| 12046 |
2023-06-21 16:06
|
 vp2023.exe 38bd8cf9d900fa629d1844b215a3d4d0
UPX Malicious Library MZP Format PE File PE32 VirusTotal Malware unpack itself Tofsee |
1
https://drownways.com/deamn/tndv.zip
|
2
drownways.com(149.100.151.190) - malware
149.100.151.190 - malware
|
3
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.8 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12047 |
2023-06-21 16:06
|
 unsecapp.exe 297c423d2a4a52a7f109240ae70b4ca1
Formbook NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder Windows DNS |
17
http://www.gnhxxiazai03.com/ogeb/ - rule_id: 33861
http://www.nicejunq.com/ogeb/ - rule_id: 33864
http://www.poshkits.info/ogeb/?jn=AqRXXMRheGbbuzNJ7gUd3ELHirevyxJNjMj6aH1i+QGnsBV8j36ZsXkdOVofclXLXJuwnJ0etyY1DKNGveWcGaTGb3YRrubSnMygGeg=&q2hFh=SZfKrZcS - rule_id: 33866
http://www.poshkits.info/ogeb/ - rule_id: 33866
http://www.drstephaniebest.com/ogeb/ - rule_id: 33863
http://www.ketocanadmqy.cloud/ogeb/ - rule_id: 33860
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip
http://www.gnhxxiazai03.com/ogeb/?jn=wBih4ktWfPNsySsqn3uI1HmQOkxE78XnlLTDvxJFz8Ksfyo9cnxjh72KIWiVUUXAXHwdyJ5YpLQGYf4Z+A02Vjn9hAcAu81BvwPbwlI=&q2hFh=SZfKrZcS - rule_id: 33861
http://www.fb99vn.com/ogeb/?jn=OXN+k+OlhXjl96bKh2NTgPCFs15ire34/TTevHac9SK8WXddN+80UbpDpODSd5z2qlIY7v82+nyluTO39li1mIxMKX8Jb/R8tbta/VI=&q2hFh=SZfKrZcS - rule_id: 33865
http://www.fstrainingllc.com/ogeb/ - rule_id: 34471
http://www.fstrainingllc.com/ogeb/?jn=3AILmDJPkAUUrpOG/VIeUrZXgpOSZo6R/tiWoTcNtPioWsJTZGZ4drzV2BWU9NJm5Ofj96iGCfDOoWGqNQZdTpxyILTH4aD/oQaBOA8=&q2hFh=SZfKrZcS - rule_id: 34471
http://www.r1146.xyz/ogeb/?jn=hQC9FzST15eBXJ4J4T0DlrZN3V4nndOGJI8rCOq0KQaVihaPabvY2aUaE4N/PK/Cku54qUwIUhcWHwQfhhinhH5BJGjDnxoo3iDp4OU=&q2hFh=SZfKrZcS - rule_id: 33862
http://www.fb99vn.com/ogeb/ - rule_id: 33865
http://www.ketocanadmqy.cloud/ogeb/?jn=JCW7LwLHnn7ptjGjE5oXohZmdFlQQ26ARwAmaoNxO6ijvQN7ubUT60jiWusc3p3YeBdlnORuW+NtBTBOf6MBl7CRUR/NRW0MRl+FZL4=&q2hFh=SZfKrZcS - rule_id: 33860
http://www.r1146.xyz/ogeb/ - rule_id: 33862
http://www.drstephaniebest.com/ogeb/?jn=+v0OuBHGG6cw5ZwrQCjmtsYbU4xaGL5HoMfXaXw9oSi2F/e6KL+7wkfrHW9mkq7nBIGbSiwCyL8lMMQd9mW+kFWaqBx5WK5Isw5ml80=&q2hFh=SZfKrZcS - rule_id: 33863
http://www.nicejunq.com/ogeb/?jn=61GncP3LZGSS1NuGOhw0w9YAjVqrgaXoImnMpoqiHfpClz+VkHF1OaSSbCiQjyR+WlMAeIDV0LjpJ/XsdXKhboCqPvNVkna3o/MBoBk=&q2hFh=SZfKrZcS - rule_id: 33864
|
19
www.leshka-toshka.online() - mailcious
www.gnhxxiazai03.com(20.255.200.185) - mailcious
www.ketocanadmqy.cloud(195.161.62.100) - mailcious
www.nicejunq.com(91.195.240.123) - mailcious
www.drstephaniebest.com(198.185.159.145) - mailcious
www.pymhn.top() - mailcious
www.r1146.xyz(172.67.203.63) - mailcious
www.fb99vn.com(172.67.153.64) - mailcious
www.poshkits.info(162.0.231.6) - mailcious
www.fstrainingllc.com(154.39.174.239) - mailcious
172.67.203.63 - phishing
20.255.200.185 - mailcious
91.195.240.123 - mailcious
162.0.231.6 - mailcious
104.21.12.203 - mailcious
154.39.174.239 - mailcious
45.33.6.223
198.185.159.145 - mailcious
195.161.62.100 - mailcious
|
4
ET DNS Query to a *.top domain - Likely Hostile
ET MALWARE FormBook CnC Checkin (POST) M2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
16
http://www.gnhxxiazai03.com/ogeb/
http://www.nicejunq.com/ogeb/
http://www.poshkits.info/ogeb/
http://www.poshkits.info/ogeb/
http://www.drstephaniebest.com/ogeb/
http://www.ketocanadmqy.cloud/ogeb/
http://www.gnhxxiazai03.com/ogeb/
http://www.fb99vn.com/ogeb/
http://www.fstrainingllc.com/ogeb/
http://www.fstrainingllc.com/ogeb/
http://www.r1146.xyz/ogeb/
http://www.fb99vn.com/ogeb/
http://www.ketocanadmqy.cloud/ogeb/
http://www.r1146.xyz/ogeb/
http://www.drstephaniebest.com/ogeb/
http://www.nicejunq.com/ogeb/
|
5.6 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12048 |
2023-06-21 16:02
|
 data64_2.exe 2d1dffc690133c02a27ac0e2d7c03039
RedLine stealer UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
94.130.176.65 - mailcious
|
1
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
|
|
11.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12049 |
2023-06-21 16:00
|
 ss41.exe 91670b685d544cc5ee1ca6263dc76a53
Gen1 Gen2 Generic Malware UPX Malicious Packer PE64 PE File Browser Info Stealer Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic WMI unpack itself Windows utilities Check virtual network interfaces WriteConsoleW Fabookie Windows Browser ComputerName Remote Code Execution |
3
http://as.imgjeoigaa.com/check/safe - rule_id: 33483
http://as.imgjeoigaa.com/check/?sid=652746&key=a65e8cd0b8eec374712079683db8bf48 - rule_id: 34487
http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482
|
4
as.imgjeoigaa.com(39.109.117.57) - mailcious
us.imgjeoigaa.com(154.221.19.146) - mailcious
154.221.19.146 - mailcious
39.109.117.57 - mailcious
|
1
ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET)
|
3
http://as.imgjeoigaa.com/check/safe
http://as.imgjeoigaa.com/check/
http://us.imgjeoigaa.com/sts/imagc.jpg
|
4.8 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12050 |
2023-06-21 15:58
|
 data64_3.exe 6375b46cec76be55885593736cd40270
Themida Packer UPX Anti_VM .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Checks Bios Detects VMWare Check virtual network interfaces AppData folder suspicious TLD VMware anti-virtualization Tofsee Windows Remote Code Execution Firmware crashed |
3
https://sso.passport.yandex.ru/push?uuid=b7d82276-c92f-4350-9469-9356de41d229&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue
https://dzen.ru/?yredirect=true
https://yandex.ru/
|
6
yandex.ru(77.88.55.88)
sso.passport.yandex.ru(213.180.204.24)
dzen.ru(62.217.160.2)
62.217.160.2
77.88.55.88
213.180.204.24
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.2 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12051 |
2023-06-21 15:55
|
 3.exe 68749e1f05472d28f9aead6c393da9d2
Schwerer UPX PE File PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Check memory Checks debugger Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Browser Email ComputerName |
|
|
|
|
6.8 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12052 |
2023-06-21 15:55
|
 FRE.exe d30ce8e717936e2c8bbd79773807ddd5
UPX Admin Tool (Sysinternals etc ...) KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed |
1
|
2
api.ipify.org(173.231.16.76)
64.185.227.155
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12053 |
2023-06-21 15:53
|
 obizx.exe 718d4c3b29a705405b2377005f53b631
PWS UPX .NET framework(MSIL) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger |
1
|
2
api.ipify.org(64.185.227.155)
104.237.62.211
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.4 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12054 |
2023-06-21 15:52
|
 DaHost.exe dabf4bf05dadea76f0a7b346eee48844
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12055 |
2023-06-21 15:51
|
 DaHostss.exe c5e31856527c65df6382fbc50deb1ded
NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed |
1
|
2
api.ipify.org(173.231.16.76)
173.231.16.76
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12056 |
2023-06-21 14:42
|
 payload2.dll f249ab6266b09f71f05c85a966f8f3d7
AsyncRAT UPX .NET framework(MSIL) Malicious Library Malicious Packer OS Processor Check .NET EXE PE File PE32 VirusTotal Malware DNS DDNS |
|
2
wbem.ddns.net(147.189.174.239) - mailcious
147.189.174.239
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
2.6 |
|
60 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12057 |
2023-06-21 14:38
|
 payload2.dll f249ab6266b09f71f05c85a966f8f3d7
.NET framework(MSIL) AsyncRAT UPX Malicious Library Malicious Packer OS Processor Check .NET EXE PE File PE32 VirusTotal Malware DNS DDNS |
|
2
wbem.ddns.net(147.189.174.239) - mailcious
147.189.174.239
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
2.6 |
|
60 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12058 |
2023-06-21 13:11
|
File_pass1234.7z 925bad98f5262b9221631e9a52312aa1
PWS Escalate priviledges KeyLogger AntiDebug AntiVM RedLine Malware download Amadey Malware Microsoft Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check PrivateLoader Tofsee Fabookie Stealer Windows Trojan DNS |
34
http://208.67.104.60/api/firegate.php - rule_id: 34253
http://hugersi.com/dl/6523.exe - rule_id: 32660
http://208.67.104.60/api/tracemap.php - rule_id: 28876
http://as.imgjeoigaa.com/check/?sid=544580&key=00dad2550544c1c3a8f7c677d0d0b7cf - rule_id: 34487
http://185.159.129.168/clpr/OWUsN2UsODMsOWIsOWUsODIsOTAsOTEsNjQsN2Ys - rule_id: 34348
http://as.imgjeoigaa.com/check/?sid=544558&key=c1e610015ceed346861ca8b729609bda - rule_id: 34487
http://www.microsoft.com/
http://as.imgjeoigaa.com/check/safe - rule_id: 33483
http://77.91.68.63/DSC01491/fotod85.exe - rule_id: 34450
http://45.15.156.229/api/tracemap.php - rule_id: 33783
http://icanhazip.com/
http://83.97.73.131/gallery/photo221.exe - rule_id: 34350
http://ji.jahhaega2qq.com/m/p0aw25.exe - rule_id: 33779
http://45.9.74.80/undoo.exe - rule_id: 34507
http://77.91.68.63/doma/net/index.php - rule_id: 34361
http://94.142.138.131/api/tracemap.php - rule_id: 28311
http://45.9.74.80/0bjdn2Z/index.php - rule_id: 26790
http://us.imgjeoigaa.com/sts/imagc.jpg - rule_id: 33482
http://45.9.74.6/2.exe - rule_id: 34108
http://ip-api.com/json/?fields=query,status,countryCode,city,timezone
http://apps.identrust.com/roots/dstrootcax3.p7c
http://77.91.68.63/DSC01491/foto166.exe - rule_id: 34449
http://www.maxmind.com/geoip/v2.1/city/me
https://sun6-20.userapi.com/c237131/u808950829/docs/d4/e13b25e09d25/cosmicc.bmp?extra=stXLh9yeLHGN9SlVsloDPGw2IgEhBNDxgWN1G2zeGn8qlgrZSRAH1v89a0ZDL7oELI93bxwBwRnW_ivqaxb3FRZiw4Xqq202jQeAhhWSHBci5Zdkb-0YOkk07JgxzAMRpaPdeRM2Q93iMMgW-Q
https://transfer.sh/get/O32aLx3zxk/123.exe
https://db-ip.com/demo/home.php?s=175.208.134.152
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
https://db-ip.com/
https://sun6-21.userapi.com/c237131/u228185173/docs/d35/4140efbf0ed7/RisePro_0_1_mA7L5kJnTfFOiuHxQYaS.bmp?extra=re6rpnFOKJwF0t8F4lretXsoNaq02d_nb05Kq5nbPJBLKO0KilKF9RN8oCExTx0GeSBpQXc_53AvQYpPEE-29fALGTrBrIzneHMEI1cZjQL6tMPwa4wU185BgFu0-VuGPrPF2CZIhQknkhGBHQ
https://transfer.sh/get/Ob9VLCSTEK/n0cjd0kc.exe
https://redstarnetwork.com/c53cfff621a84792162f70e790980e38.exe
https://sun6-23.userapi.com/c909418/u228185173/docs/d27/da1f2eaf2b5d/WWW1.bmp?extra=8J1b5OCdk00xDQ04yGXv7N1CNSCMv3zNpE207zxgONfJmcjxiMjX8zRAs2CAkQVcOL3tzbiJWX2tA3ol7rulMaErNXRaHgTSYMOM4sXxWFokNQNs91oo1kxDokhHctckG42HpXCAlIUHMH1U1w
https://sun6-23.userapi.com/c909518/u228185173/docs/d38/ea548909888f/PMmp.bmp?extra=LXFxB-ISKpM7xEmmJzm8A0AHpbBGvwJhkryzYodAYd3pZDyv6H2Y0krbCQxfr0dI8Y9eNqFwd226iLcSF8pMoRwBAWN9OIRQlnLvB3d9AJRz73Ft6_ua2DMvIVM3Y5cp8s2d6iPEMI_BtQrgVA
https://vk.com/doc808950829_663078972?hash=j2CZ6bZTOFKujwLvTjSsQqTNOS1zHcabZQcoDzREbF4&dl=hcBEKXMw1SIZkcrNZfPnHmTG7tHeo2Ckl7z4I9qFrMc&api=1&no_preview=1
|
71
db-ip.com(104.26.4.15)
api.mylnikov.org(104.21.44.66)
as.imgjeoigaa.com(39.109.117.57) - mailcious
ip-api.com(208.95.112.1)
ipinfo.io(34.117.59.81)
sun6-23.userapi.com(95.142.206.3)
filetops.com(176.123.0.55) - malware
iplogger.org(148.251.234.83) - mailcious
sun6-20.userapi.com(95.142.206.0) - mailcious
www.nsctpl.com(50.28.78.111)
www.microsoft.com(104.76.29.199)
sun6-21.userapi.com(95.142.206.1) - mailcious
redstarnetwork.com(172.67.147.58)
api.telegram.org(149.154.167.220)
luxuryhosts.net(172.67.186.52)
us.imgjeoigaa.com(154.221.19.146) - mailcious
api.db-ip.com(104.26.5.15)
transfer.sh(144.76.136.153) - malware
www.google.com(142.250.207.100)
api.myip.com(104.26.9.59)
hugersi.com(91.215.85.147) - malware
ji.jahhaega2qq.com(172.67.182.87) - malware
www.maxmind.com(104.17.214.67)
vk.com(87.240.129.133) - mailcious
icanhazip.com(104.18.114.97)
iplis.ru(148.251.234.93) - mailcious
148.251.234.93 - mailcious
194.169.175.128 - mailcious
208.95.112.1
104.17.215.67
83.97.73.128 - malware
91.215.85.147 - malware
176.123.0.55 - malware
94.142.138.113 - mailcious
104.26.5.15
208.67.104.60 - mailcious
172.67.75.166
104.21.44.66
135.125.27.228
45.9.74.80 - malware
185.159.129.168 - mailcious
104.75.19.18
157.254.164.98 - mailcious
34.117.59.81
148.251.234.83
104.26.8.59
194.169.175.132 - malware
77.91.68.63 - malware
45.12.253.74 - malware
104.18.114.97
144.76.136.153 - mailcious
154.221.19.146 - mailcious
185.81.68.115 - mailcious
83.97.73.131 - malware
50.28.78.111
172.67.186.52
45.15.156.229 - mailcious
104.26.4.15
87.240.137.164 - mailcious
95.142.206.3
163.123.143.4 - mailcious
95.142.206.1 - mailcious
95.142.206.0 - mailcious
23.67.53.18
121.254.136.27
149.154.167.220
94.142.138.131 - mailcious
45.9.74.6 - malware
104.21.18.146
39.109.117.57 - mailcious
104.21.41.126
|
37
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Mismatch protocol both directions
ET DROP Spamhaus DROP Listed Traffic Inbound group 40
ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Download from dotted-quad Host
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com)
ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
ET MALWARE JS/Nemucod.M.gen downloading EXE payload
ET MALWARE Single char EXE direct download likely trojan (multiple families)
ET INFO TLS Handshake Failure
ET INFO Packed Executable Download
ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET)
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET POLICY IP Check Domain (iplogger .org in DNS Lookup)
ET INFO EXE - Served Attached HTTP
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET POLICY IP Check Domain (icanhazip. com in HTTP Host)
ET HUNTING Telegram API Domain in DNS Lookup
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1
ET MALWARE Amadey Bot Activity (POST)
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET POLICY IP Check Domain (iplogger .org in TLS SNI)
ET POLICY Observed Wifi Geolocation Domain (api .mylnikov .org in TLS SNI)
ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh)
ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup)
ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)
ET POLICY Observed File Transfer Service SSL/TLS Certificate (transfer .sh)
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET POLICY External IP Lookup ip-api.com
ET POLICY Microsoft user-agent automated process response to automated request
|
18
http://208.67.104.60/api/firegate.php
http://hugersi.com/dl/6523.exe
http://208.67.104.60/api/tracemap.php
http://as.imgjeoigaa.com/check/
http://185.159.129.168/clpr/OWUsN2UsODMsOWIsOWUsODIsOTAsOTEsNjQsN2Ys
http://as.imgjeoigaa.com/check/
http://as.imgjeoigaa.com/check/safe
http://77.91.68.63/DSC01491/fotod85.exe
http://45.15.156.229/api/tracemap.php
http://83.97.73.131/gallery/photo221.exe
http://ji.jahhaega2qq.com/m/p0aw25.exe
http://45.9.74.80/undoo.exe
http://77.91.68.63/doma/net/index.php
http://94.142.138.131/api/tracemap.php
http://45.9.74.80/0bjdn2Z/index.php
http://us.imgjeoigaa.com/sts/imagc.jpg
http://45.9.74.6/2.exe
http://77.91.68.63/DSC01491/foto166.exe
|
6.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12059 |
2023-06-21 12:25
|
 xmrig.exe 0b021b93052fed386a4d094edae61ca8
Generic Malware UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File VirusTotal Malware unpack itself ComputerName |
|
|
|
|
1.8 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12060 |
2023-06-21 12:25
|
 WatchDog.exe 4aa5e32bfe02ac555756dc9a3c9ce583
.NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
3.6 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|