| 11491 |
2023-07-17 13:25
|
 an.exe 09ab5b40d8ea72b0fc02000284e22169
RedLine Infostealer UltraVNC UPX Malicious Library VMProtect OS Processor Check PE File PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows ComputerName Cryptographic key crashed |
|
|
|
|
6.2 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11492 |
2023-07-17 13:14
|
 Receipt-894324.xls 73f2506109fae384bc40c7ba7cb5fc9c
VBA_macro MSOffice File VirusTotal Malware Check memory unpack itself suspicious process |
10
http://jeromfastsolutions.com:8088/scripts/file10.bin
http://jeromfastsolutions.com:8088/templates/file10.bin
http://jeromfastsolutions.com:8088/themes/file5.bin
http://webservicesamazin.com:8088/css/details.bin
http://fasteasyupdates.com:8088/tpls/file3.bin
http://onlinefastsolutions.com:8088/plugins/file9.bin
http://paymentadvisry.com:8088/styles/file7.bin
http://jeromfastsolutions.com:8088/bundle/details.bin
http://buyer-remindment.com:8088/css/file8.bin
http://onlinefastsolutions.com:8088/fonts/file13.bin
|
1
jeromfastsolutions.com() - mailcious
|
|
|
3.2 |
M |
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11493 |
2023-07-16 11:19
|
texaszx.doc ab48983ce4d1c89f69c4db12cc86f934
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed |
1
http://87.121.221.212/texaszx.exe
|
3
api.ipify.org(104.237.62.211) -
173.231.16.76 -
87.121.221.212 -
|
7
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11494 |
2023-07-16 11:18
|
 sk.exe 6e7ecd0389a97aa765eca10d5741b882
RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://2.59.255.145:56586/
https://api.ip.sb/geoip
|
3
api.ip.sb(104.26.13.31) -
104.26.13.31 -
2.59.255.145 -
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET ATTACK_RESPONSE RedLine Stealer - CheckConnect Response
ET ATTACK_RESPONSE Win32/LeftHook Stealer Browser Extension Config Inbound
SURICATA HTTP unable to match response to request
|
|
8.0 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11495 |
2023-07-16 11:17
|
 deep.exe 404da62e0999dcbc4ee9907f5a9b56b6
.NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.4 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11496 |
2023-07-16 11:16
|
 post.exe bf34de529a120cc9a93664aae4bd83c3
RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://85.217.144.184:38329/
https://api.ip.sb/geoip
|
3
api.ip.sb(172.67.75.172) -
172.67.75.172 -
85.217.144.184 -
|
4
ET ATTACK_RESPONSE RedLine Stealer - CheckConnect Response
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET ATTACK_RESPONSE Win32/LeftHook Stealer Browser Extension Config Inbound
SURICATA HTTP unable to match response to request
|
|
8.0 |
|
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11497 |
2023-07-16 11:14
|
 file.exe 0644a6d1a7994445f05f3d4e20e82140
Themida Packer Generic Malware Anti_VM .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed |
|
1
|
|
|
7.2 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11498 |
2023-07-16 11:13
|
 gold123.exe f63ac0b3496291dbc468e2d5a1f2bcd5
RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
3
api.ip.sb(172.67.75.172) -
104.211.55.2 -
104.26.12.31 -
|
2
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.4 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11499 |
2023-07-16 11:11
|
 clip64.dll c0973231287f23e7cf3e8335a031bb8d
UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself |
|
|
|
|
2.0 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11500 |
2023-07-16 11:11
|
 texaszx.exe 562befbabd86d628aa650b58d5b0f97a
AgentTesla .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
api.ipify.org(64.185.227.156) -
64.185.227.156 -
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11501 |
2023-07-16 11:09
|
 damianozx.exe 1713d3d96339f9983809739473cbef08
AgentTesla .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed |
|
2
api.ipify.org(104.237.62.211) -
64.185.227.156 -
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.8 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11502 |
2023-07-16 11:09
|
damianozx.doc cff9ecbc256c9828f1e9ea683bc5ea31
MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed |
1
http://87.121.221.212/damianozx.exe
|
3
api.ipify.org(104.237.62.211) -
64.185.227.156 -
87.121.221.212 -
|
7
ET INFO Executable Download from dotted-quad Host
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11503 |
2023-07-16 11:07
|
 95.214.25.232:3004 fa0e45413ffcfb619ab488952c7d4cf3
UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
1.8 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11504 |
2023-07-16 11:07
|
 Inv_LCC_Scan_4.exe 01f50ef4b9419013f3a3967d7ed734cf
UPX OS Processor Check PE64 PE File VirusTotal Malware Malicious Traffic unpack itself |
1
|
2
skofilldrom.com(64.225.70.62) -
64.225.70.62 -
|
|
|
2.4 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11505 |
2023-07-16 11:06
|
 divinezx.exe 7565de937291fdf2f686f518f1b16fa5
AgentTesla Generic Malware .NET framework(MSIL) Antivirus KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
|
2
api.ipify.org(104.237.62.211) -
64.185.227.156 -
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.0 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|