| 12481 |
2023-06-08 18:08
|
Adobe Premiere Pro.rar 9ec53fc91d28e9065489ba193b5a95e1
PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself |
|
|
|
|
1.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12482 |
2023-06-08 18:04
|
1234.rar a254e95af764b162db0dc73636f7f5dd
PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates executable files unpack itself |
|
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12483 |
2023-06-08 17:59
|
cccclcccclcccclcccclccccl%23%2... 930ee6aa6ef31ed1b129d72cabf61487
MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed |
3
http://107.172.148.217/cl/cc/GxwFzwcvtovTBxiVO240.bin
http://107.172.148.217/24/cleanmgr.exe
http://www.everlastdisposal.com/btrd/?Wz=p2F9PZF+YDMdIDbehdEmtTqgeS1h9oFef91gXfMh2Udnn4lDKN26Dl1fq4W90inelrKmdT0H&vB=lhrxP
|
5
www.everlastdisposal.com(15.197.204.56)
www.h59f07jy.cfd()
www.solarcyborg.com()
15.197.204.56
107.172.148.217 - malware
|
7
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE FormBook CnC Checkin (GET)
ET MALWARE Generic .bin download from Dotted Quad
|
|
5.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12484 |
2023-06-08 17:57
|
 6481937ec937d.zip 9c423f84d55dc3ac786e3d47d0aa2da4
ZIP Format Malware Malicious Traffic NetSupport |
3
http://geo.netsupportsoftware.com/location/loca.asp
http://91.215.85.180:5222/
http://91.215.85.180/fakeurl.htm
|
4
balibumba1.com(91.215.85.180) - mailcious
geo.netsupportsoftware.com(62.172.138.67)
51.142.119.24
91.215.85.180 - mailcious
|
3
ET POLICY NetSupport GeoLocation Lookup Request
ET INFO NetSupport Remote Admin Checkin
ET INFO NetSupport Remote Admin Response
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12485 |
2023-06-08 17:53
|
 hkcmd.exe bb82589608f2312e9bf9d0c63c8a3d68
UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed |
|
|
|
|
3.4 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12486 |
2023-06-08 17:51
|
reeeeeeeeeeeeeeeeeee%23%23%23%... 8f6f20b9800cc3739e08c986979fe886
MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed |
4
http://www.newindianewsnetwork.com/xchu/?3ff87=UZzOwKaFQ/vPekhs+zO7lkKCRVDVl7SIETScfHQduMne1x4ZhLlFTL1RqfYvcnOdqPz6oEwS&NtTD4P=XPjlnTqhSFMXinZ
http://www.ideeintemporelle.com/xchu/?3ff87=t3j26SmWIpincnwYCr1048OEQratwNj3NaIAmhSNt4vAPvcvbjHh9YV3JIDfjMXs/Qq5pWG1&NtTD4P=XPjlnTqhSFMXinZ
http://107.172.148.217/re/cPTQWCQPXVHQEfabnuB91.bin
http://107.172.148.217/244/hkcmd.exe
|
5
www.newindianewsnetwork.com(65.109.92.221)
www.ideeintemporelle.com(84.16.76.212)
65.109.92.221
84.16.76.212
107.172.148.217 - malware
|
7
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Generic .bin download from Dotted Quad
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12487 |
2023-06-08 17:49
|
iloiloiloiloiloiloiloiloiloilo... 523638a13e3af95fc2256be66725c682
MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed |
4
http://www.couturewrap.com/btrd/?JDK8bDY=SG9A3Pt3xYazNmDlDw9fHiFSCreErl1UBTZXmuPCTcYswo69CAuXyrO6p7GwaEZoJbh+8dJR&BX=E2J4tHWP_V2
http://www.hardscapesofflorida.com/btrd/?JDK8bDY=AmgPWBLkQfYgu+cImsHRMNogX0JnRzmL7Zrvmwd/vtKHrkREKDd630Yx4/ca2rifgVa1gRw7&BX=E2J4tHWP_V2
http://www.fanatics-international.com/btrd/?JDK8bDY=Qks0PjRxOVp3YjLqM6UzXaXWzvTwLkvk8ayReQSORSiEbEol+Sszu0U7+SUPM2K7jvwZrDVw&BX=E2J4tHWP_V2
http://107.172.148.217/544/hkcmd.exe
|
6
www.couturewrap.com(34.102.136.180)
www.hardscapesofflorida.com(34.102.136.180)
www.fanatics-international.com(3.64.163.50)
3.64.163.50 - mailcious
34.102.136.180 - mailcious
107.172.148.217 - malware
|
6
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET MALWARE FormBook CnC Checkin (GET)
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12488 |
2023-06-08 17:47
|
 bld_4.exe 296fd972f13fe3f371d16ff2430a3e81
RAT .NET EXE PE File PE32 VirusTotal Malware Buffer PE MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
3.8 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12489 |
2023-06-08 17:46
|
 hkcmd.exe a413d04a39c86bd0b4ca116227d20a30
UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12490 |
2023-06-08 17:45
|
rsrsrsrsrsrrsrsrsrsrsrsrssrsrs... 39669a47b553f5d6b3ed6b730d7852f9
MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Windows Exploit DNS crashed |
5
http://www.parimaladragonflywellness.life/gtt8/?WZ=C+0/87yis/Zlv4qd7l9geBDqQKvoMWPO9Bv6EyyNy79humck0b/iQDmOl3lSHHtefS401NFg&Rv=X2JXNdDX_20Dj04
http://www.lennartjahn.com/gtt8/?WZ=OdtWE4DAxERL7SMiEfq8Qou+0omTbT/PNs+Z6OFSeBqZ4lp4mdBeKi3j+/SgzRhga1nsl2MQ&Rv=X2JXNdDX_20Dj04
http://www.meuble-chaussure-entree.site/gtt8/?WZ=yCnQ5L6NlcTRcn+ifIq7oQPvIlFV2UDOCQ1NjUaFJYn2MwS8YusSoR7wSYegmy6tKiXh+Vbc&Rv=X2JXNdDX_20Dj04
http://107.172.148.217/re/rs/IRjVevieEjoNGeLpLWfDSZKIoW131.bin
http://107.172.148.217/245/hkcmd.exe
|
7
www.meuble-chaussure-entree.site(81.88.57.68)
www.lennartjahn.com(104.21.63.182)
www.parimaladragonflywellness.life(198.49.23.144)
198.49.23.145 - mailcious
172.67.171.154
107.172.148.217 - malware
81.88.57.68 - mailcious
|
9
ET MALWARE FormBook CnC Checkin (GET)
ET INFO Observed DNS Query to .life TLD
ET MALWARE Generic .bin download from Dotted Quad
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO HTTP Request to Suspicious *.life Domain
|
|
5.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12491 |
2023-06-08 17:44
|
 hkcmd.exe c6d2ae33edf3d67a0c2abe42836c2874
UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
2.6 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12492 |
2023-06-08 17:44
|
cccclcccclcccclcccclccccl%23%2... 930ee6aa6ef31ed1b129d72cabf61487
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit DNS crashed |
|
1
|
|
|
4.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12493 |
2023-06-08 17:43
|
 wininit.exe 4c46bfbd4f6224963065eede69e80f7d
Malicious Library PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic unpack itself DNS |
16
http://www.seseapk.com/hqny/
http://www.gardinalplace.life/hqny/
http://www.montanasapphires.online/hqny/?m40HnJIf=n1CdPpzxYwqEjsG0Qgxc3fK1e+R7zylx10dE7UARUo2qmYQZkuFozCTNAjLX4OweHcopEvO11zC7KH5OIbyIbW6BPXRJsCk2YfaTf38=&k-I=dHgK57WfpMAIaF9c
http://www.luxeconcept.net/hqny/
http://www.luxeconcept.net/hqny/?m40HnJIf=Hsr+FS3aUC3v5cYG2kJwTz2Fiv05Ac/D2GVn4rP2+cnf/CEwXrKsow638/CQaZGhQs+ww4P4gMYs+x3Lc8BNJT7QU85Ww4GHlJMw20s=&k-I=dHgK57WfpMAIaF9c
http://www.montanasapphires.online/hqny/
http://www.seseapk.com/hqny/?m40HnJIf=mJH9W27z8cbsc7vpY+E6DLxpKObOQHn2HvWQb9G1AeaU7CpO/W7NVY91S6OxE3LAXZsPh7Ioc7rkgvN9xJr9EVPP8ghUoovlGQYiqlI=&k-I=dHgK57WfpMAIaF9c
http://www.uchbfm.cfd/hqny/
http://www.69573.xyz/hqny/
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3170000.zip
http://www.uchbfm.cfd/hqny/?m40HnJIf=m+ybVjvh7agWR9kwIW90wxm7xw0mVpAKZ7IrFeQzPIYANX32/SKYYL1eEsf44L+W0nPEXXXW2Q2sM9/iZhRVCXL5a7JofqeU46QhEqQ=&k-I=dHgK57WfpMAIaF9c
http://www.69573.xyz/hqny/?m40HnJIf=LuFWF9Ua84RDJQoWRjdHaxOOJGr2k3CF/TnoVcaYxo8S6F7pRCZMbcZzZdCEfatU6D3gOhGC0lLUMqABcFj4if2qqDICpO2nO8eNe9I=&k-I=dHgK57WfpMAIaF9c
http://www.gardinalplace.life/hqny/?m40HnJIf=dCEp+0m3P0JUSbGijBo/RSr8kaN/Z3sSlC8vhR/5CqloiAn9JexI0t5iKqyAv6gMC40bfRj5WBEr7LlDi1AuUeAMNiBwlcnzOqfFvew=&k-I=dHgK57WfpMAIaF9c
http://www.kakekgirang5.shop/hqny/
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip
http://www.kakekgirang5.shop/hqny/?m40HnJIf=CXlbuvDGPZkDZuVIC7pN9bWZtfAlmQpQeGiqx6WAcwFRIivK0QTPVQRfBJCVm9sX5H1lJ3DwQtgXkv6CkHLTc1MyWUNY9q0X0o/sl2U=&k-I=dHgK57WfpMAIaF9c
|
18
www.uchbfm.cfd(47.57.240.200)
www.luxeconcept.net(216.40.34.41)
www.montanasapphires.online(208.91.197.27)
www.kakekgirang5.shop(198.252.98.107)
www.rosifariasestetica.online()
www.new-balkon-otdelka.site()
www.gardinalplace.life(162.254.37.64)
www.winchespullers.store()
www.seseapk.com(156.237.242.36)
www.69573.xyz(122.10.50.92)
162.254.37.64
208.91.197.27 - mailcious
216.40.34.41 - mailcious
122.10.50.92
156.237.242.36
45.33.6.223
198.252.98.107
47.57.240.200
|
5
ET MALWARE FormBook CnC Checkin (POST) M2
ET INFO HTTP Request to Suspicious *.life Domain
ET INFO Observed DNS Query to .life TLD
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
3.6 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12494 |
2023-06-08 17:43
|
 wininit.exe 8f25fe4c31de1a795ca154d7dacad298
UPX Malicious Library PE File PE32 JPEG Format DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed |
|
|
|
|
3.6 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12495 |
2023-06-08 17:41
|
 snappyshop.it_img_docse.php.ps... 3e2fdbdefa7c8e16b351a46ed1afc33d
Generic Malware Antivirus AutoRuns Check memory unpack itself WriteConsoleW Windows Cryptographic key |
1
https://www.snappyshop.it/img/index.php
|
|
|
|
2.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|