1YmNwUWYkZmZzEWZlZTOldjN3AjMhljM0YzMlJ2Y2Q2NlFTZiVmMzADMxUTMxITOzQTN0YTN&0a843b55ae7380be744bbf239c8d0d28=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&ad26823b07b8cbcd7ff745afd1954775=d1nIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOiQWZ3IzMxgDM4IWN0UTMhVWO5EjNkNzMidDM1YGNiZ2YiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiQWOmZTNjNWO1YGNyU2N2AjZwATO1YmM1ATZwQmYygDOis3W&a3729499a3865912c422a5dac7bbf881=0VfiIiOiMDNyUjM4kDMhNDOiVmN5MjM5UDM5MWNmFGZwEjMhdTOiwiIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOiQWZ3IzMxgDM4IWN0UTMhVWO5EjNkNzMidDM1YGNiZ2YiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiQWOmZTNjNWO1YGNyU2N2AjZwATO1YmM1ATZwQmYygDOisHL9JCMulUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSapUaPlGNXFGdSdVU6xWbJNXSpRVavpWS0ZkMZlmVyYles1WSzl0UXl2bqlEb1IjYvJ0MilnTXFmTOhVYpdXaJl2bqlESGVkVpdXaJBDbtF1ZRpmTnRDMTd2dXlVd5cVY65EWa1WOtNWUClnTn10MkZnUtJGckxWS2kUajxmWsJGckxWSzBjbJhmVtNmd0VUSvJFWkZnTGlEdBNkWsxWbaBnTXp1dOhUSwkTbUl2bqlkbKNjYpdXaJVzZU1Ee0knT5VERMlXRE1UM0knT6lUaPlWTyI2cKNETplUMTl2bqlUNKhEZ1Z1MipmSDxUa3dFZ2ZlMVl2bqlUd5cVYuZVbjl2dplUMkdFToJ0MaVXOyUVavpWS1IFWhpmSDxUaBRlT4RzQOpXRqxENBpWT1VleOhXSp9UaBhVYpNnbPlGOtpVdsV0YKp0QMlWSq1EMOhlWwoUaPlWVXJGa1s2Ys5EWWl2dplERCZFT5lERWRlVFZVavpWSsFzVZ9kTFVVa3lWS3RzQOVXUqlkNJl2YspFbjxmWuNGbOxWSzlUallEZF1EN0kWTnFURJZlQxE1ZBRUTwcGVMFzaHlEcwUkVvVVbjZnTFlEcJZ0SzZ1RkVHbrlkNJNlW0ZUbUZlQxEVa3lWSDJ0QNdGMDl0dTl1NSlHN2ATYKdzZwwEb0pGcuJna3QXcENVUIplRJF0ULdzYHp1Np9maJxWMXl1TWZUVIp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiMDNyUjM4kDMhNDOiVmN5MjM5UDM5MWNmFGZwEjMhdTOiwiI2kTMlRzY1ITZygjM0YjY2ETZiFjMzUDOjNmYxETNjlDMlRTM1ITYzIiOiQWZ3IzMxgDM4IWN0UTMhVWO5EjNkNzMidDM1YGNiZ2YiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiQWOmZTNjNWO1YGNyU2N2AjZwATO1YmM1ATZwQmYygDOis3W - rule_id: 3624
http://94.103.80.73/Packetbasetraffic.php?Hs=cT9lWF0Oi8Od5dGFi&kzkV6EALBVLNHYHv1yGuaVH3w=qQ0SQmSPh24HW&7d323b4a145837be4f4782fd94aa04b9=wY1YmNwUWYkZmZzEWZlZTOldjN3AjMhljM0YzMlJ2Y2Q2NlFTZiVmMzADMxUTMxITOzQTN0YTN&0a843b55ae7380be744bbf239c8d0d28=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&a3729499a3865912c422a5dac7bbf881=d1nIVtGVQJFMJJiOiMDNyUjM4kDMhNDOiVmN5MjM5UDM5MWNmFGZwEjMhdTOiwiI0QDZjBTM2QzY2EGM4cDMxETNyUjZyAjZ4MjM1IDOmFGZzMGMmlDO4IiOiQWZ3IzMxgDM4IWN0UTMhVWO5EjNkNzMidDM1YGNiZ2YiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOiQWOmZTNjNWO1YGNyU2N2AjZwATO1YmM1ATZwQmYygDOis3W - rule_id: 3624
http://94.103.80.73/Packetbasetraffic.php?Hs=cT9lWF0Oi8Od5dGFi&kzkV6EALBVLNHYHv1yGuaVH3w=qQ0SQmSPh24HW&cd9d37af20d201d2163f19403bbb9dd8=91ec0d6fa24ef6431113d7d323a081da&0a843b55ae7380be744bbf239c8d0d28=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&Hs=cT9lWF0Oi8Od5dGFi&kzkV6EALBVLNHYHv1yGuaVH3w=qQ0SQmSPh24HW - rule_id: 3624
|
1
|
|
5
http://94.103.80.73/Packetbasetraffic.php
http://94.103.80.73/Packetbasetraffic.php
http://94.103.80.73/Packetbasetraffic.php
http://94.103.80.73/Packetbasetraffic.php
http://94.103.80.73/Packetbasetraffic.php
|
7.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11447 |
2021-08-18 11:32
|
 Insidious.exe f3d648c4f3a0f9cfbead90e546efe8f6
RAT PWS .NET framework Generic Malware UPX PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Browser Software crashed |
|
|
|
|
4.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11448 |
2021-08-18 11:34
|
 oy.exe 0dad0861840cb73b4cefce3dcce28fa5
RAT PWS .NET framework Generic Malware Themida Packer Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 OS Processor Check Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Detects VMWare Check virtual network interfaces AppData folder VMware anti-virtualization Windows Browser ComputerName Firmware Cryptographic key crashed |
1
http://tospititouaromatos.shop/bot/cosanostra//config.json
|
2
tospititouaromatos.shop(157.90.210.32) - mailcious
157.90.210.32 - mailcious
|
|
|
9.8 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11449 |
2021-08-18 11:35
|
 anydeck.exe 5b2efc41e60b436ff9bce0ae4f8fd30a
RAT PWS .NET framework Generic Malware UPX PE File OS Processor Check .NET EXE PE32 Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
2
softwarebeast.live()
34.117.59.81
|
|
|
2.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11450 |
2021-08-18 11:37
|
 dchampzx.exe 44dd47401b94e056b009905fe584806f
RAT Generic Malware Admin Tool (Sysinternals etc ...) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
2.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11451 |
2021-08-18 11:37
|
 wango666.exe a9d35b3546a908c804d177020daefcb0
Gen2 Gen1 RAT Generic Malware UPX Malicious Library Malicious Packer Anti_VM ScreenShot Downloader DNS Socket PDF AntiDebug AntiVM PE File OS Processor Check PE32 .NET DLL DLL PNG Format PE64 JPEG Format Malware download Amadey VirusTotal Malware Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check DNS |
2
http://185.215.113.20/gb9fskvS/index.php
http://185.215.113.20/gb9fskvS/index.php?scr=1
|
1
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET MALWARE Amadey CnC Check-In
|
|
8.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11452 |
2021-08-18 11:40
|
 jopa.exe 3f472c0afd077919abb0a3ddb2378135
RAT Generic Malware UPX Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File OS Processor Check .NET EX VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS |
1
http://149.154.66.50/VideotoPolllongpoll.php?sQuHfXxwcxpHy=FrUvA5S0JtoPG412JaEZ&6zXNIBK3cn=3CTOEwO6F2GBcQR24joPCZUI26&b9d41a25883cf5c0edd5a29d9f32a3ec=a59da15c17ae71b616fadc785a0de37a&6c50d0a269ba1f4bda86396c84f813f0=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&sQuHfXxwcxpHy=FrUvA5S0JtoPG412JaEZ&6zXNIBK3cn=3CTOEwO6F2GBcQR24joPCZUI26 - rule_id: 3676
|
1
149.154.66.50 - mailcious
|
|
1
http://149.154.66.50/VideotoPolllongpoll.php
|
9.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11453 |
2021-08-18 11:41
|
 vbc.exe e52bb3fd16b1b414bfef8462c4091b3b
UPX Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.0 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11454 |
2021-08-18 11:44
|
 @aran_welaso20.exe c94fcdb866e1e3a9af205bd27664d492
RAT PWS .NET framework Generic Malware UPX PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
1
|
|
|
4.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11455 |
2021-08-18 12:00
|
 0817_5286872558.doc a87db9de6caf60bbd55e1a8b9805a3a0
VBA_macro MSOffice File unpack itself |
|
|
|
|
1.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11456 |
2021-08-18 12:01
|
 0817_0384716421.doc fde9b8d089fa03841c9981f98ba15abb
VBA_macro MSOffice File GIF Format Malware Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName |
2
http://patiennerrhe.com/8/forum.php
http://api.ipify.org/
|
4
api.ipify.org(54.235.88.121)
patiennerrhe.com(185.230.91.127)
50.16.238.218
185.230.91.127
|
1
ET POLICY External IP Lookup api.ipify.org
|
|
8.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11457 |
2021-08-18 12:03
|
 0817_7648681625.doc 0673071e945646c58d6bc06d20cd88de
VBA_macro MSOffice File GIF Format Malware Malicious Traffic Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces IP Check ComputerName |
2
http://patiennerrhe.com/8/forum.php
http://api.ipify.org/
|
4
api.ipify.org(50.19.119.155)
patiennerrhe.com(185.230.91.127)
54.225.219.20
185.230.91.127
|
1
ET POLICY External IP Lookup api.ipify.org
|
|
7.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11458 |
2021-08-18 12:06
|
Proformar invioce.exe a311cef429085f54e95b32fd836c56b6
AgentTesla RAT browser info stealer Generic Malware Google Chrome User Data Admin Tool (Sysinternals etc ...) Socket Sniff Audio Escalate priviledges KeyLogger Code injection Internet API Downloader persistence DGA DNS Create Service HTTP FTP ScreenShot H VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities WriteConsoleW Windows Cryptographic key |
|
|
|
|
11.0 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11459 |
2021-08-18 16:13
|
 jkfe.exe 5c3ebb5dfa876c0d76ccae99518153d8
Malicious Library VMProtect PE File PE32 DLL OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AppData folder Windows DNS |
|
1
|
|
|
4.8 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11460 |
2021-08-18 16:37
|
 vbs1.html 4b71de199adad75c4855194892a50ad6
Antivirus unpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|