| 13726 |
2023-04-21 09:01
|
SSR LIST QINQDAO PORT.vbs d33e8ab673db0b0e84cc39d0be377bc8
VirusTotal Malware crashed |
|
|
|
|
0.6 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13727 |
2023-04-21 09:01
|
invoice-73928_pdf.vbs 1aa6621465a6e13c232d8dcd2a01d363
unpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13728 |
2023-04-21 08:58
|
Complaint_Copy_195040.wsf 9ebb0b07e289a4882ba12b0e7549d064
VBScript wscript.exe payload download DNS Dropper |
1
http://51.83.193.0/aO03psmvtKQUf9B5.dat
|
1
|
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13729 |
2023-04-21 08:58
|
Payment_260127.wsf ad5e7053e14384edd2d8af5164d9f7bf
VBScript wscript.exe payload download ICMP traffic DNS Dropper |
1
http://51.222.96.42/aO03psmvtKQU.dat
|
1
|
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13730 |
2023-04-21 08:54
|
 Lyla131.exe 17e36437bd558374106622b7327a2aca
RAT NSIS Generic Malware UPX Malicious Library AntiDebug AntiVM PE32 PE File MSOffice File PNG Format .NET EXE OS Processor Check DLL JPEG Format .NET DLL VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Check virtual network interfaces AppData folder Tofsee Interception Windows Exploit Browser Google DNS Cryptographic key crashed |
3
http://www.google.com/
https://luckywheels-v2.onrender.com/api/getDetails
https://luckywheels-v2.onrender.com/api/installedreports
|
6
luckywheels-v2.onrender.com(216.24.57.3)
zwoops.com(72.10.175.208)
www.google.com(142.250.206.228)
216.24.57.253 - phishing
216.58.203.68
72.10.175.208 - malware
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check
|
|
12.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13731 |
2023-04-21 00:15
|
chat.db-shm 87152bb0f7d1d6bdaf6f98e1dc85e487
AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
3.4 |
|
|
BRY
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13732 |
2023-04-21 00:10
|
nickNameKeyStore.db 8f9ca4973e39e548b0236366b99c81de |
|
|
|
|
|
|
|
BRY
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13733 |
2023-04-20 23:34
|
 1beb05868ce93bcc8fafc46adccdda... 9b63e0fb3785ffa49686dd75e303d177
AntiDebug AntiVM MSOffice File Code Injection buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed |
|
|
|
|
4.2 |
|
|
BRY
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13734 |
2023-04-20 23:21
|
 5F3E84AE-45EF-4856-A65F-8595C0... 915fdbd6c8acde570bc3f845be59df0c
AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
3.4 |
|
|
BRY
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13735 |
2023-04-20 21:37
|
 microsoft.office.smartlookup.s... 6b641f0499f31fa07001adf331bb415d
Anti_VM crashed |
|
|
|
|
0.2 |
|
|
BRY
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13736 |
2023-04-20 21:29
|
 microsoft.office.smartlookup.s... 6b641f0499f31fa07001adf331bb415d
Anti_VM crashed |
|
|
|
|
0.2 |
|
|
BRY
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13737 |
2023-04-20 18:49
|
 blessed.exe 901454073fbc77ac0854e0d7b9d37214
PWS .NET framework Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed |
1
|
2
api.ipify.org(173.231.16.77)
173.231.16.77
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13738 |
2023-04-20 18:47
|
 haddd.exe 295d168271a2ac16dd17c7b5113876e9
Loki_b Loki_m RAT Generic Malware Malicious Library Code injection AntiDebug AntiVM PE64 PE File DLL VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows Advertising Cryptographic key crashed |
|
|
|
|
10.2 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13739 |
2023-04-20 17:42
|
 vbc.exe f742053cbdcec12c128fa08914285311
RAT Malicious Library AntiDebug AntiVM PE64 PE File VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Windows Cryptographic key |
18
http://www.gritslab.com/u2kb/ - rule_id: 28002
http://www.shapshit.xyz/u2kb/ - rule_id: 28008
http://www.bitservicesltd.com/u2kb/?zT=rr+sOBvEXsBdGevUk44F/k+BAr88zC1YNHmXivr92FQhRIIYsedR2a+6GoV1WAKeGdj+MTdX512lJXz4UaWEmNABCelIWOCZ3yhH4Z4=&DcmN_=UH29gni5kTv7LF - rule_id: 28003
http://www.222ambking.org/u2kb/?zT=IEUpLmGg2fqLmrhwD8IHX/zhiiNjbOQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hDrce1eNAdUBSmpSNalx6DQXGQo=&DcmN_=UH29gni5kTv7LF - rule_id: 28004
http://www.younrock.com/u2kb/?zT=05tPwqSdqXO2xf32BmsnsHpgCfZIa2c80hhB3sQ3FFDNPs5AZDU6TyUQmX911UO6Ssjq2b6k9nBD4uDOZrqd7XHQTF+IIpbM/DoOhU4=&DcmN_=UH29gni5kTv7LF - rule_id: 28006
http://www.gritslab.com/u2kb/?zT=ydCzFiH7iMWnz6xHMKiyYVGDKfWH5+fYQUsmgPEoYCSsyD6HgT3yOGCjssC2N8mKn+GjINYvhr7iKNezbHZCh47jo+mhlV2uXG5eH60=&DcmN_=UH29gni5kTv7LF - rule_id: 28002
http://www.energyservicestation.com/u2kb/ - rule_id: 28005
http://www.thewildphotographer.co.uk/u2kb/ - rule_id: 28007
http://www.shapshit.xyz/u2kb/?zT=Yd5Rzn4EVOpL1Cl/eY8jjeGdoEKZlYBpl8BtE0ZhlgLGbR5cH1Fn7sihS3XP3GCDon1xi4vL0lQ4XtydV6BMyXIOMzObAfzgUMU2ykM=&DcmN_=UH29gni5kTv7LF - rule_id: 28008
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3260000.zip
http://www.thedivinerudraksha.com/u2kb/ - rule_id: 28009
http://www.bitservicesltd.com/u2kb/ - rule_id: 28003
http://www.thewildphotographer.co.uk/u2kb/?zT=pn+zaWXo7szcfRSxp4kAcR5iap+7ulP+x3705F5u21IqvN9WG9kcDL2FxdXl2W/5MjovaUotkmG6JgF/Eyaa9PeBR2yUVivPQ+uGbEI=&DcmN_=UH29gni5kTv7LF - rule_id: 28007
http://www.energyservicestation.com/u2kb/?zT=IK59b/MdFRha+CUVM3V2TqbXgrTjD6F66TLC1fPPNwLnZq29gpb1hRWNlrDr258EhEsSnFmalKQEmudxTrusBmUmj2xyJgahFTdaUmU=&DcmN_=UH29gni5kTv7LF - rule_id: 28005
http://www.thedivinerudraksha.com/u2kb/?zT=im5SXjRwbJIZeY2yetpTdO7N29MJtck2UhYi2fNZ2Kf/X7lq2SPRiB6LR8y/FeM3y7tdA/WTtliq4uHTfapDkaA0PJ0fXInXaKlPglI=&DcmN_=UH29gni5kTv7LF - rule_id: 28009
http://www.white-hat.uk/u2kb/?zT=PXfMycAZpTAipct8YN0l/5TWhYE4yPgF2k7967nf/qU1A0mUqq9Jlnm9rK8XSf3D04yKTuePtKPnTCgwye3M0h5ZtqacmtcmNe/sHow=&DcmN_=UH29gni5kTv7LF - rule_id: 28001
http://www.222ambking.org/u2kb/ - rule_id: 28004
http://www.younrock.com/u2kb/ - rule_id: 28006
|
19
www.thewildphotographer.co.uk(96.126.123.244) - mailcious
www.gritslab.com(78.141.192.145) - mailcious
www.shapshit.xyz(199.192.30.147) - mailcious
www.energyservicestation.com(213.145.228.111) - mailcious
www.222ambking.org(91.195.240.94) - mailcious
www.bitservicesltd.com(161.97.163.8) - mailcious
www.thedivinerudraksha.com(85.187.128.34) - mailcious
www.white-hat.uk(94.176.104.86) - mailcious
www.younrock.com(81.17.18.196) - mailcious
192.187.111.222 - phishing
91.195.240.94 - phishing
85.187.128.34 - mailcious
78.141.192.145 - mailcious
199.192.30.147 - mailcious
213.145.228.111 - mailcious
94.176.104.86 - mailcious
72.14.178.174
161.97.163.8 - mailcious
45.33.6.223
|
1
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
17
http://www.gritslab.com/u2kb/
http://www.shapshit.xyz/u2kb/
http://www.bitservicesltd.com/u2kb/
http://www.222ambking.org/u2kb/
http://www.younrock.com/u2kb/
http://www.gritslab.com/u2kb/
http://www.energyservicestation.com/u2kb/
http://www.thewildphotographer.co.uk/u2kb/
http://www.shapshit.xyz/u2kb/
http://www.thedivinerudraksha.com/u2kb/
http://www.bitservicesltd.com/u2kb/
http://www.thewildphotographer.co.uk/u2kb/
http://www.energyservicestation.com/u2kb/
http://www.thedivinerudraksha.com/u2kb/
http://www.white-hat.uk/u2kb/
http://www.222ambking.org/u2kb/
http://www.younrock.com/u2kb/
|
9.4 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13740 |
2023-04-20 17:40
|
 vbc.exe 6242a5f710c22a75e71aa48b4e195e6d
UPX Malicious Library PE32 PE File Formbook FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself |
18
http://www.thedivinerudraksha.com/u2kb/?Ul=im5SXjRwbJIZeY2yetpTdO7N29MJtck2UhYi2fNZ2Kf/X7lq2SPRiB6LR8y/FeM3y7tdA/WTtliq4uHTfapDkaA0PJ0fXInXaKlPglI=&Zort=BWokrMw18vT - rule_id: 28009
http://www.gritslab.com/u2kb/ - rule_id: 28002
http://www.energyservicestation.com/u2kb/?Ul=IK59b/MdFRha+CUVM3V2TqbXgrTjD6F66TLC1fPPNwLnZq29gpb1hRWNlrDr258EhEsSnFmalKQEmudxTrusBmUmj2xyJgahFTdaUmU=&Zort=BWokrMw18vT - rule_id: 28005
http://www.bitservicesltd.com/u2kb/?Ul=rr+sOBvEXsBdGevUk44F/k+BAr88zC1YNHmXivr92FQhRIIYsedR2a+6GoV1WAKeGdj+MTdX512lJXz4UaWEmNABCelIWOCZ3yhH4Z4=&Zort=BWokrMw18vT - rule_id: 28003
http://www.222ambking.org/u2kb/?Ul=IEUpLmGg2fqLmrhwD8IHX/zhiiNjbOQDFcodV2ACJcW4bHSQscR3Nc4uRx31p3m0gGv03uToPch8hDrce1eNAdUBSmpSNalx6DQXGQo=&Zort=BWokrMw18vT - rule_id: 28004
http://www.energyservicestation.com/u2kb/ - rule_id: 28005
http://www.thewildphotographer.co.uk/u2kb/ - rule_id: 28007
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3330000.zip
http://www.gritslab.com/u2kb/?Ul=ydCzFiH7iMWnz6xHMKiyYVGDKfWH5+fYQUsmgPEoYCSsyD6HgT3yOGCjssC2N8mKn+GjINYvhr7iKNezbHZCh47jo+mhlV2uXG5eH60=&Zort=BWokrMw18vT - rule_id: 28002
http://www.thedivinerudraksha.com/u2kb/ - rule_id: 28009
http://www.shapshit.xyz/u2kb/ - rule_id: 28008
http://www.bitservicesltd.com/u2kb/ - rule_id: 28003
http://www.thewildphotographer.co.uk/u2kb/?Ul=pn+zaWXo7szcfRSxp4kAcR5iap+7ulP+x3705F5u21IqvN9WG9kcDL2FxdXl2W/5MjovaUotkmG6JgF/Eyaa9PeBR2yUVivPQ+uGbEI=&Zort=BWokrMw18vT - rule_id: 28007
http://www.shapshit.xyz/u2kb/?Ul=Yd5Rzn4EVOpL1Cl/eY8jjeGdoEKZlYBpl8BtE0ZhlgLGbR5cH1Fn7sihS3XP3GCDon1xi4vL0lQ4XtydV6BMyXIOMzObAfzgUMU2ykM=&Zort=BWokrMw18vT - rule_id: 28008
http://www.white-hat.uk/u2kb/?Ul=PXfMycAZpTAipct8YN0l/5TWhYE4yPgF2k7967nf/qU1A0mUqq9Jlnm9rK8XSf3D04yKTuePtKPnTCgwye3M0h5ZtqacmtcmNe/sHow=&Zort=BWokrMw18vT - rule_id: 28001
http://www.222ambking.org/u2kb/ - rule_id: 28004
http://www.younrock.com/u2kb/?Ul=05tPwqSdqXO2xf32BmsnsHpgCfZIa2c80hhB3sQ3FFDNPs5AZDU6TyUQmX911UO6Ssjq2b6k9nBD4uDOZrqd7XHQTF+IIpbM/DoOhU4=&Zort=BWokrMw18vT - rule_id: 28006
http://www.younrock.com/u2kb/ - rule_id: 28006
|
19
www.thewildphotographer.co.uk(45.79.19.196) - mailcious
www.gritslab.com(78.141.192.145) - mailcious
www.shapshit.xyz(199.192.30.147) - mailcious
www.energyservicestation.com(213.145.228.111) - mailcious
www.222ambking.org(91.195.240.94) - mailcious
www.bitservicesltd.com(161.97.163.8) - mailcious
www.thedivinerudraksha.com(85.187.128.34) - mailcious
www.white-hat.uk(94.176.104.86) - mailcious
www.younrock.com(81.17.18.196) - mailcious
192.187.111.222 - phishing
91.195.240.94 - phishing
85.187.128.34 - mailcious
78.141.192.145 - mailcious
199.192.30.147 - mailcious
213.145.228.111 - mailcious
94.176.104.86 - mailcious
161.97.163.8 - mailcious
45.33.6.223
45.56.79.23 - mailcious
|
3
ET MALWARE FormBook CnC Checkin (POST) M2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
17
http://www.thedivinerudraksha.com/u2kb/
http://www.gritslab.com/u2kb/
http://www.energyservicestation.com/u2kb/
http://www.bitservicesltd.com/u2kb/
http://www.222ambking.org/u2kb/
http://www.energyservicestation.com/u2kb/
http://www.thewildphotographer.co.uk/u2kb/
http://www.gritslab.com/u2kb/
http://www.thedivinerudraksha.com/u2kb/
http://www.shapshit.xyz/u2kb/
http://www.bitservicesltd.com/u2kb/
http://www.thewildphotographer.co.uk/u2kb/
http://www.shapshit.xyz/u2kb/
http://www.white-hat.uk/u2kb/
http://www.222ambking.org/u2kb/
http://www.younrock.com/u2kb/
http://www.younrock.com/u2kb/
|
5.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|