| 13516 |
2021-10-14 09:35
|
 vbc.exe 0031a23b4bb6abcdccc5f8122de5fcb5
NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
11
http://www.029atk.xyz/mxnu/?xryHsPn0=6sRgvWVFBb3Q/xwRSmzppKeefWZYMhtu8mXrbS5z1U4Jv8b+WQjv+VljYqCaCxejjINp6HL4&ElP=dfchOFjpqTo
http://www.verifiedpaypal.net/mxnu/?xryHsPn0=9Cb2F83H4cu3Wi3E/V06Uw+puzMd5mOCrt6x5BN8Ai+3jQ1IwCanO4QWCELETp3SVj+UiXzw&ElP=dfchOFjpqTo
http://www.gatescres.com/mxnu/?xryHsPn0=/h7P8W3KCMqF8sHgbHgxGw3KDEtccpvlr5o0RXreZvWALZ7/fG1Fr8cUEgi4cFDVX1k6R9aW&ElP=dfchOFjpqTo - rule_id: 6387
http://www.caoliudh.club/mxnu/?xryHsPn0=Qkn7/cEbGgqrWPKwMfaMuPWUM1V2bBIelD8P7tH5TlwxzYQ2YswrHAKx2cx97b08CLc1Tgr+&ElP=dfchOFjpqTo
http://www.brandonhistoryandinfo.com/mxnu/?xryHsPn0=TBa+b5mpCdI4y/h180Pl2gJXBklETz7DPBwfCQzHJDv5/wBYQn0JU1W1LmmZ4xHxKrhvcr9L&ElP=dfchOFjpqTo
http://www.naplesconciergerealty.com/mxnu/?xryHsPn0=hecv2sMFcvsyFIpzJOhZbtwMh1SG6St5/U1aPglBFWownzq2qPNpvMi/ho6Sg43JWpVw027R&ElP=dfchOFjpqTo - rule_id: 6394
http://www.crystaltopagent.net/mxnu/?xryHsPn0=3yd5RwoD26MqTRMAl0ytU+h0AIpWjTpihncvDxCNudFFpkke93ChM56zl8nuLHoRn3erkMWM&ElP=dfchOFjpqTo - rule_id: 6389
http://www.jellyice-tr.com/mxnu/?xryHsPn0=2jYCrBsbpe7TX9aPhZM9pCxr75im0gQU84tPJTFdoXWJ8jmtmSvNbVsQgFqr9XIl+R+lpCoE&ElP=dfchOFjpqTo
http://www.gold2guide.art/mxnu/?xryHsPn0=nooUTxpgyHI8Tmjtx/bEFedfCsCgFivtiLIHJ+Ou+u0gXSqijcRRlL1sEAr9C8C8DV1gd2HK&ElP=dfchOFjpqTo
http://www.877961.com/mxnu/?xryHsPn0=aHYJt+cF3uKE/jjIR1o9yP3wzE0OqMGB2AjKuxgiPGP7v0vlkCnn7S+a/Vapc30Z99lnekHH&ElP=dfchOFjpqTo
http://www.influxair.com/mxnu/?xryHsPn0=TsJoTwgkypMLnzNnd4lSdIwskag8Ao4FDEHlqFMN0Q3o8pEdXPLUbYsOOSivgNo+I+lTFgxg&ElP=dfchOFjpqTo - rule_id: 6386
|
23
www.gatescres.com(184.168.131.241)
www.naplesconciergerealty.com(34.102.136.180)
www.jellyice-tr.com(172.67.173.247)
www.877961.com(1.32.254.106)
www.brandonhistoryandinfo.com(34.102.136.180)
www.verifiedpaypal.net(158.69.52.184)
www.qlfa8gzk8f.com()
www.influxair.com(65.21.250.85)
www.crystaltopagent.net(34.102.136.180)
www.029atk.xyz(23.224.130.219)
www.ecommerceplatform.xyz(143.244.184.235)
www.caoliudh.club(160.119.66.161)
www.gold2guide.art(202.165.66.108)
172.67.173.247
184.168.131.241 - mailcious
202.165.66.108 - mailcious
34.102.136.180 - mailcious
143.244.184.235
1.32.254.106
172.247.0.173
158.69.52.184
65.21.250.85 - mailcious
160.119.66.161
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
4
http://www.gatescres.com/mxnu/
http://www.naplesconciergerealty.com/mxnu/
http://www.crystaltopagent.net/mxnu/
http://www.influxair.com/mxnu/
|
6.8 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13517 |
2021-10-14 09:36
|
 pa2ipn2m.jpg c3ccab71c3e1166b2536c7c7d6035373
Gen2 Gen1 Malicious Library PE File PE32 DLL VirusTotal Malware PDB RWX flags setting unpack itself crashed |
|
|
|
|
1.6 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13518 |
2021-10-14 09:36
|
 deo.exe 6429aa83e4bc083b4f0b3f44b0d7950f
PWS .NET framework Generic Malware UPX AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
16
http://www.clf010.com/ef6c/
http://www.szesdkj.com/ef6c/ - rule_id: 5830
http://www.xn--9m1bq8wgkag3rjvb.com/ef6c/
http://www.shacksolid.com/ef6c/ - rule_id: 5818
http://www.pgonline111.online/ef6c/ - rule_id: 5822
http://www.szesdkj.com/ef6c/?KzuD=fLa1O6LgDU4JmATAWF+Un0DhSyi8xEXua0Xgw1gdYMhmHbBdgR9nT+JgCDSJbt7Dlll1cLDk&p0D=AfhDQR2 - rule_id: 5830
http://www.ambrandt.com/ef6c/ - rule_id: 5836
http://www.clf010.com/ef6c/?KzuD=Bd/A1B2Xlx1/VvyPmZy81MokZhoyKr0JLZIYHKA2ldK2bxVDj61bbzDCW/TjJZTPQA/hnmk/&p0D=AfhDQR2
http://www.szyyglass.com/ef6c/?KzuD=WJZ/PBlgU2sqxbhuKWSW0gAF450CRpcifwWN2Hn02+HJZd2OB2qk7jd6844pcDa/ZUIS0tAu&p0D=AfhDQR2 - rule_id: 5843
http://www.apricitee.com/ef6c/?KzuD=KSHN/72BZOSNcoSkGOIXNFBSZoOhZSSqcZXlNpA3fA8LE+ARMJMD6XqqXDR03XtMsLmcqmrd&p0D=AfhDQR2 - rule_id: 5837
http://www.xn--9m1bq8wgkag3rjvb.com/ef6c/?KzuD=W0zrjLjT8XBGRo9sU3Dn88XRkC7FXpf2/JIGBr0tRLYlauEco6w7O/7mFeuMH7lv+B4uIItN&p0D=AfhDQR2
http://www.pgonline111.online/ef6c/?KzuD=YwrbNwP1/uOx/t5EQbsAb0agM3IyucVno+6hj+S4img8g2n6a6v8t37VHfacQRvRoazZ9RvI&p0D=AfhDQR2 - rule_id: 5822
http://www.szyyglass.com/ef6c/ - rule_id: 5843
http://www.shacksolid.com/ef6c/?KzuD=JeohSOzV/eF3b++alSWyFy7AWxQU0a2IMxUYSulMFNSbZpwQl2hdImGcJZ3OYLlpDcL1Ncux&p0D=AfhDQR2 - rule_id: 5818
http://www.apricitee.com/ef6c/ - rule_id: 5837
http://www.ambrandt.com/ef6c/?KzuD=LpvmmmP8130l+/J4QjVaSApGnUfMJ5/j1z/KRz5qiZs92IprYNoIBOkfulD2ZI4sCy4j1IwA&p0D=AfhDQR2 - rule_id: 5836
|
19
www.pgonline111.online(13.251.172.64)
www.xn--9m1bq8wgkag3rjvb.com(221.139.49.11)
www.csspadding.com() - mailcious
www.shacksolid.com(64.190.62.111)
www.szesdkj.com(170.130.13.86)
www.test-testjisdnsec.store()
www.szyyglass.com(172.120.106.61)
www.apricitee.com(172.65.227.72)
www.geniuseven.net()
www.ambrandt.com(156.234.138.25)
www.clf010.com(45.39.212.188)
172.120.106.61 - mailcious
170.130.13.86 - mailcious
156.234.138.25 - mailcious
64.190.62.111 - mailcious
221.139.49.11
172.65.227.72 - mailcious
13.251.172.64 - mailcious
45.39.212.188
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
12
http://www.szesdkj.com/ef6c/
http://www.shacksolid.com/ef6c/
http://www.pgonline111.online/ef6c/
http://www.szesdkj.com/ef6c/
http://www.ambrandt.com/ef6c/
http://www.szyyglass.com/ef6c/
http://www.apricitee.com/ef6c/
http://www.pgonline111.online/ef6c/
http://www.szyyglass.com/ef6c/
http://www.shacksolid.com/ef6c/
http://www.apricitee.com/ef6c/
http://www.ambrandt.com/ef6c/
|
8.2 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13519 |
2021-10-14 09:37
|
 rk0nrc82z.jpg 83aca2e839785489476f6ea92cb46d69
Gen2 Gen1 Malicious Library PE File PE32 DLL VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.2 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13520 |
2021-10-14 09:38
|
 uidequf.jpg 6d1b3c54bc3fa0ff9cc64c098ed90af2
Gen2 Gen1 Malicious Library PE File PE32 DLL VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.4 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13521 |
2021-10-14 09:39
|
 twh2xzxtd.jpg ac8eb6360389ab8c55a60981aab9b3a6
Gen2 Gen1 Malicious Library PE File PE32 DLL VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.2 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13522 |
2021-10-14 09:42
|
 qrhlsw.jpg db80e20e820e93094bb670d3b6cc9d1a
Gen2 Gen1 Malicious Library PE File PE32 DLL VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.2 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13523 |
2021-10-14 09:42
|
 1170423485.exe 7171b247521e630152953ce57aa6908e
Malicious Packer PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces suspicious TLD installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
3
f.komaiasowu.ru(81.177.141.85)
139.99.118.252
81.177.141.85 - mailcious
|
|
|
8.8 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13524 |
2021-10-14 09:43
|
 vbc.exe 9af590c0313585618ae71b2fa9512bd3
RAT PWS .NET framework Generic Malware Malicious Packer SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName crashed |
|
|
|
|
11.2 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13525 |
2021-10-14 09:44
|
 aym76l.jpg c01df430b243cfa96eee178a1f4b9fd7
Gen2 Gen1 Malicious Library PE File PE32 DLL VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.2 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13526 |
2021-10-14 09:44
|
 customer51.exe a9839b4f10ea05da06ec589d17a59fc5
Gen2 Gen1 ASPack Malicious Packer UPX Malicious Library PE64 PE File VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
1.8 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13527 |
2021-10-14 09:45
|
 word.dotm eb25b0638ba81906f0a7cb196a28afe3
VBA_macro Word 2007 file format(docx) VirusTotal Malware unpack itself Windows utilities suspicious process WriteConsoleW Windows |
|
|
|
|
6.4 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13528 |
2021-10-14 09:46
|
 109.exe 4078aa71d541412492dca732e7a4724b
RAT Generic Malware UPX PE File PE32 .NET EXE VirusTotal Malware PDB Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee |
1
https://cdn.discordapp.com/attachments/832371876834836482/897281195883237456/VolumeConverter.dll
|
4
bitbucket.org(104.192.141.1) - malware
cdn.discordapp.com(162.159.133.233) - malware
162.159.129.233 - malware
104.192.141.1 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13529 |
2021-10-14 09:47
|
 qxn75tt7q.jpg 3e77c8065a6a086cf2610e77d02ed183
Gen2 Gen1 Malicious Library PE File PE32 DLL VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.2 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13530 |
2021-10-14 09:50
|
 customer9.exe 0449f28450f8e5877b6526782d225f5f
ASPack UPX Malicious Library PE64 PE File OS Processor Check Browser Info Stealer VirusTotal Malware PDB Malicious Traffic Check memory Check virtual network interfaces IP Check Browser Remote Code Execution |
3
http://staticimg.youtuuee.com/api/fbtime - rule_id: 5258
http://staticimg.youtuuee.com/api/?sid=653153&key=fc33e5156f1abb17adfb9073acf9139d - rule_id: 5258
http://ip-api.com/json/
|
4
staticimg.youtuuee.com(45.136.151.102) - mailcious
ip-api.com(208.95.112.1)
45.136.151.102 - mailcious
208.95.112.1
|
1
ET POLICY External IP Lookup ip-api.com
|
2
http://staticimg.youtuuee.com/api/
http://staticimg.youtuuee.com/api/
|
4.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|