| 13861 |
2023-04-14 13:20
|
 AprilW(uWfJ74197).wsf d094a6e4776835a7f3bd1ed376b8f909
Generic Malware Keylogger Discord Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key |
6
http://94.131.101.15/555555.dat
http://87.236.146.236/555555.dat
http://94.131.117.45/555555.dat
http://203.96.177.111/555555.dat
http://91.193.19.217/555555.dat
http://194.165.59.51/555555.dat
|
|
|
|
5.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13862 |
2023-04-14 09:33
|
 2016iibfex.doc b574064bb7329b774bb0ffdb9aeaab32
MSOffice File RWX flags setting exploit crash unpack itself Exploit DNS crashed |
|
1
|
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13863 |
2023-04-14 09:31
|
unknown.exe ceab7da20b9fa2398c0c27e6398e7c84
RAT UPX Malicious Library Malicious Packer PE File |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13864 |
2023-04-14 09:30
|
 unknown.exe a765f8edaa51aba85e51aa075cf73bf7
PWS .NET framework RAT UPX Malicious Library Malicious Packer OS Processor Check .NET EXE PE32 PE File Malware download AsyncRAT NetWireRC Malware DNS DDNS |
|
2
davidmalik07.ddns.net(5.249.165.85)
5.249.165.85
|
3
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
ET MALWARE Generic AsyncRAT Style SSL Cert
|
|
0.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13865 |
2023-04-14 09:30
|
 Keep.Exmw6519.wsf a4715df1a2ce5a56194aa2a4bca18930
Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key |
6
http://87.236.146.93/sUXDKVO8C7ru.dat
http://70.34.218.85/r6Q7Jvu.dat
http://74.119.193.49/Kzm5LA.dat
http://154.47.17.180/BwT3CUGj.dat
http://79.141.174.253/lKZ838.dat
http://147.135.248.250/f5SKNYGd.dat
|
|
|
|
5.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13866 |
2023-04-14 09:30
|
RegSvcs.exe 3f3bc2cfcf6ca2ac3768db065eee1cc3
PE File |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13867 |
2023-04-14 09:28
|
 .Final.txt.ps1 cb3bcf1bb12ccd8b563fb373bf306a7f
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
https://makkahmart.org/.POP/.M1.jpg
https://makkahmart.org/.POP/.N1.jpg
https://makkahmart.org/.POP/.D1.jpg
|
2
makkahmart.org(97.74.205.46)
97.74.205.46
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13868 |
2023-04-14 09:28
|
 PDFViewer.exe fca9b3315dc5611a8a3d6a2abb838e30
PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File PDB MachineGuid Check memory Checks debugger unpack itself ComputerName crashed |
|
|
|
|
1.6 |
|
18 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13869 |
2023-04-14 09:27
|
 .Final.txt.ps1 985b35d3bc3a2a8b18c317d6306181a3
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
'https://amigoasesor.com/.POP/.A.jpg
https://amigoasesor.com/.POP/.B.jpg
https://amigoasesor.com/.POP/.C.jpg
|
2
amigoasesor.com(173.201.20.156)
173.201.20.156
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.6 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13870 |
2023-04-14 09:24
|
 sets.ps1 9f797334ceca4dbf0f9fde8bad8cdc24
Generic Malware Antivirus VirusTotal Malware AutoRuns Check memory unpack itself WriteConsoleW Windows Cryptographic key |
1
https://eylulsifalitas.com/baot.zip
|
|
|
|
2.6 |
|
6 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13871 |
2023-04-14 07:42
|
 Corridor%20NYC%20Project%20Pla... a871fae6b1494686545ee1f783722c15
PDF ZIP Format Windows utilities Windows |
5
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13872 |
2023-04-13 18:15
|
 poweroff.exe 4de7538747bf36f826099aceed872175
PWS .NET framework RAT UPX .NET EXE PE32 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.6 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13873 |
2023-04-13 18:14
|
 up-do-dat-TRURNfy8CgzSgm9K.exe f32b8def722876287f9424f3f3c41d2e
njRAT North Korea Generic Malware UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.6 |
|
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13874 |
2023-04-13 16:59
|
 FL2.exe 65f8ca11d9a18baf3fecf7797b9ba867
Emotet PWS .NET framework RAT Gen1 UPX Malicious Library MZP Format PE32 PE File DLL OS Processor Check .NET EXE PE64 VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder Tofsee Windows ComputerName crashed |
8
http://s3.eu-central-2.wasabisys.com/melody-tata7ada-elmallal/50cent/poweroff.exe
http://360devtracking.com/ezzcbmueaa4iwhvb/fmovies - rule_id: 23046
https://connectini.net/Series/SuperNitouDisc.php - rule_id: 7619
https://wewewe.s3.eu-central-1.amazonaws.com/WeUninstalled.exe - rule_id: 23052
https://www.google.com/
https://s3.eu-central-2.wasabisys.com/melody-tata7ada-elmallal/shakira/hand-TRURNfy8CgzSgm9K.exe
https://connectini.net/S2S/Disc/Disc.php?ezok=flabs2&tesla=8 - rule_id: 7620
https://s3.eu-central-2.wasabisys.com/melody-tata7ada-elmallal/shakira/up-do-dat-TRURNfy8CgzSgm9K.exe
|
13
n8w5.c12.e2-1.dev() - malware
wewewe.s3.eu-central-1.amazonaws.com(3.5.137.175) - mailcious
www.google.com(142.250.206.228)
google.com(172.217.25.174)
360devtracking.com(37.230.138.66) - mailcious
connectini.net(37.230.138.123) - mailcious
s3.eu-central-2.wasabisys.com(154.49.215.10) - malware
154.49.215.102
154.49.215.100
142.250.66.68
52.219.170.26
37.230.138.123 - mailcious
37.230.138.66 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
|
4
http://360devtracking.com/ezzcbmueaa4iwhvb/fmovies
https://connectini.net/Series/SuperNitouDisc.php
https://wewewe.s3.eu-central-1.amazonaws.com/WeUninstalled.exe
https://connectini.net/S2S/Disc/Disc.php
|
7.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13875 |
2023-04-13 16:57
|
 azor.exe 84572342b63722bec9aa780e7290dd05
PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key crashed |
|
|
|
|
5.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|