| 13051 |
2021-10-03 10:00
|
 1.dll c6312fbf8d344014804200a3101a6379
Malicious Library PE File OS Processor Check DLL PE32 Dridex TrickBot ENERGETIC BEAR VirusTotal Malware Report suspicious privilege Malicious Traffic Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process Kovter ComputerName DNS crashed |
1
https://97.83.40.67/soc1/TEST22-PC_W617601.36705B26EFFB745F7FE4BBA4219F337F/5/file/
|
5
46.99.175.217 - mailcious
46.99.175.149 - mailcious
179.189.229.254 - mailcious
185.56.175.122 - mailcious
97.83.40.67 - mailcious
|
5
ET CNC Feodo Tracker Reported CnC Server group 11
ET CNC Feodo Tracker Reported CnC Server group 24
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
ET CNC Feodo Tracker Reported CnC Server group 19
|
|
6.0 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13052 |
2021-10-03 10:03
|
 NetFrame.exe 935adaea999dc3ad0672636dced6011e
Generic Malware Antivirus Malicious Library PE64 PE File OS Processor Check GIF Format powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AntiVM_Disk sandbox evasion VM Disk Size Check Tofsee Windows ComputerName Cryptographic key |
2
http://iplogger.org/1y9Mp7
https://iplogger.org/1y9Mp7
|
4
bitbucket.org(104.192.141.1) - malware
iplogger.org(88.99.66.31) - mailcious
88.99.66.31 - mailcious
104.192.141.1 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13053 |
2021-10-03 10:03
|
 lv.exe c70150d4634ccf7bb7733ebdb4072f0f
Gen1 Emotet Gen2 Themida Packer Generic Malware Malicious Library Anti_VM Malicious Packer DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Hijack Network Internet API FTP ScreenShot Http API Steal credential Do VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows crashed |
|
1
WwyqIYsDYRviWhalzpTBUVQzLDR.WwyqIYsDYRviWhalzpTBUVQzLDR()
|
|
|
7.0 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13054 |
2021-10-03 10:09
|
 2.trf.ps1 35e8723ab0414fa2f1d4db45d52e2254
Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.6 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13055 |
2021-10-04 10:12
|
 sefile3.exe 94fa890b7a91f842e006e1c7c795b616
Malicious Library PE File PE32 PDB unpack itself Remote Code Execution |
|
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13056 |
2021-10-04 10:13
|
 downloadmanager.exe 17fe15c3f5f28d07fa885bf7099163ef
Emotet Malicious Library Malicious Packer AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware PDB Code Injection Check memory Creates executable files unpack itself Windows utilities WriteConsoleW Windows |
|
|
|
|
5.4 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13057 |
2021-10-04 10:15
|
 cl.exe f508c9697bf14a187f2eb879739ac562
Generic Malware PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
1.8 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13058 |
2021-10-04 10:15
|
 artifact.exe c354ad2705debb7a270777acf1574597
Malicious Library PE64 PE File VirusTotal Malware RWX flags setting unpack itself ComputerName DNS |
1
http://142.4.123.147:2087/api/3
|
1
|
|
|
3.6 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13059 |
2021-10-04 10:17
|
 toolspab2.exe fa37c09192e38254a4e80951f6f00642
Malicious Library AntiDebug AntiVM PE File PE32 Malware PDB Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution |
|
|
|
|
6.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13060 |
2021-10-04 10:18
|
 det-088.exe af5aec64e95c21aaa7083c96ab1c417e
PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows Cryptographic key |
14
http://www.szyyglass.com/ef6c/
http://www.fis.photos/ef6c/?t8o=iVGcxgJZg7dDdqnpGvHyDNlE3XmNDIFvU6VDaZ8nDL6WJmv+1asF/xEbeuA1UUYS6lydoag+&UlX=YvIpZ
http://www.lafabriqueabeilleassurances.com/ef6c/?t8o=2QYE7mkSl4x2jlZo54GRK50GO3C76nvR62kgjEMbDIxrMKFbsYZiIeVfmB5iSiZWlGlMGs/r&UlX=YvIpZ
http://www.gicaredocs.com/ef6c/?t8o=dQ8jXmGBocPwA167SrVCKSfe9kfjfwf5Y/UytJXCMDqauGkqvJ/2eQvfbvtaR0w7HyB9eXq/&UlX=YvIpZ
http://www.levanttradegroup.com/ef6c/?t8o=9g8sfBGzWY6JJ+yJLDpPQys/8ShNqhTPTp4cpY8RvCwAQwKx0UrfmPEzoi+Z1D/DgpYog5qv&UlX=YvIpZ
http://www.lafabriqueabeilleassurances.com/ef6c/
http://www.szyyglass.com/ef6c/?t8o=WJZ/PBlgU2sqxbhuKWSW0gAF450CRpcifwWN2Hn02+HJZd2OB2qk7jd6844pcDa/ZUIS0tAu&UlX=YvIpZ
http://www.gaminghallarna.net/ef6c/?t8o=klh7vGPfywtzHDqBe0mXtw9R4RUvLJCc3Nh/2lv7lW0muO/R44RuNcsYgcRk+/HbCIQeLGan&UlX=YvIpZ
http://www.gicaredocs.com/ef6c/
http://www.fis.photos/ef6c/
http://www.gaminghallarna.net/ef6c/
http://www.levanttradegroup.com/ef6c/
http://www.redelirevearyseuiop.xyz/ef6c/?t8o=+zggs108Zt88mF3I15I6Vl7MIKEVgTDkllssvVc7oGo+vC3UJFm7tcArJeeO3BpO4YdkYwbo&UlX=YvIpZ
http://www.redelirevearyseuiop.xyz/ef6c/
|
16
www.redelirevearyseuiop.xyz(198.54.117.244)
www.csspadding.com()
www.levanttradegroup.com(34.102.136.180)
www.gaminghallarna.net(194.9.94.86)
www.xzq585858.net()
www.gicaredocs.com(208.91.197.27)
www.fis.photos(192.0.78.25)
www.szyyglass.com(172.120.106.61)
www.lafabriqueabeilleassurances.com(217.70.184.50)
172.120.106.61
208.91.197.27 - mailcious
217.70.184.50 - mailcious
34.102.136.180 - mailcious
198.54.117.244 - phishing
192.0.78.24 - mailcious
194.9.94.86 - mailcious
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
9.4 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13061 |
2021-10-04 10:19
|
 hofile.exe 6b40855b1ad38b1aeeefd7a6592370cf
Malicious Library PE File PE32 PDB unpack itself Remote Code Execution |
|
|
|
|
1.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13062 |
2021-10-04 10:20
|
 det-01.exe 015d157c73a9a51f0a3745a028d3abce
PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
10
http://www.anamentor.com/shjn/?XB6tXRHx=tv0gbh/H/soz9i/0EOOET4kbqB9H6LwHpkop0tG7g7gxjFABywsjhwxqrYIUZa09c3SMOexP&cb=VTCliXcp7BAXgP_
http://www.panchmitramultitrade.com/shjn/
http://www.buylandintexas.net/shjn/
http://www.myspoiledbytchcreations.com/shjn/?XB6tXRHx=olO/4/34fTDYblSo6PVzSieAYEWJ8QjPszux+JGlGKA6HcH4zxO2wCejPiuwsk00ELnYHVXi&cb=VTCliXcp7BAXgP_
http://www.buylandintexas.net/shjn/?XB6tXRHx=o0/ZFA5/NjNeJUceXZiaA93LxVWNVqV+R2eXTAns2CJToiS5dhBilGQGkI+7ENHSibyFFmvO&cb=VTCliXcp7BAXgP_
http://www.juxing666.com/shjn/
http://www.juxing666.com/shjn/?XB6tXRHx=K/kJnCMp55Nr7CzjCMYHb2wBG0h2/00yoaONhBuwcuPCyBbSbeWE3cQd7FQe5fWs+E2NmgAC&cb=VTCliXcp7BAXgP_
http://www.anamentor.com/shjn/
http://www.panchmitramultitrade.com/shjn/?XB6tXRHx=8WqcexsfKUWkq5tYBHZdr0ot6NZJON05OcQzq9lL/GT+T7lqOGecLjbNJrRoakSPF/XTY3En&cb=VTCliXcp7BAXgP_
http://www.myspoiledbytchcreations.com/shjn/
|
13
www.buylandintexas.net(65.254.250.106)
www.anamentor.com(104.21.51.95)
www.9158cs.xyz(103.45.161.247)
www.juxing666.com(160.124.160.201)
www.panchmitramultitrade.com(103.21.58.196)
www.altcultpromotions.com()
www.myspoiledbytchcreations.com(199.34.228.176)
103.45.161.247
172.67.178.31
199.34.228.176
65.254.250.106 - malware
160.124.160.201
103.21.58.196
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
10.8 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13063 |
2021-10-04 10:21
|
 chrome01.exe 49caffd9e73d0b7aa19e9d905da8d7eb
Malicious Packer Malicious Library PE64 PE File VirusTotal Malware Code Injection buffers extracted |
|
|
|
|
2.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13064 |
2021-10-04 10:23
|
 det-099.exe 079c2e1c486dbdfd4259afc0d51f432b
PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities AppData folder Windows |
9
http://www.fis.photos/ef6c/?MZkp=iVGcxgJZg7dDdqnpGvHyDNlE3XmNDIFvU6VDaZ8nDL6WJmv+1asF/xEbeuA1UUYS6lydoag+&U4kp=Ntx0ULGH4Bu8xJ0
http://www.satellitphonestore.com/ef6c/?MZkp=2HQYiK3SqCAOAD8t1I4UDgwc9i5WnuBSVk/U/jy+BINbcOU7l/xUqscit0kTEHSPOQww5Ion&U4kp=Ntx0ULGH4Bu8xJ0
http://www.govusergroup.com/ef6c/?MZkp=N5yAIzzPvIdqoqJ3aV/wdndIILsjG1yD75IcTmUgg2IU59G+YJKqbdhtrw9qqSyAgMIiKVbn&U4kp=Ntx0ULGH4Bu8xJ0
http://www.restaurant-utopia.xyz/ef6c/?MZkp=QQd8BU9Fy5B/Jf1+m4pKDxcRFm34j4nz3hSoRKYyqec7FRTFu3B5N5pbbojH/ir2XBTcopEK&U4kp=Ntx0ULGH4Bu8xJ0
http://www.planetgreennetwork.com/ef6c/?MZkp=viiOdeoYufNRN60WkpfLEAw1fJ1OatCxqWV4tuVbpGnby6TfOu9tKnuCwWlJt5WAZl2p+p2R&U4kp=Ntx0ULGH4Bu8xJ0
http://www.ahljsm.com/ef6c/?MZkp=IVc4rtgM9gra+fG0jQBU9em9uNea1MXNkTy/UnYOuL+WBS8ayE+K1GAK8aa2SvCjoWspa1ZS&U4kp=Ntx0ULGH4Bu8xJ0
http://www.conquershirts.store/ef6c/?MZkp=95iB74+m3m1QSa2Yie21q98JT48wC3F76MvrX9tv4DSLixTQWiFMLp60PgPoHI6cr/owSd7w&U4kp=Ntx0ULGH4Bu8xJ0
http://www.arcflorals.com/ef6c/?MZkp=kGlMeYY5BdILFMvYVNR7bZ0Mn33Q8LI2mKSsuAJB2+8tGFV37lUpti1UFknkbAVSBI+8nqql&U4kp=Ntx0ULGH4Bu8xJ0
http://www.szyyglass.com/ef6c/?MZkp=WJZ/PBlgU2sqxbhuKWSW0gAF450CRpcifwWN2Hn02+HJZd2OB2qk7jd6844pcDa/ZUIS0tAu&U4kp=Ntx0ULGH4Bu8xJ0
|
19
www.conquershirts.store(195.110.124.133)
www.arcflorals.com(198.71.233.83)
www.ahljsm.com(45.39.212.162)
www.planetgreennetwork.com(34.102.136.180)
www.restaurant-utopia.xyz(172.67.213.229)
www.docomoau.xyz()
www.szyyglass.com(172.120.106.61)
www.govusergroup.com(216.239.136.99)
www.fis.photos(192.0.78.25)
www.satellitphonestore.com(35.186.238.101)
35.186.238.101 - mailcious
172.120.106.61
104.21.35.47
198.71.233.83
195.110.124.133 - mailcious
34.102.136.180 - mailcious
216.239.136.99
192.0.78.24 - mailcious
45.39.212.162
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
10.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13065 |
2021-10-04 10:25
|
 det-02.exe 2c3831988e378295760ba378f37a0379
PWS .NET framework Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
9
http://www.redelirevearyseuiop.xyz/ef6c/?p0D=+zggs108Zt88mF3I15I6Vl7MIKEVgTDkllssvVc7oGo+vC3UJFm7tcArJeeO3BpO4YdkYwbo&1bO8Zr=pFNpFT90sdzL52tp
http://www.conversationspit.com/ef6c/?p0D=2B3AR6Tylpqs5Gri0FIlqBRxWQiEdo1VgukX0Re3vdIAR+O8ytnn3lUzDvQXM3H/f6RyrHJq&1bO8Zr=pFNpFT90sdzL52tp
http://www.pgonline111.online/ef6c/?p0D=YwrbNwP1/uOx/t5EQbsAb0agM3IyucVno+6hj+S4img8g2n6a6v8t37VHfacQRvRoazZ9RvI&1bO8Zr=pFNpFT90sdzL52tp
http://www.gaminghallarna.net/ef6c/?p0D=klh7vGPfywtzHDqBe0mXtw9R4RUvLJCc3Nh/2lv7lW0muO/R44RuNcsYgcRk+/HbCIQeLGan&1bO8Zr=pFNpFT90sdzL52tp
http://www.thehomedesigncentre.com/ef6c/?p0D=9wsWOtXIBwVQgnAdKHWMBZ2XTuANRe7RvMDkkEur0h7nsDNFbjXu49qLHHcqWq2d/uilIqbn&1bO8Zr=pFNpFT90sdzL52tp
http://www.kidzgovroom.com/ef6c/?p0D=tzJrmRJzv3aPTlM/CF6MHo9U8s5+ZqDCvPfiw0R1aW0dhX7KrJSn+QKF8yUKGl3PwVlYeY7t&1bO8Zr=pFNpFT90sdzL52tp
http://www.narbaal.com/ef6c/?p0D=Qfq1eVj1tbY6wk2fC6TNcABTYUkfKUx3lN3xLkopolv8k3yEzrfjTRmV/Ar6z0XOJR0dF2R8&1bO8Zr=pFNpFT90sdzL52tp
http://www.uzmdrmustafaalperaykanat.com/ef6c/?p0D=ja7SoM3OFQT8Gg6cQsrMgEr4X7AAHRd2HQn2dp6ngt1+3x8/3G/noJ63mRQfE8+wCQKkMG6+&1bO8Zr=pFNpFT90sdzL52tp
http://www.fis.photos/ef6c/?p0D=iVGcxgJZg7dDdqnpGvHyDNlE3XmNDIFvU6VDaZ8nDL6WJmv+1asF/xEbeuA1UUYS6lydoag+&1bO8Zr=pFNpFT90sdzL52tp
|
19
www.redelirevearyseuiop.xyz(198.54.117.244)
www.conversationspit.com(34.102.136.180)
www.pgonline111.online(13.251.172.64)
www.thehomedesigncentre.com(182.50.132.242)
www.gaminghallarna.net(194.9.94.85)
www.narbaal.com(198.54.117.212)
www.jakante.com()
www.kidzgovroom.com(34.102.136.180)
www.fis.photos(192.0.78.24)
www.pacifica7.com()
www.uzmdrmustafaalperaykanat.com(18.159.10.128)
34.102.136.180 - mailcious
198.54.117.217 - phishing
18.159.10.128
198.54.117.244 - phishing
182.50.132.242 - mailcious
192.0.78.24 - mailcious
194.9.94.85
13.251.172.64
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
8.0 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|