1381 |
2024-08-09 15:16
|
random.exe 486b72c59c13d478f33938c5c25d7e98 Themida Packer PE File PE32 VirusTotal Malware AutoRuns Checks debugger unpack itself Windows utilities Checks Bios Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName DNS crashed |
|
1
193.233.132.62 - mailcious
|
|
|
10.2 |
M |
45 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1382 |
2024-08-09 11:28
|
mingh.exe 2c15e22aea92ccabc62205aebc53e314 Malicious Library PE File PE64 |
|
|
|
|
|
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1383 |
2024-08-09 11:21
|
Filemy.exe 850a43e323656b86ae665d8b4fd71369 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
0.4 |
|
1 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1384 |
2024-08-09 11:12
|
Umar.exe bc3e076ec6527a8bf74e9293be24630e Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 Browser Info Stealer Malware download VirusTotal Malware Malicious Traffic Check memory buffers extracted unpack itself Collect installed applications suspicious TLD anti-virtualization installed browsers check CryptBot Browser ComputerName DNS |
1
http://tvez20ht.top/v1/upload.php
|
2
tvez20ht.top(31.129.44.121) 31.129.44.121
|
3
ET DNS Query to a *.top domain - Likely Hostile ET INFO HTTP Request to a *.top domain ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4
|
|
6.4 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1385 |
2024-08-09 10:52
|
FILE2233.exe 03fe60596aa8f9b633ac360fd9ec42d8 Vidar PE File PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
1.8 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1386 |
2024-08-09 10:49
|
Run112.exe 85a9287c26148788deff9c77bab244b3 Emotet Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows |
|
2
i.ibb.co(172.96.161.6) - mailcious 104.194.8.120
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1387 |
2024-08-09 10:48
|
sostener.vbs 23cef0c9c3e02cc2bdc8516b889d1191 Generic Malware Antivirus Hide_URL PowerShell Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/dll/dll%20Hope.txt?alt=media&token=61c829f6-e196-49e8-b4ff-041134577ffe
|
2
firebasestorage.googleapis.com(172.217.25.170) - phishing 142.250.76.234
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1388 |
2024-08-09 10:48
|
envifa.vbs 23cef0c9c3e02cc2bdc8516b889d1191 Generic Malware Antivirus Hide_URL PowerShell Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/dll/dll%20Hope.txt?alt=media&token=61c829f6-e196-49e8-b4ff-041134577ffe
|
2
firebasestorage.googleapis.com(172.217.161.202) - phishing 142.250.196.234
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1389 |
2024-08-09 10:47
|
89.hta f904e8a5141b08f3f8e2121459f539fe Generic Malware Downloader Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key |
1
http://192.3.243.147/89/sahost.exe
|
1
|
3
ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
11.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1390 |
2024-08-09 10:06
|
file3333.exe 978623ad6b4d9385c047d9315423c754 Vidar PE File PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
M |
46 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1391 |
2024-08-09 09:32
|
setup2.exe 098621a8fa13fdfd4ce2d9c3dc010092 Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 VirusTotal Malware AutoRuns PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces malicious URLs Tofsee Windows Discord Remote Code Execution DNS |
7
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://194.58.114.223/d/385104 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://github.com/evan9908/Setup/raw/main/Umar.exe https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e& https://iplogger.com/1lyxz
|
17
cacerts.digicert.com(152.195.38.76) iplogger.com(104.21.76.57) - mailcious github.com(20.200.245.247) - mailcious pastebin.com(172.67.19.24) - mailcious yip.su(104.21.79.77) - mailcious cdn.discordapp.com(162.159.129.233) - malware raw.githubusercontent.com(185.199.111.133) - malware ironmanrecycling.com(147.45.60.44) - malware 104.20.3.235 - malware 162.159.134.233 - malware 147.45.60.44 - malware 152.195.38.76 172.67.188.178 - mailcious 185.199.110.133 - malware 194.58.114.223 - mailcious 172.67.169.89 20.200.245.247 - malware
|
10
ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Redirect to Discord Attachment Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Packed Executable Download ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
|
2
https://pastebin.com/raw/E0rY26ni https://yip.su/RNWPd.exe
|
12.2 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1392 |
2024-08-09 09:30
|
file200h.exe 5325fec9552fa277891e782b77a475ee Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs Tofsee Windows Discord Remote Code Execution DNS |
6
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://194.58.114.223/d/385104 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://github.com/evan9908/Setup/raw/main/Umar.exe https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e&
|
15
raw.githubusercontent.com(185.199.108.133) - malware github.com(20.200.245.247) - mailcious pastebin.com(104.20.4.235) - mailcious yip.su(172.67.169.89) - mailcious cdn.discordapp.com(162.159.130.233) - malware cacerts.digicert.com(152.195.38.76) ironmanrecycling.com(147.45.60.44) - malware 104.20.3.235 - malware 185.199.111.133 - mailcious 147.45.60.44 - malware 152.195.38.76 162.159.135.233 - malware 194.58.114.223 - mailcious 172.67.169.89 20.200.245.247 - malware
|
8
ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET HUNTING Redirect to Discord Attachment Download ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
|
2
https://pastebin.com/raw/E0rY26ni https://yip.su/RNWPd.exe
|
12.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1393 |
2024-08-09 09:27
|
file234.exe def6f274c14351d9cf0f49798b5a833d Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 VirusTotal Malware AutoRuns PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs suspicious TLD Tofsee Windows Discord Remote Code Execution DNS |
6
http://194.58.114.223/d/385121 https://pastebin.com/raw/xYhKBupz - rule_id: 36780 https://yip.su/RNWPd.exe - rule_id: 37623 https://iplogger.com/1uNwK4 https://cdn.discordapp.com/attachments/1271038807315185718/1271141520195715093/setup.exe?ex=66b6424b&is=66b4f0cb&hm=de560db8ff6dd3fa9ac31172f1bd3d348b35190c8d570ea98c882ca3b5c00fdd& https://github.com/evan9908/Setup/raw/main/Filemy.exe
|
15
yip.su(104.21.79.77) - mailcious github.com(20.200.245.247) - mailcious pastebin.com(172.67.19.24) - mailcious iplogger.com(172.67.188.178) - mailcious cdn.discordapp.com(162.159.135.233) - malware raw.githubusercontent.com(185.199.110.133) - malware ironmanrecycling.com(147.45.60.44) - malware 104.20.3.235 - malware 147.45.60.44 - malware 162.159.133.233 - malware 185.199.111.133 - mailcious 104.21.76.57 104.21.79.77 - phishing 194.58.114.223 - mailcious 20.200.245.247 - malware
|
10
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET HUNTING Redirect to Discord Attachment Download
|
2
https://pastebin.com/raw/xYhKBupz https://yip.su/RNWPd.exe
|
12.0 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1394 |
2024-08-09 09:27
|
S%D0%B5tup1.exe ea4d0c345eec97f8ec7174b210798a56 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself |
|
|
|
|
2.6 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1395 |
2024-08-09 09:25
|
file3333.exe 978623ad6b4d9385c047d9315423c754 PE File PE64 VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|