| 14266 |
2023-04-06 10:03
|
 work.txt.ps1 0a7ad1398074dada29acf86dcfc4bde1
Generic Malware Antivirus VirusTotal Malware powershell Check memory unpack itself powershell.exe wrote WriteConsoleW Windows Cryptographic key |
1
http://khalid.dnsdojo.org:81/dd/image.jpg
|
|
|
|
2.8 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14267 |
2023-04-06 09:57
|
 cc.exe a0f0696e485e7f0a3aeaeea65eb70d9b
Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself |
|
|
|
|
2.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14268 |
2023-04-06 09:56
|
 Payment_Copy.exe fe87505c13a6a986885193cb177d4607
UPX Admin Tool (Sysinternals etc ...) PE32 PE File VirusTotal Malware Check memory RWX flags setting unpack itself suspicious process WriteConsoleW ComputerName Remote Code Execution crashed |
|
|
|
|
3.4 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14269 |
2023-04-06 09:54
|
 vbc.exe 9045d0b46b820ae46a56caea6c975791
Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself |
|
|
|
|
2.2 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14270 |
2023-04-06 09:51
|
 AprilINV(P8398).wsf 580db0d8104da2b048b9c8e93b31fe41
Generic Malware Admin Tool (Sysinternals etc ...) Antivirus AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key |
9
https://theshirtsummit.com/MwBGSm/X43S9tKlG9hZ
http://rosewoodlaminates.com/hea/sfhcCg
https://propertynear.co.uk/QyYWyp/FCQindm
https://agtendelperu.com/FPu0Fa/yWmNrJc8QE
https://graficalevi.com.br/0p6P/1bETg1
https://capitalperurrhh.com/vQ1iQg/OBXQFCgW
https://kmphi.com/FWovmB/X28yyULq
https://centerkick.com/IC5EQ8/5exos
https://chimpcity.com/h7e/ZLu1Kp
|
|
|
|
5.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14271 |
2023-04-06 09:35
|
 AprilClaim(KX2436).wsf dfad90af79f42416cc6da9e312ec4f83
Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key |
9
https://kmphi.com/FWovmB/6AsKx2
https://chimpcity.com/h7e/KGDXCRfZn7
https://capitalperurrhh.com/vQ1iQg/lqk1jsDI27b
https://centerkick.com/IC5EQ8/RxqxmGt
https://propertynear.co.uk/QyYWyp/JbyKkEDe
http://rosewoodlaminates.com/hea/d0Nv0xl7D2
https://graficalevi.com.br/0p6P/XtREP9fLoq
https://agtendelperu.com/FPu0Fa/yJec2y
https://theshirtsummit.com/MwBGSm/0nazlOubw6
|
|
|
|
5.6 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14272 |
2023-04-06 08:10
|
 Htilunw.exe 295235562a5d804fad58078b9b014165
PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Tofsee |
1
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
|
4
cacerts.digicert.com(152.195.38.76)
onedrive.live.com(13.107.42.13) - mailcious
13.107.42.13 - mailcious
152.195.38.76
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.2 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14273 |
2023-04-05 17:39
|
 7592a3326e8f8297547f8c170b96b8... 2b8424d44a9d22b08b68af4e0f5ea9e6
PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key |
|
|
|
|
2.8 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14274 |
2023-04-05 17:37
|
 103.exe dce62039df2bafb63e0e146ee03f3b33
RedLine stealer[m] RAT UPX AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
11.0 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14275 |
2023-04-05 17:37
|
 toolspub1.exe 3d8854201d7131f95772a5ba7be47be6
Malicious Library AntiDebug AntiVM PE32 PE File VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself |
|
|
|
|
7.0 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14276 |
2023-04-05 17:35
|
 vbc.exe ac91186f688620b6a391847170b294b6
RAT Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
2
http://www.freshfruits.online/ne28/?t8o8szU=gE2koM16bc0rOnK/MBZG/f0y7whpdIhM0SAPAPR9GoMdZqV7E8zDPgnGgOZ4njeguJBhKBSc&kPj0q=K4kP
http://www.mantlepies.co.uk/ne28/?t8o8szU=qqm+J93IvUzIpsvlcDCofCpDZ1e3GW2Uvp+4wrKJhnvgzBwSBunnLsrelTMknHiM20FMLgvx&kPj0q=K4kP
|
6
www.cycw168.com(172.241.79.24)
www.mantlepies.co.uk(194.11.155.157)
www.freshfruits.online(52.58.78.16)
172.241.79.24
52.58.78.16 - mailcious
194.11.155.157
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.6 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14277 |
2023-04-05 17:35
|
x....xx.......doc e1ee12ca06b9c3b7649b9535749cf03b
MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed Downloader |
3
http://www.cycw168.com/ne28/?t8o8szU=mbwBRbi33CvFXvMYDzrBdhYiJ+Au0rT1qBAIEGFmWlPdn+ZGXHbMqIWZLoU5E/0nyretKFgo&kPj0q=K4kP
http://www.mantlepies.co.uk/ne28/?t8o8szU=qqm+J93IvUzIpsvlcDCofCpDZ1e3GW2Uvp+4wrKJhnvgzBwSBunnLsrelTMknHiM20FMLgvx&kPj0q=K4kP
http://www.freshfruits.online/ne28/?t8o8szU=gE2koM16bc0rOnK/MBZG/f0y7whpdIhM0SAPAPR9GoMdZqV7E8zDPgnGgOZ4njeguJBhKBSc&kPj0q=K4kP
|
7
www.cycw168.com(156.242.168.24)
www.mantlepies.co.uk(194.11.155.157)
www.freshfruits.online(52.58.78.16)
52.58.78.16 - mailcious
156.242.168.24
194.11.155.157
192.3.179.147 - mailcious
|
8
ET INFO Executable Download from dotted-quad Host
ET MALWARE MSIL/GenKryptik.FQRH Download Request
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.8 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14278 |
2023-04-05 10:24
|
 N1799ReleasableNasalwards.js ac6703217fe8901c194ac9f8390bb149
Generic Malware Antivirus AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key |
8
https://bebessi.com.tr/Q9QbSi/Y8IsjiOVWQs
https://cozarqingenieria.com.mx/R5Awkh4/IAwsfGYFHu
https://blogdocisneiros.com.br/GOm/CZWeNYRGNW
https://immunoliderazgoyoportunidad.com/xqa6Cny/7DNq8cWkEOr
https://comunidadehebrom.com.br/0P16/HLETQRJ0k
https://thewatchzonebd.com/tkh4PH/LuOM9tXciY9
https://theyoungandtheratchet.com/IzvO/DIYBEy40vv70
http://unitedec-eg.com/IFU6llZ/FGv9BlZxp
|
|
|
|
5.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14279 |
2023-04-05 10:23
|
 NB6504Platemark.js 94c66f83a8578ecf960ee2654380c490
Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName DNS Cryptographic key |
8
https://blogdocisneiros.com.br/GOm/Ii6X0MzGs8z
https://immunoliderazgoyoportunidad.com/xqa6Cny/1PfyhunF
https://comunidadehebrom.com.br/0P16/tqu7usG7B
http://unitedec-eg.com/IFU6llZ/Snng5HnTAf1
https://theyoungandtheratchet.com/IzvO/OskM0
https://bebessi.com.tr/Q9QbSi/hsEV2
https://thewatchzonebd.com/tkh4PH/eGwfOzH
https://cozarqingenieria.com.mx/R5Awkh4/q70jX
|
1
185.252.178.121 - mailcious
|
|
|
6.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14280 |
2023-04-05 10:22
|
 unknown.exe 62d43812a9da3cc5de08bb649e9e4d37
RAT .NET EXE PE32 PE File AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself installed browsers check Windows Browser ComputerName |
|
|
|
|
4.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|