| 14176 |
2021-10-28 11:26
|
 162.exe 33647b416fb2e49f3a8a57fd7b19c287
RAT PWS .NET framework Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
https://cdn.discordapp.com/attachments/893177342426509335/902967086526115860/800AF764.jpg
|
3
cdn.discordapp.com(162.159.134.233) - malware
144.76.183.53 - mailcious
162.159.129.233 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.0 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14177 |
2021-10-28 11:29
|
 JWMtirXqFC.png 345eadc8b1f5d0b373b531902c06572e
Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
2.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14178 |
2021-10-28 11:30
|
 vbc.exe 585025734e3c4fed80865d8eedf61647
Loki NSIS Malicious Library UPX PE File PE32 DLL Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
2
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php - rule_id: 6875
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
|
2
74f26d34ffff049368a6cff8812f86ee.ml(104.21.22.146)
172.67.205.83
|
10
ET INFO DNS Query for Suspicious .ml Domain
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET INFO HTTP POST Request to Suspicious *.ml Domain
ET INFO HTTP Request to a *.ml domain
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
1
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
|
10.6 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14179 |
2021-10-28 11:32
|
 10-20-2021.PDF.jar 668e3c7807e42329a01a3c85ccb17504VirusTotal Malware Check memory Checks debugger RWX flags setting unpack itself Check virtual network interfaces WriteConsoleW DNS crashed |
|
1
|
|
|
3.4 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14180 |
2021-10-28 11:35
|
 163.exe 9a7146fc6a650f4e344aa8102c5986e2
RAT NPKI Generic Malware Malicious Packer VMProtect Malicious Library AntiDebug AntiVM PE File PE32 .NET EXE PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
https://cdn.discordapp.com/attachments/896828586240139287/901737781536108544/build.exe
https://github.com/UnamSanctam/SilentETHMiner/raw/master/SilentETHMiner/Resources/ethminer.zip - rule_id: 2610
|
8
github.com(15.164.81.167) - mailcious
raw.githubusercontent.com(185.199.108.133) - malware
sanctam.net() - mailcious
cdn.discordapp.com(162.159.135.233) - malware
185.209.22.181
52.78.231.108 - malware
162.159.135.233 - malware
185.199.109.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://github.com/UnamSanctam/SilentETHMiner/raw/master/SilentETHMiner/Resources/ethminer.zip
|
13.4 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14181 |
2021-10-28 11:37
|
 .csrss.exe cb0edfd7d3b5baa046cded699a6b44bb
PWS .NET framework Generic Malware PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself |
|
|
|
|
5.6 |
|
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14182 |
2021-10-28 11:39
|
 vlZuMMWcMelvpW.png 2228471d39760f9a389ac95f71b671a9
Malicious Library PE File PE32 DLL VirusTotal Malware unpack itself Windows crashed |
|
|
|
|
2.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14183 |
2021-10-28 11:41
|
 c54893932feb406033f276e4e924ea... ff3fffe53dee30a1c24bf86d419bd4ac
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
apps.identrust.com(119.207.65.137)
t.gogamec.com(104.21.85.99)
172.67.204.112
121.254.136.57
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14184 |
2021-10-28 13:13
|
 c54893932feb406033f276e4e924ea... ff3fffe53dee30a1c24bf86d419bd4ac
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
apps.identrust.com(119.207.65.153)
t.gogamec.com(104.21.85.99)
104.21.85.99
172.67.204.112
182.162.106.26
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
|
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14185 |
2021-10-28 13:27
|
 c54893932feb406033f276e4e924ea... ff3fffe53dee30a1c24bf86d419bd4ac
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
apps.identrust.com(119.207.65.137)
t.gogamec.com(172.67.204.112)
104.21.85.99
172.67.204.112
23.65.188.19
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
|
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14186 |
2021-10-28 14:15
|
 c54893932feb406033f276e4e924ea... ff3fffe53dee30a1c24bf86d419bd4ac
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
apps.identrust.com(119.207.65.137)
t.gogamec.com(172.67.204.112)
104.21.85.99
172.67.204.112
182.162.106.42 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
|
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14187 |
2021-10-28 14:31
|
 c54893932feb406033f276e4e924ea... ff3fffe53dee30a1c24bf86d419bd4ac
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
apps.identrust.com(119.207.65.74)
t.gogamec.com(172.67.204.112)
104.21.85.99
182.162.106.26
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
|
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14188 |
2021-10-28 14:49
|
 c54893932feb406033f276e4e924ea... ff3fffe53dee30a1c24bf86d419bd4ac
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
4
apps.identrust.com(119.207.64.152)
t.gogamec.com(172.67.204.112)
23.206.175.34
104.21.85.99
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
|
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14189 |
2021-10-28 14:55
|
 c54893932feb406033f276e4e924ea... ff3fffe53dee30a1c24bf86d419bd4ac
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory Check virtual network interfaces Tofsee DNS |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
apps.identrust.com(119.207.64.152)
t.gogamec.com(172.67.204.112)
61.111.58.34 - malware
172.67.204.112
182.162.106.42 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.8 |
|
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14190 |
2021-10-28 14:59
|
 c54893932feb406033f276e4e924ea... ff3fffe53dee30a1c24bf86d419bd4ac
Malicious Library UPX PE File OS Processor Check PE32 VirusTotal Malware Check memory Check virtual network interfaces Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
5
apps.identrust.com(119.207.64.152)
t.gogamec.com(104.21.85.99)
104.21.85.99
172.67.204.112
182.162.106.26
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.2 |
|
37 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|