14041 |
2021-10-26 10:36
|
ConsoleApp15.exe 9c8282590f9bc40955ca14389309fe86 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key DDNS crashed |
1
http://xamp.chickenkiller.com/MAMA/File.png
|
2
xamp.chickenkiller.com(13.59.127.61) 13.59.127.61
|
|
|
10.2 |
|
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14042 |
2021-10-26 10:36
|
ConsoleApp15.exe 9c8282590f9bc40955ca14389309fe86 RAT Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key DDNS crashed |
1
http://xamp.chickenkiller.com/MAMA/File.png
|
2
xamp.chickenkiller.com(13.59.127.61) 13.59.127.61
|
|
|
10.2 |
|
23 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14043 |
2021-10-26 10:45
|
reason.xlsx 9adafeb992d82eba6e4c5d1e420a48ef KeyLogger ScreenShot Escalate priviledges AntiDebug AntiVM MSOffice File suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted exploit crash unpack itself AntiVM_Disk VM Disk Size Check human activity check Windows Exploit ComputerName DNS Cryptographic key DDNS crashed |
2
http://itisalllove.servepics.com/georgia/city/reason.exe - rule_id: 6949 http://itisalllove.servepics.com/georgia/city/reason.exe
|
6
itisalllove.servepics.com(31.3.244.76) newme122.3utilities.com(23.105.131.228) - mailcious newme1122.3utilities.com() 23.105.131.228 - mailcious 175.208.134.138 31.3.244.76 - malware
|
3
ET POLICY DNS Query to DynDNS Domain *.servepics .com ET POLICY PE EXE or DLL Windows file download HTTP ET POLICY DNS Query to DynDNS Domain *.3utilities .com
|
1
http://itisalllove.servepics.com/georgia/city/reason.exe
|
9.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14044 |
2021-10-26 10:56
|
reason.xlsx 9adafeb992d82eba6e4c5d1e420a48ef KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Vulnerability MachineGuid Checks debugger buffers extracted exploit crash unpack itself Windows Exploit DNS DDNS crashed |
2
http://itisalllove.servepics.com/georgia/city/reason.exe - rule_id: 6949 http://itisalllove.servepics.com/georgia/city/reason.exe
|
5
itisalllove.servepics.com(31.3.244.76) newme122.3utilities.com(23.105.131.228) - mailcious newme1122.3utilities.com() 23.105.131.228 - mailcious 31.3.244.76 - malware
|
3
ET POLICY DNS Query to DynDNS Domain *.servepics .com ET POLICY DNS Query to DynDNS Domain *.3utilities .com ET POLICY PE EXE or DLL Windows file download HTTP
|
1
http://itisalllove.servepics.com/georgia/city/reason.exe
|
6.0 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14045 |
2021-10-26 11:43
|
service.exe 98c9398c958e6b0280c15108cde96186 Malicious Packer UPX PE File PE32 VirusTotal Malware RWX flags setting crashed |
|
|
|
|
1.8 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14046 |
2021-10-26 11:45
|
EDG.exe f85ca66e06121eb29b26d78cc3f64554 Generic Malware UPX DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS |
|
2
watermalon1.sytes.net(37.0.10.144) 37.0.10.144
|
|
|
15.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14047 |
2021-10-26 11:45
|
dwm.exe f88c058646225de6e3cddc39ea0c9ff7 Malicious Packer UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself crashed |
|
|
|
|
2.2 |
|
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14048 |
2021-10-26 11:47
|
Sample_10120351200_ISO_035150.... 517aa302ce274d9e3d4964454a4a8391 RAT Generic Malware AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName |
|
|
|
|
10.4 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14049 |
2021-10-26 13:41
|
note866.exe 77294635b863561ecd6267711c5222a2 UPX PE File PE32 Browser Info Stealer VirusTotal Malware Malicious Traffic Check memory unpack itself Tofsee Interception Browser Remote Code Execution DNS crashed |
2
http://186.2.171.3/seemorebty/il.php?e=note866 - rule_id: 4715 https://iplogger.org/ZdUWq
|
3
iplogger.org(88.99.66.31) - mailcious 186.2.171.3 - mailcious 88.99.66.31 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
http://186.2.171.3/seemorebty/il.php
|
5.4 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14050 |
2021-10-26 13:44
|
vpn.exe 4dd57eb8ea614ca43e679abeaf5351bf Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 DLL PNG Format OS Processor Check PE64 VirusTotal Malware suspicious privilege Checks debugger Creates executable files unpack itself AppData folder |
|
|
|
|
2.8 |
|
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14051 |
2021-10-26 14:26
|
HSBC_2021-25-10-017822019.exe 21dc547b12a42d23141c3a6321518e83 RAT PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware PDB |
|
|
|
|
1.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14052 |
2021-10-26 14:28
|
DHL-Fattura-446732-9302.xls 2172d539dfc31f78f87363c9837fc788 VBA_macro Generic Malware MSOffice File VirusTotal Malware RWX flags setting unpack itself |
|
|
|
|
1.6 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14053 |
2021-10-26 14:35
|
note866.exe 77294635b863561ecd6267711c5222a2 Malicious Library UPX PE File PE32 Browser Info Stealer VirusTotal Malware Malicious Traffic Check memory ICMP traffic unpack itself Tofsee Interception Browser Remote Code Execution DNS crashed |
2
http://186.2.171.3/seemorebty/il.php?e=note866 - rule_id: 4715 https://iplogger.org/ZdUWq
|
3
iplogger.org(88.99.66.31) - mailcious 186.2.171.3 - mailcious 88.99.66.31 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
http://186.2.171.3/seemorebty/il.php
|
6.2 |
M |
37 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14054 |
2021-10-26 14:41
|
note866.exe 77294635b863561ecd6267711c5222a2 Malicious Library UPX PE File PE32 Browser Info Stealer VirusTotal Malware Malicious Traffic Check memory ICMP traffic unpack itself Tofsee Interception Browser Remote Code Execution DNS crashed |
2
http://186.2.171.3/seemorebty/il.php?e=note866 - rule_id: 4715 https://iplogger.org/ZdUWq
|
3
iplogger.org(88.99.66.31) - mailcious 186.2.171.3 - mailcious 88.99.66.31 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
http://186.2.171.3/seemorebty/il.php
|
6.2 |
M |
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14055 |
2021-10-26 14:50
|
FORM_PIX EYMVDUI.msi f2836216ca554dfdc8a300decb644911 Gen2 Generic Malware Malicious Packer Malicious Library OS Processor Check MSOffice File VirusTotal Malware |
|
|
|
|
0.8 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|