| 106 |
2023-06-11 21:41
|
 foto164.exe cbb0bcb442a38af349af69ecb177738a
Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
5
http://77.91.68.30/music/rock/Plugins/cred64.dll - rule_id: 34101
http://77.91.68.30/music/rock/index.php - rule_id: 34087
http://77.91.68.30/DSC01491/fotod75.exe
http://77.91.68.30/DSC01491/foto164.exe
http://77.91.68.30/music/rock/Plugins/clip64.dll - rule_id: 34102
|
2
83.97.73.129 - mailcious
77.91.68.30 - malware
|
11
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Dotted Quad Host DLL Request
|
3
http://77.91.68.30/music/rock/Plugins/cred64.dll
http://77.91.68.30/music/rock/index.php
http://77.91.68.30/music/rock/Plugins/clip64.dll
|
17.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 107 |
2023-06-08 14:02
|
 photo250.exe e53eb222dce17efcdcac2c00cacb6c45
RedLine stealer[m] Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.30/music/rock/index.php - rule_id: 34087
http://77.91.68.30/music/rock/Plugins/cred64.dll - rule_id: 34101
http://77.91.68.30/music/rock/Plugins/clip64.dll - rule_id: 34102
|
2
83.97.73.129 - mailcious
77.91.68.30 - malware
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.30/music/rock/index.php
http://77.91.68.30/music/rock/Plugins/cred64.dll
http://77.91.68.30/music/rock/Plugins/clip64.dll
|
20.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 108 |
2023-06-08 14:00
|
 photo250.exe cf66c33d6331c8d39b8058b46d59c108
RedLine stealer[m] Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.30/music/rock/index.php - rule_id: 34087
http://77.91.68.30/music/rock/Plugins/cred64.dll - rule_id: 34101
http://77.91.68.30/music/rock/Plugins/clip64.dll - rule_id: 34102
|
2
77.91.68.30 - malware
83.97.73.129 - mailcious
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.30/music/rock/index.php
http://77.91.68.30/music/rock/Plugins/cred64.dll
http://77.91.68.30/music/rock/Plugins/clip64.dll
|
20.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 109 |
2023-06-08 09:28
|
 main.exe d24e233cbed550a67e8d56f88632a869
Gen1 Emotet Generic Malware UPX Malicious Library Antivirus CAB PE64 PE File PDB Check memory unpack itself WriteConsoleW Windows Remote Code Execution Cryptographic key |
|
|
|
|
1.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 110 |
2023-06-08 09:08
|
 fotod25.exe 16a7613fd06e8be30c74a2392a78fcd4
RedLine stealer[m] Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.30/music/rock/index.php
http://77.91.68.30/music/rock/Plugins/cred64.dll
http://77.91.68.30/music/rock/Plugins/clip64.dll
|
2
77.91.68.30 - malware
83.97.73.129
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
22.0 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 111 |
2023-06-08 09:07
|
 foto124.exe 36be93fe994c73fdac44e390bacda2dd
RedLine stealer[m] Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
5
http://77.91.68.30/music/rock/index.php
http://77.91.68.30/DSC01491/foto124.exe
http://77.91.68.30/DSC01491/fotod25.exe
http://77.91.68.30/music/rock/Plugins/cred64.dll
http://77.91.68.30/music/rock/Plugins/clip64.dll
|
2
83.97.73.129
77.91.68.30 - malware
|
11
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Dotted Quad Host DLL Request
|
|
22.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 112 |
2023-06-04 17:45
|
 foto124.exe 5179b8f5f0a4a2c88c1c9ab074f50e60
Redline Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725
http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724
http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware
83.97.73.126 - malware
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll
http://77.91.68.62/wings/game/Plugins/cred64.dll
http://77.91.68.62/wings/game/index.php
|
14.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 113 |
2023-06-04 17:37
|
 fotod25.exe 001ba557c3a6837ac5635bbf859ed645
Redline Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
5
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725
http://77.91.68.62/DSC01491/foto124.exe
http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724
http://77.91.68.62/wings/game/index.php - rule_id: 33726
http://77.91.68.62/DSC01491/fotod25.exe
|
2
77.91.68.62 - malware
83.97.73.126 - malware
|
11
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Dotted Quad Host DLL Request
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll
http://77.91.68.62/wings/game/Plugins/cred64.dll
http://77.91.68.62/wings/game/index.php
|
14.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 114 |
2023-06-04 17:37
|
 foto124.exe 1b28062bf3a3a5e2e681649e4a0d22dc
Redline Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725
http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724
http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware
83.97.73.126 - malware
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll
http://77.91.68.62/wings/game/Plugins/cred64.dll
http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 115 |
2023-05-31 22:22
|
 photo430.exe b6ed4cad3e59dbf00df04523cfc39466
Redline Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
5
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725
http://77.91.68.62/DSC01491/fotocr06.exe - rule_id: 33774
http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724
http://77.91.68.62/wings/game/index.php - rule_id: 33726
http://77.91.68.62/DSC01491/foto148.exe - rule_id: 33773
|
2
77.91.68.62 - malware
83.97.73.127 - mailcious
|
11
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET INFO Executable Download from dotted-quad Host
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Dotted Quad Host DLL Request
|
5
http://77.91.68.62/wings/game/Plugins/clip64.dll
http://77.91.68.62/DSC01491/fotocr06.exe
http://77.91.68.62/wings/game/Plugins/cred64.dll
http://77.91.68.62/wings/game/index.php
http://77.91.68.62/DSC01491/foto148.exe
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 116 |
2023-05-30 13:41
|
 06777499.exe 6392f9473488585adf633a7fde82f28b
Redline Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Ransomware Lumma Stealer Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed |
5
http://95.214.27.98/lend/kds7uq5kknv.exe
http://95.214.27.98/cronus/Plugins/cred64.dll
http://95.214.27.98/cronus/index.php - rule_id: 33802
http://95.214.27.98/cronus/index.php
http://185.99.133.246/c2sock - rule_id: 33485
|
3
83.97.73.127 - mailcious
95.214.27.98 - malware
185.99.133.246 - mailcious
|
14
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Dotted Quad Host DLL Request
SURICATA HTTP unable to match response to request
|
2
http://95.214.27.98/cronus/index.php
http://185.99.133.246/c2sock
|
22.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 117 |
2023-05-30 09:56
|
 foto148.exe bd83774449462adfb38deec655db2d53
Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725
http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724
http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware
83.97.73.127 - mailcious
|
10
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll
http://77.91.68.62/wings/game/Plugins/cred64.dll
http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 118 |
2023-05-30 09:54
|
 fotocr06.exe 990c304a94d6c1421a36461c0b6bee0d
Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725
http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724
http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware
83.97.73.127 - mailcious
|
10
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll
http://77.91.68.62/wings/game/Plugins/cred64.dll
http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 119 |
2023-05-30 09:52
|
 fotocr06.exe 990c304a94d6c1421a36461c0b6bee0d
Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725
http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724
http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware
83.97.73.127
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll
http://77.91.68.62/wings/game/Plugins/cred64.dll
http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 120 |
2023-05-30 09:52
|
 foto148.exe bd83774449462adfb38deec655db2d53
Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725
http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724
http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware
83.97.73.127
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll
http://77.91.68.62/wings/game/Plugins/cred64.dll
http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|