| 11926 |
2021-08-31 16:31
|
 verb.exe 37197f31b0fda37f2f5e321ee46cf7ca
RAT Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself AppData folder |
|
|
|
|
2.8 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11927 |
2021-08-31 17:22
|
 sqlite.dll 4a6cfe6c785e9cfa0c326d11ec9c5a88
PE File OS Processor Check DLL PE32 VirusTotal Malware Check memory crashed |
|
|
|
|
1.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11928 |
2021-08-31 17:23
|
 qvuivhquwhuizqw.dll e289da378fdeaf1a8c1520cd551fe4ec
Generic Malware PE File .NET DLL DLL PE32 VirusTotal Malware PDB |
|
|
|
|
0.8 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11929 |
2021-08-31 17:23
|
 afansdo.exe 97b2c750a2a59cb189eef40930e7198b
RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
3.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11930 |
2021-08-31 17:35
|
 sureboizx.exe 54e8f20105761b277faadacfb1f92fbd
PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed |
|
|
|
|
8.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11931 |
2021-08-31 17:36
|
 templezx.exe d6f1c112404e4b95e665707573eb055d
PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
6
freegeoip.app(172.67.188.154)
mail.alliedhealthga.com(107.180.56.180)
checkip.dyndns.org(158.101.44.242)
107.180.56.180 - malware
172.67.188.154
132.226.8.169
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Detect protocol only one direction
ET POLICY External IP Lookup - checkip.dyndns.org
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
|
|
12.8 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11932 |
2021-08-31 17:38
|
 ashleyzx.exe e6d540396bfb587fcbdff7d86818baac
PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key |
1
http://www.lockhartsecurity.net/crg3/?DVoh7=6HbvMohAfwaUDhCXtcRCtyZfDW8DHrqjT8ZI/HopstjLBdCjMnLLyR8BWkeFk1Fn2gl3lt+M&6l=TlPx
|
3
www.lrkingdee.com()
www.lockhartsecurity.net(172.217.175.115)
216.58.197.211 - deface
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.6 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11933 |
2021-08-31 17:38
|
 tpzx.exe 3a0c4ac73fba3367b8876d4019dc4ddc
PWS .NET framework Generic Malware ScreenShot Http API Steal credential AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Tofsee Windows DNS Cryptographic key |
1
https://telete.in/timkamrstones - rule_id: 4546
|
3
telete.in(195.201.225.248) - mailcious
107.180.56.180 - malware
195.201.225.248 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://telete.in/timkamrstones
|
8.4 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11934 |
2021-08-31 17:40
|
 nwannezx.exe 4cb380f10d27e9b5ba3c8cc7b121cfc9
PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(104.21.19.200)
checkip.dyndns.org(158.101.44.242)
193.122.130.0
104.21.19.200
|
3
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup - checkip.dyndns.org
|
|
12.0 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11935 |
2021-09-01 07:36
|
 invoice.wbk 75410d9d9ab02c713cd6dc1c59da787c
RTF File doc AntiDebug AntiVM LokiBot Malware download VirusTotal Malware c&c MachineGuid Malicious Traffic Check memory Checks debugger exploit crash unpack itself Windows Exploit DNS Cryptographic key crashed Downloader |
2
http://checkvim.com/fd11/fre.php
http://103.140.251.93/axis/vbc.exe
|
3
checkvim.com(185.251.88.222)
103.140.251.93
185.251.88.222
|
14
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET INFO Packed Executable Download
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE LokiBot Fake 404 Response
|
|
5.6 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11936 |
2021-09-01 07:39
|
 vbc.exe 94db0490bbaf3752ea87c1785513dccb
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.0 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11937 |
2021-09-01 07:41
|
 p.wbk 9d2cc34c3b6319a79a8c32881c8759ec
RTF File doc AntiDebug AntiVM Malware download VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger exploit crash unpack itself Tofsee Windows Exploit DNS Cryptographic key crashed |
1
http://192.3.122.133/Pman/win767.exe
|
3
pomf.lain.la(198.244.149.184)
167.114.3.98
192.3.122.133 - mailcious
|
9
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO Executable Download from dotted-quad Host
ET MALWARE Possible Malicious Macro DL EXE Feb 2016
ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.2 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11938 |
2021-09-01 07:43
|
 win767.exe be748577200ac649a36bf877a9e95f12
Schwerer AutoIt UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Tofsee |
1
https://pomf.lain.la/f/kt1nmuh
|
2
pomf.lain.la(167.114.3.98)
107.191.99.49
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.4 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11939 |
2021-09-01 09:24
|
 vbc.exe 29cf935bafff5bf4047f666dd4bc69e2
Schwerer AutoIt UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.6 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11940 |
2021-09-01 09:24
|
 vbc.exe 79ddde2396171f22269c3be17e82c76b
AutoIt UPX PE File PE32 Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|