| 14161 |
2021-10-28 11:09
|
 .vbc.exe 0e03abdcfc2280af3abae47683c0368a
NSIS Malicious Library UPX PE File PE32 DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files ICMP traffic unpack itself AppData folder |
22
http://www.inn-oasis.com/dnz9/?QFQLCr=IW5PNwaHghlTf0xm0Ks5DYjbiqjHJ+X1K5m7YNZFSAp7YuTOcGAeqxTwTnc4OI/h7NapWfoM&Ppm=_6g8ydKhyJots
http://www.44a44.net/dnz9/
http://www.thesugarlab.net/dnz9/
http://www.sabanetavirtual.com/dnz9/
http://www.codelowenrangewwwdecimal.com/dnz9/
http://www.inn-oasis.com/dnz9/
http://www.socalsandblasting.com/dnz9/
http://www.tentenno1.com/dnz9/?QFQLCr=C1OqYIG+srsEeKlYgjIZlxi155VbB51XW5Yk/rLmexTvMfK4GbE5kxIaHU1uJe6ZXofuLuUX&Ppm=_6g8ydKhyJots
http://www.socalsandblasting.com/dnz9/?QFQLCr=QAH/q537EU4COfkJHrxYUrzZOi4REe/2s1Jyid/oZOLuJwhlHmYPW7lT9qWjTIQA6SYMg92H&Ppm=_6g8ydKhyJots
http://www.into-mena.com/dnz9/?QFQLCr=3ag4vjOfnv+07s9FFiUkWtKgPKMLybE8jspBJRfAyAfqAQ9VBb/zfG2sx12s2MyOmLHLBCDV&Ppm=_6g8ydKhyJots
http://www.into-mena.com/dnz9/
http://www.thesugarlab.net/dnz9/?QFQLCr=Idvbba0MF/kQGajiPDQ0BtU9UR/6S6KzfrcT76qwTADBjDT6bieME1AfKGRXEiZr2N7zBOCu&Ppm=_6g8ydKhyJots
http://www.baileysepictravel.com/dnz9/?QFQLCr=HDBI6A2Z/73943MCk9C/o97/70OIUcVPSll2x6ZmH/+b2P8dW+s/leAF468MVaZaq4ChjF19&Ppm=_6g8ydKhyJots
http://www.larsonscompletewellness.com/dnz9/?QFQLCr=8j8o+Di1u89Hz5+B47P9M0QvjhZFDORnY21QyygQ+xvKvvmS9G92Q1wPTm7MWTiFk1+w4eYq&Ppm=_6g8ydKhyJots
http://www.codelowenrangewwwdecimal.com/dnz9/?QFQLCr=pdBB9xDiriJfIw3kD921jAsii4fRl5Xta03FsCbmQDjV2BlGqNJh965M+1Yoo8YBTYzxVMHy&Ppm=_6g8ydKhyJots
http://www.baileysepictravel.com/dnz9/
http://www.sabanetavirtual.com/dnz9/?QFQLCr=ejJNf3mRMeUvMc8Yr9tYe4cGD1pDO9+FWVM0xq43/TzzIsMmcPf0XjBJWgLscL+X1SmA5CJh&Ppm=_6g8ydKhyJots
http://www.tentenno1.com/dnz9/
http://www.abcfortis.xyz/dnz9/
http://www.larsonscompletewellness.com/dnz9/
http://www.44a44.net/dnz9/?QFQLCr=7zMqaysx3EtGjnss6reJQ0j+uTiQ8gwrgaQz0zIBfDQ+NTHovINuL2ZEGUn3O8dxlJ/AyyCs&Ppm=_6g8ydKhyJots
http://www.abcfortis.xyz/dnz9/?QFQLCr=6ARw2HGGhhFL65s6pXAsehEw9Mer1fUDUfAoyG+V2gKh2RiIiaVJinxsP2DtKoQDCx0xajlo&Ppm=_6g8ydKhyJots
|
23
www.baileysepictravel.com(182.50.132.242)
www.mentorkepribadian.com()
www.larsonscompletewellness.com(34.102.136.180)
www.socalsandblasting.com(34.102.136.180)
www.codelowenrangewwwdecimal.com(208.100.26.245)
www.sabanetavirtual.com(34.102.136.180)
www.thesugarlab.net(199.59.242.153)
www.abcfortis.xyz(188.164.131.200)
www.44a44.net(156.240.146.122)
www.serv-blackhawk-net.com()
www.inn-oasis.com(120.79.70.33)
www.tentenno1.com(150.95.114.233)
www.mykigey5.xyz()
www.into-mena.com(136.143.191.204)
120.79.70.33
208.100.26.245 - phishing
34.102.136.180 - mailcious
136.143.191.204
199.59.242.153 - mailcious
182.50.132.242 - mailcious
150.95.114.233
70.39.125.244 - mailcious
156.240.146.122
|
2
ET MALWARE FormBook CnC Checkin (GET)
ET HUNTING Request to .XYZ Domain with Minimal Headers
|
|
7.4 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14162 |
2021-10-28 11:10
|
 game.exe 8a9095bb671979a0664b6736770d6847
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.4 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14163 |
2021-10-28 11:11
|
 DkkbXh.png a4c263e5e9079d9c5195e0182e127fcb
Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
2.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14164 |
2021-10-28 11:13
|
 toolspab2.exe 572807ee6e7da2e15d9873abd882ce30
Malicious Library UPX AntiDebug AntiVM PE File OS Processor Check PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself Remote Code Execution |
|
|
|
|
7.4 |
|
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14165 |
2021-10-28 11:13
|
 csrss.exe cce4a440628be4103fe2c7a26e6dbf6b
Loki PWS Loki[b] Loki.m .NET framework Generic Malware Socket DNS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Browser Email ComputerName Software |
2
http://secure01-redirect.net/fd4/fre.php - rule_id: 6874
http://secure01-redirect.net/fd4/fre.php
|
2
secure01-redirect.net(185.255.133.32)
185.255.133.32
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://secure01-redirect.net/fd4/fre.php
|
13.8 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14166 |
2021-10-28 11:15
|
 vbc.exe df330ab2a2e5aa4ac947315ee3f93992
NSIS Generic Malware Malicious Library UPX PE File PE32 DLL Emotet VirusTotal Malware Code Injection Check memory Creates executable files unpack itself AppData folder |
|
|
|
|
4.2 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14167 |
2021-10-28 11:15
|
 vbc.exe 76a273a48d0d9e02adc29457e145f437
Loki NSIS Malicious Library UPX PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php - rule_id: 5674
|
2
74f26d34ffff049368a6cff8812f86ee.gq(104.21.62.32) - mailcious
172.67.219.104
|
10
ET INFO DNS Query for Suspicious .gq Domain
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.gq domain
ET INFO HTTP Request to a *.gq domain
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
|
10.4 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14168 |
2021-10-28 11:17
|
 126808361.exe 8c957f8e5cc91f649891254901d6293c
PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
6.2 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14169 |
2021-10-28 11:18
|
 oKwqQ.png edadfd868f1dd7590ec7c9581eaa146d
Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
2.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14170 |
2021-10-28 11:20
|
 oWCwd.png 22779bfc1d6843924f5e2875afbba259
Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
2.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14171 |
2021-10-28 11:22
|
 vbc.exe 66eaa64c0b3581cd9f183f9a1af0d33d
PWS .NET framework Generic Malware SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
13.2 |
|
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14172 |
2021-10-28 11:22
|
 alNtY.png ae4472036314048bcb8ed8c9c7b62446
Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
2.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14173 |
2021-10-28 11:22
|
 new3.exe 0edc34831b45eded59bd2aeef85aa41b
NSIS Malicious Library UPX PE File PE32 DLL FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder |
15
http://www.quizzesandcode.com/m5cw/?wR=ihr0j2gJcf5+EnssovkeYdomuhElEpGhMd2EDjmD8mK1WsJRn6CTnedoQTxVtgJe3r3SQDqs&SP=7nET_brp
http://www.guard-usa.com/m5cw/?wR=W73qM1GHULF8N/ig74ZikXkwbq16m3e8KQqaSXAfVdrVInQdtPtI+x1PgF1aUoBvLo57swev&SP=7nET_brp
http://www.x-play.club/m5cw/?wR=+5n4GXfN5kucnctwDd7o4LwiywL9i92sj/7/U6L90vnUXrk0BvUQbEK1TGqiLBk0IgwSjrwK&SP=7nET_brp
http://www.jxypc.com/m5cw/?wR=oQ1T3JE0v5RBAF9MgIcnsk7ow6YXDyhYpLF2uhM5FAQrijQnGbVa2Yog1wbUE/g3OWV//0X0&SP=7nET_brp
http://www.organic-outlaws.com/m5cw/?wR=m7Hi4aQ8EskjNlQYwLxIUbsM5u/saFFhIXhhNOkCWarPyjxdFOinRaUJjkgTN80ibU+86UM5&SP=7nET_brp
http://www.nrnmuhendislik.com/m5cw/?wR=22FspJgoj0RspL2iXWhc41TdvXmKPe7/i7GG6oV36rS/vvrv2f3GgjczQdaLoxMiRkHsz+Zi&SP=7nET_brp
http://www.the22yards.club/m5cw/?wR=emMSuu7GUcaDa4Oo/eoU+baJRAHOsrVhqwxc30o52Oy/Uh4TjPMUhzrdSct0qi37V/+TpRYI&SP=7nET_brp - rule_id: 6964
http://www.the22yards.club/m5cw/?wR=emMSuu7GUcaDa4Oo/eoU+baJRAHOsrVhqwxc30o52Oy/Uh4TjPMUhzrdSct0qi37V/+TpRYI&SP=7nET_brp
http://www.art-for-a-cause.com/m5cw/?wR=J8VJ8UCC0khwQJPb8jXSgpuDN+WtvXxDYaYel8rzuxdPQ32TBsL8hQV0C7xWeQV4TeCDFs/g&SP=7nET_brp - rule_id: 6957
http://www.art-for-a-cause.com/m5cw/?wR=J8VJ8UCC0khwQJPb8jXSgpuDN+WtvXxDYaYel8rzuxdPQ32TBsL8hQV0C7xWeQV4TeCDFs/g&SP=7nET_brp
http://www.depofmvz.com/m5cw/?wR=5PUtoX77uXON+Lr3j3xEIiowTK+Fe9cEHqRAl5GGXP+OaYsBwcvZKJsfkwNQZ+S/N6yJcvAx&APcPAD=djItCFUXjf9X
http://www.thecompacthomegym.com/m5cw/?wR=AqkecTqC76kzSd9rRfkcnDPIrRsf6SN01j5h569v4mIPfvKpifU83VUxGMWqD9OrqsLPRV3f&SP=7nET_brp
http://www.france-temps-partage.net/m5cw/?wR=o2vS9Af6+KK2A0vFIrXM7G9AmZyRuJ8gJRTGojAFVv+YOp+kqirPzAFgPy9CN1BpvRLeFzQw&SP=7nET_brp
http://www.stolpfabriken.com/m5cw/?wR=+iv+h8qZuTrwiDCW4fxqzWDYox0n/o/qndB48j85BzBnCisZJjFOidXP+WGQXvtJhp+9Huta&SP=7nET_brp
http://www.quickloanprovidersservices.com/m5cw/?wR=0KVAUDFSLmc+WbjjYrT+Ul2ZwbMHOjfE2WAoa1F3L/xh5cuh+cehjXU538o++lkW0snrMy48&SP=7nET_brp
|
29
www.thecompacthomegym.com(104.237.144.228)
www.quizzesandcode.com(104.245.88.38)
www.jxypc.com(3.223.115.185)
www.stolpfabriken.com(194.9.94.86)
www.france-temps-partage.net(217.70.184.50)
www.horilka.store()
www.organic-outlaws.com(66.96.162.136)
www.dazalogistics.com()
www.aragon.store()
www.guard-usa.com(206.188.193.129)
www.x-play.club(185.215.4.10)
www.art-for-a-cause.com(192.0.78.25)
www.depofmvz.com(70.35.199.82)
www.nrnmuhendislik.com(45.84.188.101)
www.quickloanprovidersservices.com(103.20.212.253)
www.the22yards.club(184.168.96.211)
45.84.188.101
70.35.199.82
104.237.144.228
194.9.94.86 - mailcious
217.70.184.50 - mailcious
104.245.88.38
185.215.4.10
66.96.162.136
103.20.212.253
184.168.96.211
3.223.115.185 - mailcious
192.0.78.25 - mailcious
206.188.193.129
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
2
http://www.the22yards.club/m5cw/
http://www.art-for-a-cause.com/m5cw/
|
5.8 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14174 |
2021-10-28 11:24
|
 po7cv1bb.tar 2c9bae00aa5f17d0b9cfd75fcf7e05b7
Malicious Library UPX PE File OS Processor Check PE32 DLL VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.4 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14175 |
2021-10-28 11:24
|
 qYznSw.png e53a16bea7918b1f7d4c0e659febc766
Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
2.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|