| 12601 |
2021-09-21 18:10
|
 428558fcf4133715cf08d2fdf904b3... 4849ab316b3dcde68a2a23c22dee2d98
Malicious Library PE File PE32 VirusTotal Malware Checks debugger RWX flags setting unpack itself suspicious process ComputerName crashed |
|
|
|
|
4.2 |
M |
59 |
pavan85
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12602 |
2021-09-22 09:21
|
 zCloud.exe c6855b8e550bcdd88084643f747070ac
UPX Malicious Library DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File PE32 Emotet VirusTotal Malware Buffer PE AutoRuns Code Injection buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName crashed |
3
https://qcjbog.sn.files.1drv.com/y4mgO4fRklhtUF1Kf7SDAuSdekFB43L0BZG2UNSJJzh-_TpHGP6L2C6bE2XeW10uMQNRcY8oVM7xSbx2HEjYQneNDnVYoSeRsbSYjstbQwkWCvix9H4beDJsWaG7xC2_tIV_HFY0ac62q2WycHpONtiW6TQzJvUVQGbnG4J6Rbm6TwwKXpMBLQkVyTj1dZZEsvdFxZnBtQN1neiXukdj7r1Ag/Hjaysdpefymbyylradymneefuugtqzs?download&psid=1
https://onedrive.live.com/download?cid=D6676A9A61E841F3&resid=D6676A9A61E841F3%21156&authkey=ANROQ1PrS9e3Q48
https://qcjbog.sn.files.1drv.com/y4mwPvoB139FtnSuJDqawwFNrcMC4wICzbZ5StKfB9Jl3d1tkQ2nIuBercAh2QA07rsukuKVCT0UY-yfJP7VXdaTqc2zcbRyN_idSMKGz19IiTB5xRsHlrEFB_gGUbINfT7jH_zIDa613Uk5Vo5ud_8Pdvi8EsEmPHIeNkPZucU_ax5iWnlwcXrjm3MRNEVdP4qFf0wHiaX8G6R1EjzzPbmZg/Hjaysdpefymbyylradymneefuugtqzs?download&psid=1
|
6
saptransmissions.dvrlists.com(185.140.53.32) - mailcious
onedrive.live.com(13.107.42.13) - mailcious
qcjbog.sn.files.1drv.com(13.107.42.12)
13.107.42.13 - mailcious
13.107.42.12 - malware
185.140.53.32
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12603 |
2021-09-22 09:23
|
 jj10-crypt.exe 7dd1032cbeb2b3f61e727060a65a839f
Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed |
|
|
|
|
11.0 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12604 |
2021-09-22 09:23
|
 new_requests_5022058.exe d883d9c4eb5bbaf4d4b3131d1ec71349
RAT Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed |
1
https://store2.gofile.io/download/5c9d4064-4708-4f82-b830-1ebe74778b3b/Luwwfkikt.dll
|
8
www.facebook.com(157.240.215.35)
store2.gofile.io(31.14.69.10)
www.twitter.com(104.244.42.193)
www.google.com(172.217.25.228)
157.240.215.35
142.250.66.68
31.14.69.10
104.244.42.129 - suspicious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.8 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12605 |
2021-09-22 09:25
|
 572805109.exe b510e124d32628b7318c25a09d580686
RAT Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
3
api.ip.sb(104.26.12.31)
172.67.75.172 - mailcious
135.181.208.162
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12606 |
2021-09-22 09:25
|
 enquiry_3013577701209ppt.exe 2c7d4e78f74cc716f23492ad19daf763
RAT Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed |
1
https://store2.gofile.io/download/af6f96d2-cbdd-494d-a0c4-3806faa01406/Entban.dll
|
8
www.twitter.com(104.244.42.193)
store2.gofile.io(31.14.69.10)
www.facebook.com(157.240.215.35)
www.google.com(172.217.31.132)
104.244.42.1 - suspicious
157.240.215.35
31.14.69.10
216.58.200.68
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12607 |
2021-09-22 09:27
|
 product_specifications_details... de964e4eddeb6ff30b6382af77de7650
RAT Generic Malware Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut ICMP traffic unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed |
1
https://store2.gofile.io/download/7a80b600-2309-4cd7-af3d-a2c5c0bd5e34/Shsiatkkhdjdpjmanb.dll
|
8
www.facebook.com(157.240.215.35)
store2.gofile.io(31.14.69.10)
www.twitter.com(104.244.42.1)
www.google.com(172.217.31.132)
157.240.215.35
104.244.42.193 - suspicious
31.14.69.10
142.250.66.36
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.2 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12608 |
2021-09-22 09:29
|
 settings.exe 19de024852f18e867582c47b9630e7a5
RAT PWS .NET framework Generic Malware UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed |
1
https://pastebin.pl/view/raw/ae498e11 - rule_id: 4631
|
2
pastebin.pl(168.119.93.163) - mailcious
168.119.93.163 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://pastebin.pl/view/raw/ae498e11
|
12.0 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12609 |
2021-09-22 09:46
|
 sefile.exe 98c9d17d06b52192e9946fc7f4cba934
Malicious Library PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
1.8 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12610 |
2021-09-22 09:47
|
 1115744375.exe c7be1b666b8ec3b2a43bb1713fba6fdd
Malicious Library PE File OS Processor Check PE32 VirusTotal Malware MachineGuid Malicious Traffic Checks debugger buffers extracted Tofsee DNS |
2
http://185.163.45.42/
https://telete.in/vvhotsummer
|
3
telete.in(195.201.225.248) - mailcious
195.201.225.248 - mailcious
185.163.45.42
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12611 |
2021-09-22 09:48
|
 abo.exe 07a6157b0c4e67d0cc7b911af53963f1
PWS .NET framework Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed |
|
|
|
|
12.2 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12612 |
2021-09-22 09:50
|
 vbc.exe 571fbd383fdd865a8232b66a32fcdea1
RAT PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
9
http://www.fixnds.net/n90q/?TjPx=P6KHl7TAGZAH71a4RnFQbUY9wI712ZxOLEoxdKJtbTI+a932MHV87nmrVKQgNeA2xOLZZdND&6l=mnSl
http://www.cadylovesphil.com/n90q/?TjPx=PaCWC483jJ1HtEcfQf62PsMYoCFYOsO8vjZT/E/YBK1tRvRehhDd7ldpB+xgDE+kOptxT42i&6l=mnSl
http://www.rogerbennettdirect.com/n90q/?TjPx=jjoFFvlqTx20XcgYMQ4XkTqs/me3vbqvtySxBe6GswElSHbgnA1OjDpMmx0BBxbFFt1y++tp&6l=mnSl
http://www.exsalon.com/n90q/?TjPx=EWb7O5uBPUrKCxYatUDuT7v/S66I5c1eO1NheRiQPi6D0MQzxHiFURYLxG1IV//P9S0W5zX1&6l=mnSl
http://www.melisjewelryoutlet.com/n90q/?TjPx=IWUWHJdqOUXlXVbqgsytsBCjtgFzXL9PVTKzOkAVbq3Wshw07ptXs3J1aper+w7Ppoi+2UWd&6l=mnSl
http://www.hbo9x.com/n90q/?TjPx=VuCFI60C2Fa7BRxontB00GmI3hvNk9tk8ncjsg6qmPVslE9ClHmpoI5ZTylurzZorUZRxbZS&6l=mnSl
http://www.yyoutlets.com/n90q/?TjPx=C8aqPgrbrEZnqb9rrq1oEiWl0ZHCdquyaSR6E3K+XYj+LRrgfi5jsiI15JZ5hMnZiQ0ipQzI&6l=mnSl
http://www.adorotudoisso.club/n90q/?TjPx=+AznKtSaeUwG4Xhx64dkxKeTbLa++kdbf8CsCGDIfyM3i3hWyBe26u1HjGAigACJ/I2g9jsl&6l=mnSl
http://www.gofirstclasstransportation.com/n90q/?TjPx=0cADqPZotqwvqOMSx7rwGQPvTd92CQ4aGVB1mEVI6ZXtvSXOsayYXTl19amwUpnq95YPp+92&6l=mnSl
|
18
www.adorotudoisso.club(208.113.216.170)
www.fixnds.net(45.91.203.242)
www.yyoutlets.com(104.16.199.133)
www.hbo9x.com(198.54.117.217)
www.rogerbennettdirect.com(45.38.95.23)
www.cadylovesphil.com(184.168.131.241)
www.gofirstclasstransportation.com(34.102.136.180)
www.melisjewelryoutlet.com(35.82.7.11)
www.exsalon.com(3.223.115.185)
45.38.95.23
184.168.131.241 - mailcious
198.54.117.212 - mailcious
34.102.136.180 - mailcious
35.82.7.11
104.16.199.133 - phishing
3.223.115.185 - mailcious
208.113.216.170
45.91.203.242
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
8.4 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12613 |
2021-09-22 09:50
|
 mswindow.exe 3cfea06304d4f15a2a7b9cf0ba55a05f
PWS .NET framework Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed |
|
|
|
|
7.6 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12614 |
2021-09-22 09:51
|
 1062852386.exe a74d8695a741f5dd6f4384b52743387d
RAT PWS .NET framework Generic Malware PE File OS Processor Check .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
3
api.ip.sb(172.67.75.172)
185.180.220.105
104.26.13.31
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.0 |
|
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12615 |
2021-09-22 09:52
|
 19.exe ceb3dd231090ce93da86c04e1616c305
RAT Generic Malware UPX PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|