1456 |
2024-08-07 10:18
|
ienetworks.hta 367299f3b78921590e30252fcc114cc7 Antivirus VirusTotal Malware unpack itself crashed |
|
|
|
|
1.2 |
|
15 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1457 |
2024-08-07 10:13
|
3.dat 0c8848c11a91ab74f30abbef17792f8f Generic Malware UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.8 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1458 |
2024-08-07 10:11
|
wp.vbs 67d660ff76a9414cc62d4ddf7f3223f6VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName DNS DDNS Dropper |
1
http://chongmei33.publicvm.com:7045/is-ready
|
2
chongmei33.publicvm.com(46.246.6.6) - mailcious 46.246.6.6
|
1
ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com)
|
|
10.0 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1459 |
2024-08-07 10:11
|
taskhostw3.exe 06a8e35022b76d751e396d1ab5bb9cf1 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
3.6 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1460 |
2024-08-07 10:09
|
az.exe b9fcbae32e294854e2507179d4acef1c Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Remote Code Execution |
|
|
|
|
1.8 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1461 |
2024-08-07 10:08
|
Eqmosyuwc.exe 5bd96efdf03f3f0758f1822e678dacaa Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1462 |
2024-08-07 10:07
|
jm.vbs 1e4160cfab325ccbe906be8bfd94fb53VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download unpack itself AntiVM_Disk IP Check VM Disk Size Check Windows ComputerName DNS DDNS Dropper |
2
http://ip-api.com/json/
http://chongmei33.publicvm.com:7045/is-ready
|
4
chongmei33.publicvm.com(46.246.6.6) - mailcious
ip-api.com(208.95.112.1) 46.246.6.6
208.95.112.1
|
3
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com) ET POLICY External IP Lookup ip-api.com
|
|
10.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1463 |
2024-08-07 10:06
|
masdaaaewebbbMPDW-constraints.... 2bcdb70c9930b9ade4d2f993105816ca Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1464 |
2024-08-07 10:04
|
sahost.exe 849c7ae770318ac09e0fde466e1becfe Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself crashed |
|
|
|
|
7.4 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1465 |
2024-08-07 10:04
|
amadey.exe 107c3b33e05d1d569cccc2052e56055e Amadey Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check DLL PE64 JPEG Format Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Software |
4
http://80.66.75.214/g8djmsaxA/Plugins/cred64.dll http://80.66.75.214/g8djmsaxA/Plugins/clip64.dll http://80.66.75.214/g8djmsaxA/index.php?scr=1 http://80.66.75.214/g8djmsaxA/index.php
|
29
197.234.223.180 77.246.158.216 157.97.109.159 83.243.47.17 118.25.101.87 47.99.144.17 79.124.17.242 37.16.7.184 34.43.67.154 162.0.211.158 213.100.160.101 110.42.3.95 80.66.75.214 - malware 63.134.234.92 146.148.25.153 116.202.81.93 125.229.77.252 182.92.155.50 38.249.8.144 38.249.14.69 119.176.96.94 184.154.46.96 213.199.32.146 79.96.222.94 178.17.168.102 155.159.241.238 87.230.85.251 162.240.68.86 68.183.179.133
|
5
ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET MALWARE Amadey Bot Activity (POST) M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
|
|
13.6 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1466 |
2024-08-07 10:04
|
193.exe 5a5ccdbe3cdd135a57f61138867932a8 Generic Malware UPX PE File PE32 VirusTotal Malware DNS |
1
http://115.159.47.193/4.jpg
|
1
|
|
|
4.0 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1467 |
2024-08-07 10:02
|
ds.exe 3b6b710da92a115329d00c5e55ad7671 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
1.8 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1468 |
2024-08-07 10:00
|
cred.dll 2fb39d6664f6b415124cf2368db92fb4 Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software |
1
http://ruspyc.top/h9k4kfklCdszZ3/index.php - rule_id: 38931
|
2
ruspyc.top(154.216.20.234) - mailcious 154.216.20.234 - malware
|
3
ET DNS Query to a *.top domain - Likely Hostile ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET INFO HTTP Request to a *.top domain
|
1
|
8.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1469 |
2024-08-07 09:58
|
clip64.dll 40c8cf4849514e1d32f865bafe75f898 Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS |
1
http://ruspyc.top/h9k4kfklCdszZ3/index.php - rule_id: 38931
|
2
ruspyc.top(154.216.20.234) - mailcious 154.216.20.234 - malware
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 25 ET DNS Query to a *.top domain - Likely Hostile ET INFO HTTP Request to a *.top domain
|
1
|
3.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1470 |
2024-08-07 09:57
|
setup.exe fc99ddf185aa553bf30c431cc897c903 Generic Malware Malicious Library UPX ftp PE File PE32 OS Processor Check VirusTotal Malware Telegram Code Injection unpack itself IP Check DNS |
1
http://myexternalip.com/raw
|
4
myexternalip.com(34.160.111.145) api.telegram.org(149.154.167.220) - mailcious 34.160.111.145 149.154.167.220 - mailcious
|
4
ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET POLICY External IP Check myexternalip.com
|
|
5.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|