| 11581 |
2021-08-20 17:10
|
 vbc.exe 16893b49702338aaa8c043450d0f15f1
PWS .NET framework Generic Malware AntiDebug AntiVM PE File OS Processor Check .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
3
http://www.shipu199.com/m3n0/?w48L=yFkN1TM4af1gV4WhNlx5lrnPdl1eebc0NGlDL8fAzkZE4TTUaGGuRKUn+5lxdIwKMTt6Z3t/&0nGTQJ=LjoX_66Ha83Hg8
http://www.elsonidodelacalle.com/m3n0/?w48L=m4MFs36Ucpj1GyErAGBxkzm4FiJMt3pbCU5S1e6L9Cs2CafjD4xrmEyE6l1gxjHDfcxPRFuP&0nGTQJ=LjoX_66Ha83Hg8 - rule_id: 4319
http://www.sofierceboutique.com/m3n0/?w48L=0S6do/tpyWfc2KY6dnSVUFmQijloKjn055jCLPRYcMshHIkjsGaQAJlRLy3xc3UbIeTlHv8+&0nGTQJ=LjoX_66Ha83Hg8
|
6
www.sofierceboutique.com(23.227.38.74)
www.shipu199.com(34.102.136.180)
www.elsonidodelacalle.com(209.99.64.55) - mailcious
23.227.38.74 - mailcious
34.102.136.180 - mailcious
209.99.64.55 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
1
http://www.elsonidodelacalle.com/m3n0/
|
8.4 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11582 |
2021-08-20 17:11
|
 vbc.exe aa5894726fb68afeb60be8129b4930f7
PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
9
http://www.computerhaendler.com/fa0p/?EfBt4JP0=TtXTxZSKH6MPJY/udWLakCmfWiPZKC3h3gm/GdZmjeBFKrtSix5tm0iiEPJ/i0hX6DQ0calH&ohoXP=SzrlsD
http://www.salimahsshoots.com/fa0p/?EfBt4JP0=A8BWZbJbubflYZThg16OmceJIc3LU6GwJzcioSp40PS/cbBcxW0uu3DDnXDHO7A+cf4rjOJV&ohoXP=SzrlsD
http://www.erogames.xyz/fa0p/?EfBt4JP0=/0qWDOLKkRUmqg2U/9Ys586hHpboeMHWiGPfSqQFDSJqzz6EtEzsC8ovHngaoCUElVF1cjrJ&ohoXP=SzrlsD
http://www.salt-careers.com/fa0p/?EfBt4JP0=9fbA8mxDLHGOIxgL53d8eGCeB4C4+MzIRpsd88ANiJktB5auaYtL8f5p40uSLDrzb1vvaM6p&ohoXP=SzrlsD
http://www.redinktattooremoval.net/fa0p/?EfBt4JP0=1fIGYnxA4Tj82CuUuQHUk/aPoobLqLGgR7Fluz8lKS/t4kaXZCsZcjjRhUnQwyHQGwBNKKsK&ohoXP=SzrlsD
http://www.pilbaraleakdetection.site/fa0p/?EfBt4JP0=19esFrxzIJwIqXk+fkA1L97TfNEr1q9dx+mA+xTWy4dNmME2AanSNU0wc7By2ZiMVP1PAyz5&ohoXP=SzrlsD
http://www.forexgolds.com/fa0p/?EfBt4JP0=LcDne1kQA3NRIxi0Caicv8421pro1+eQyO/FT0tN6EnePfzMBRMzdJqMdbIJ7qhk36kPUzwF&ohoXP=SzrlsD
http://www.patentflix.com/fa0p/?EfBt4JP0=pk8TMZg3FZz78OgFLMLL69VuVknsfqGMz15/JYFNWJLWB7NJtaQYbjpsJUrWFGbV+/6ndv7E&ohoXP=SzrlsD
http://www.ecolemidad.com/fa0p/?EfBt4JP0=IGcWEyN+39umNz1D9BOPO4HcsljtFBx9/CUrrnUn7d05kH+CMhP1TkdcAjsiLDZuW1YzgEOa&ohoXP=SzrlsD
|
18
www.forexgolds.com(184.168.131.241)
www.computerhaendler.com(3.223.115.185)
www.redinktattooremoval.net(216.239.34.21)
www.salt-careers.com(209.17.116.160)
www.erogames.xyz(44.230.85.241)
www.pilbaraleakdetection.site(203.170.80.250)
www.ecolemidad.com(23.111.175.173)
www.patentflix.com(185.106.208.3)
www.salimahsshoots.com(34.102.136.180)
209.17.116.160 - phishing
185.106.208.3 - suspicious
216.239.34.21 - mailcious
184.168.131.241 - mailcious
23.111.175.173 - mailcious
34.102.136.180 - mailcious
44.230.85.241
3.223.115.185 - mailcious
203.170.80.250 - phishing
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
8.4 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11583 |
2021-08-20 17:12
|
 file.exe 0032903fbb10502ab650e9f0a489929e
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11584 |
2021-08-20 17:12
|
 sefile.exe adb3434ca0e21949f5bb6e50edcc974d
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11585 |
2021-08-20 17:14
|
 lv.exe 23d39eb713a310071bdfe9d05ae62a90
Emotet Gen1 Gen2 Malicious Library Malicious Packer PE File PE32 DLL VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows |
|
1
DUJLnoInJHUNOY.DUJLnoInJHUNOY()
|
|
|
5.4 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11586 |
2021-08-20 17:14
|
 DllDhcpreviewsessioncrt.exe cb7eb1adf0a8dfe4dd7f13840f612514
RAT Generic Malware Malicious Packer PE File OS Processor Check .NET EXE PE32 Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces AntiVM_Disk VM Disk Size Check Windows ComputerName DNS crashed |
2
http://82.146.46.79/limitscript/Cpuscreenplugin/MathgeneratortraceDjango/data/Cpugame/traceprod/bin/framepool/prodpool/traceMath/pipetraffic.php?Xfys=BPDua0vlJHJBSK&NJDFITXetlr=SVrJxn8hyd7fKh&1e95383a084df9df112e9865fbe18670=gZzQTYkR2Y0IDOmZjNlZmYwETN2UWNlRWN5UjZ1MjNlFzMwEGZ2gzY0UTMwUDMzYDNyQDN0IjM&2110996c47c11d144b0baf2dabf08801=gZlVmYmFTOxU2N5EmMhZTZ0IDOihjY1ITY3gTO2ATOhRGOjNzY1UWN&684a3e2faf31dbc7cf33cbde8246cb05=d1nIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOiUWZkRWOlNGN3MTNjhjZ1Y2N2MjNzUDO5EDOjJGN3ImZiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOigzN1EGM2UjYjdTYxQWNmlDZwEWNjFGNyQGM5YGZhdjZis3W&ccb36bcdd9cbeb0acf7211c38ab8926e=0VfiIiOiQmZ2MjM0MWNiNWOzIGM0YmZ2gTOkJzMhRjMiRTNjJmMiwiIwQTZ0YTO1EGZjZTY2QWO0YDZzMmZ2MjYjlTYzI2NhZzNldDO1IWYlJiOiUWZkRWOlNGN3MTNjhjZ1Y2N2MjNzUDO5EDOjJGN3ImZiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOigzN1EGM2UjYjdTYxQWNmlDZwEWNjFGNyQGM5YGZhdjZisHL9JSUmlWSYplbG1mYoFTRJRnRtNmb502YRpUaPl2YzI2a1cVYYJVMRJkSDxUarxWS2kUaiBXMHplQOhVYpdXaJ9kSp9UawcVWqp0VahlTYFWa3lWSapUaPlWVtJmdod0Y2p0MZBXMwMGcKNETpl0aVl2bqlESGVkVpdXaJBDbtF1ZRpmTnRDMTd2dXlVd5cVY65EWa1WOtNWUClnTn10MkZnUtJGckxWS2kUajxmWsJGckxWSzBjbJhmVtNmd0VUSvJFWkZnTGlEdBNkWsxWbaBnTXp1dOhUSwkTbUl2bqlkbKNjYpdXaJVzZU1Ee0knT5VERMlXRE1UM0knT6lUaPlWTyI2cKNETplUMTl2bqlUNKhEZ1Z1MipmSDxUa3dFZ2ZlMVl2bqlUd5cVYuZVbjl2dplUMkdFToJ0MaVXOyUVavpWS1IFWhpmSDxUaBRlT4RzQOpXRqxENBpWT1VleOhXSp9UaBhVYpNnbPlGOtpVdsV0YKp0QMlWSq1EMOhlWwoUaPlWVXJGa1s2Ys5EWWl2dplERCZFT5lERWRlVFZVavpWSsFzVZ9kTFVVa3lWS4RzQOVXUqlkNJl2YspFbjxmWuNGbOxWSzlUallEZF1EN0kWTnFURJZlQxE1ZBRUTwcGVMFzaHlEcwUkVvVVbjZnTFlEcJZ0SzZ1RkVHbrlkNJNlW0ZUbUZlQxEVa3lWSDJ0QNdGMDl0dTl1NSlHN2ATYKdzZwwEb0pGcuJna3QXcENVUIplRJF0ULdzYHp1Np9maJxWMXl1TWZUVIp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQmZ2MjM0MWNiNWOzIGM0YmZ2gTOkJzMhRjMiRTNjJmMiwiIiNWYhZWM1YzM5UDOzAjMlRzYkNDNzUDO0gjY3gTMwMmN5QzY3YTZ0IiOiUWZkRWOlNGN3MTNjhjZ1Y2N2MjNzUDO5EDOjJGN3ImZiwiI1AjZ1IzN0UDM3UWZ1gzY0IzY0UGM3IjZwYzMmVjZjRjZyE2NkhjM3IiOigzN1EGM2UjYjdTYxQWNmlDZwEWNjFGNyQGM5YGZhdjZis3W
http://82.146.46.79/limitscript/Cpuscreenplugin/MathgeneratortraceDjango/data/Cpugame/traceprod/bin/framepool/prodpool/traceMath/pipetraffic.php?Xfys=BPDua0vlJHJBSK&NJDFITXetlr=SVrJxn8hyd7fKh&1ac5053ba302be41798f7440bded00f3=ecbf0c479f2347790be3d299b6ca862c&2110996c47c11d144b0baf2dabf08801=QNjhTO4Q2NiJWMjRWO1IjYwIjM5ADNzQWMiVWNxUjNxIzMmJmY3QGO&Xfys=BPDua0vlJHJBSK&NJDFITXetlr=SVrJxn8hyd7fKh
|
1
|
|
|
5.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11587 |
2021-08-20 17:16
|
 vbc.exe 2b5346dcfa4f86d3ef68060c22e5a087
Malicious Library PE File OS Processor Check PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Malicious Traffic Check memory unpack itself AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software crashed |
1
http://65.21.223.84/~t/i.html/m9vo3uzZGXz0z
|
1
|
5
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
|
|
9.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11588 |
2021-08-20 17:16
|
 index.php ea3fca6fc5d1a1a9fe5098996cd215e6
Malicious Library PE File PE32 PDB unpack itself Remote Code Execution |
|
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11589 |
2021-08-20 17:19
|
 Soft-win64.exe 087888c1b56195cbd6badd3876767a35
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11590 |
2021-08-20 17:19
|
 kl5.exe 3eda59632a67aa35beb3417be7547010
Generic Malware Themida Packer Anti_VM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Checks Bios Detects VMWare Check virtual network interfaces VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed |
2
http://188.124.36.242:25802/ - rule_id: 4226
https://api.ip.sb/geoip
|
3
api.ip.sb(172.67.75.172)
104.26.13.31
188.124.36.242 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
http://188.124.36.242:25802/
|
9.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11591 |
2021-08-20 17:20
|
 SuccourHippings_2021-08-20_01-... 42fdf557c2eaed4cde25c9bd9e0f9421
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11592 |
2021-08-20 17:23
|
 Finest_.exe bb2e98e725fd42de35f1e68c3f154f24
PWS .NET framework BitCoin Generic Malware Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://159.69.190.155:35975/
https://api.ip.sb/geoip
|
3
api.ip.sb(172.67.75.172)
104.26.13.31
159.69.190.155
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
|
|
12.2 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11593 |
2021-08-20 17:26
|
 lv.exe ea6726790536078f1519a965c44a11e8
NPKI Gen1 Emotet Gen2 Malicious Library Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence AntiDebug VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows |
|
1
fYkRnLiyNmVjHRcBr.fYkRnLiyNmVjHRcBr()
|
|
|
6.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11594 |
2021-08-20 17:33
|
PACKINGS & TEXTILES.pdf a5985fe6a940ee5c5f41639a967deb15
PDF VirusTotal Malware Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
|
|
|
|
1.8 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11595 |
2021-08-20 17:35
|
 tonight.exe 329debbda9174757ac0678b3cb364e19
RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW Tofsee ComputerName |
2
https://cdn.discordapp.com/attachments/876998344449343601/878048385322586122/n33.exe
https://cdn.discordapp.com/attachments/877973640937897984/878021367742734376/wdqdwq.dll
|
2
cdn.discordapp.com(162.159.135.233) - malware
162.159.130.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|