| 12061 |
2021-09-03 17:17
|
 smbscanlocal0902.exe 830ffb393ba8cca073a1c0b66af78de5
PE File PE32 VirusTotal Malware Check virtual network interfaces WriteConsoleW |
|
|
|
|
4.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12062 |
2021-09-03 17:18
|
 AJ_tool_2.0.exe e9a07674a035bb2a1e4f233c41269edd
RAT Generic Malware PE File OS Processor Check .NET EXE PE32 Browser Info Stealer VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger WMI unpack itself Checks Bios Detects VirtualBox Check virtual network interfaces VMware anti-virtualization IP Check Tofsee Browser ComputerName Software crashed |
3
http://ip-api.com//json/175.208.134.150
https://ip4.seeip.org/
https://discord.com/api/webhooks/882954273980284939/Oo5CKwHMkILgJiucQhx_aJyEIHFxNaStS_Rgc-0H9Qm-hz7qs9oDqPvJxh_FmBs3dflH
|
6
ip4.seeip.org(23.128.64.141)
discord.com(162.159.137.232) - mailcious
ip-api.com(208.95.112.1)
208.95.112.1
23.128.64.141
162.159.135.232
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY External IP Lookup ip-api.com
|
|
8.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12063 |
2021-09-03 17:21
|
 tito.exe 7c8efbe367f82fb25ec6c42479a64a25
Admin Tool (Sysinternals etc ...) Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName |
3
https://onedrive.live.com/download?cid=D6676A9A61E841F3&resid=D6676A9A61E841F3%21144&authkey=ADKru-6Ld-lJ97I
https://ya7p6a.sn.files.1drv.com/y4md987bqpeXyH2yULsrm7vyAfWGLIv2wUJDK4ZcmIW_gedctayW5Tizvqt6qaXXNJCi0qgQVjqyPw6fyISiI2mCcGw1_2ug6rQFtxzfwu-KEuHO_Ym8-xZIhpf424sLtIZ6ywXv9lJ7JXVsQZB0q4xbTZYcCthKmj7ucINV_3gx9g_uBwYGTzab4Q0jSkxKc1_67ZLKtdM8MmXPgItTMFlog/Dbixhszrnpskrfhdmybztzypykrurds?download&psid=1
https://ya7p6a.sn.files.1drv.com/y4mwfXOKjaW69wYFkI3SGx3XTuEnz3xPlm0bryjw2gLBg6o-LSPkzMUDb6s5J_u7Bs8WP2vq4AreLgWt8E5kWbcSNvbIxhLJGsTa7XUSyO2qSF9NtU9dLinxHeGEo3KfheOwsTJ84lSmZ-nlXoL5ltTl-00PpD3-J3OxW1Ab6Zi6u5vwzjA0oUiQdVA3769hxc9KhNbpGfeT0MzPyXyQOVyPg/Dbixhszrnpskrfhdmybztzypykrurds?download&psid=1
|
4
ya7p6a.sn.files.1drv.com(13.107.42.12)
onedrive.live.com(13.107.42.13) - mailcious
13.107.42.13 - mailcious
13.107.42.12 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.2 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12064 |
2021-09-03 18:11
|
 smbscanlocal0902.exe 830ffb393ba8cca073a1c0b66af78de5
Worm Phorpiex Generic Malware PE File PE32 VirusTotal Malware Check virtual network interfaces WriteConsoleW |
|
|
|
|
4.6 |
M |
39 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12065 |
2021-09-04 13:56
|
 bin_Protected.exe 0a9de49281cf90a99f03cb917ac16afe
Malicious Library AntiDebug AntiVM PE File PE32 DLL VirusTotal Malware Buffer PE Code Injection Check memory buffers extracted Creates executable files unpack itself AppData folder crashed |
|
|
|
|
8.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12066 |
2021-09-04 13:58
|
 fit.exe 3386ae032f6d373ca53c4cdd9f2d8071
Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName |
3
https://onedrive.live.com/download?cid=D6676A9A61E841F3&resid=D6676A9A61E841F3%21145&authkey=AFt5mXo5_hIU9Wo
https://ya5qxq.sn.files.1drv.com/y4mhkdES2FrzkTr6_ft2vmvKfb9bGMafvF6erpDGpYTyyTou4wOYM--o-pDpWFRoe7XtvHGmX-j_fZ9jW-sMy0xF9LNy6xYLxCqh457rSVvRZ9mXnrhAbWBC7JoY6cVQXsaxJXaqxeEx9ypdygh-0x4PHsyE4Rqwgt5FVSoogr_d7kT53WzOlK4QTYdvaXtyMutkLvh5570BfFK65a9VkcfOA/Zmtabitkattqctosiqoboivzoukwwhu?download&psid=1
https://ya5qxq.sn.files.1drv.com/y4mWV0lrv_tiHoBpZFLgeGeAoOLHwgJmNqdH0OgjUFuy2BNr8G1IO_HRyR6jrXDrImiFe2QUvT74VBUi5sedcd9fLF9dxoWww6_21cF9mI_hsgFoBYR5C-53tzBarzEgUjh_sHrNCdGK_piD2dAN0Pt76qJhizWP4egLLhy7FriuiAueVsovba7AN1mG-Ds_Hqv63TZr0t6kELXRIsqvIrriA/Zmtabitkattqctosiqoboivzoukwwhu?download&psid=1
|
6
onedrive.live.com(13.107.42.13) - mailcious
twistednerd.dvrlists.com(62.102.148.152) - mailcious
ya5qxq.sn.files.1drv.com(13.107.42.12)
13.107.42.13 - mailcious
13.107.42.12 - malware
62.102.148.152
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.6 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12067 |
2021-09-04 13:58
|
 build_2021-09-03_19-07.exe 34d8bda29d961c5757f3a8a0ef971205
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12068 |
2021-09-04 13:58
|
 PBrowFile15.exe 0dd588d0d11074ff583db120b6c551a4
Generic Malware PE File .NET EXE PE32 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee |
2
https://2no.co/1C8Ua7
https://2no.co/1C6Ua7
|
5
theonlinesportsgroup.net() - mailcious
remotepc3.xyz()
remotenetwork.xyz()
2no.co(88.99.66.31) - mailcious
88.99.66.31 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12069 |
2021-09-04 14:00
|
syn 9eb8c2ce21be0b6f778806b9875f1368
Malicious Library AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware Code Injection Check memory Checks debugger unpack itself Browser Email |
|
|
|
|
4.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12070 |
2021-09-04 14:02
|
 rp1.exe 7dd46656a988d8b05cf41486ff90e6aa
Emotet Generic Malware Themida Packer Malicious Library PE File .NET EXE PE32 GIF Format Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed |
4
http://iplogger.org/1mxPf7
https://iplogger.org/1mxPf7
https://cdn.discordapp.com/attachments/446310284857180160/883361400209174538/Zenare.exe
https://api.ip.sb/geoip
|
9
api.ip.sb(172.67.75.172)
cdn.discordapp.com(162.159.133.233) - malware
bitbucket.org(104.192.141.1) - malware
iplogger.org(88.99.66.31) - mailcious
172.67.75.172 - mailcious
162.159.129.233 - malware
88.99.66.31 - mailcious
104.192.141.1 - mailcious
84.246.85.14
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
14.4 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12071 |
2021-09-04 14:02
|
 Real01_1.exe 5cde4a5c2fad12bc819ccc89b6baae53
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.6 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12072 |
2021-09-04 14:03
|
 Soft-win.exe 4e120e201ef1e0c75a923215aa66e07b
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12073 |
2021-09-04 14:05
|
 obinnazx.exe 5b5276e6117204297cf817fee27e16d4
PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows Cryptographic key |
1
http://www.best123-movies.com/gz92/?pPB=jWTejL3+D+Hcg5zVfim8Kkj3YaZNWfReiwt81ol2RyZe448HMGoII8eUgBNn9uB5CJiZPpky&-ZS=W6O83nLhO
|
4
www.peggeorge.com(156.241.53.33)
www.best123-movies.com(34.98.99.30)
34.98.99.30 - phishing
156.241.53.33
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
11.6 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12074 |
2021-09-04 14:05
|
 skype.exe 7cdbaac6ce5de3023ac8b8ebf17cbb1f
PWS .NET framework email stealer Generic Malware DNS Socket Escalate priviledges KeyLogger Code injection Downloader persistence AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName DNS Cryptographic key crashed |
|
1
|
|
|
11.8 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12075 |
2021-09-04 14:07
|
 pcpedemo.exe 250e548c641a259913efe572efa37914
Emotet Generic Malware NSIS Malicious Library PE File OS Processor Check PE32 VirusTotal Malware Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder |
|
|
|
|
4.0 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|