106 |
2023-06-11 21:41
|
foto164.exe cbb0bcb442a38af349af69ecb177738a Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
5
http://77.91.68.30/music/rock/Plugins/cred64.dll - rule_id: 34101 http://77.91.68.30/music/rock/index.php - rule_id: 34087 http://77.91.68.30/DSC01491/fotod75.exe http://77.91.68.30/DSC01491/foto164.exe http://77.91.68.30/music/rock/Plugins/clip64.dll - rule_id: 34102
|
2
83.97.73.129 - mailcious 77.91.68.30 - malware
|
11
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request
|
3
http://77.91.68.30/music/rock/Plugins/cred64.dll http://77.91.68.30/music/rock/index.php http://77.91.68.30/music/rock/Plugins/clip64.dll
|
17.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
107 |
2023-06-08 14:02
|
photo250.exe e53eb222dce17efcdcac2c00cacb6c45 RedLine stealer[m] Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.30/music/rock/index.php - rule_id: 34087 http://77.91.68.30/music/rock/Plugins/cred64.dll - rule_id: 34101 http://77.91.68.30/music/rock/Plugins/clip64.dll - rule_id: 34102
|
2
83.97.73.129 - mailcious 77.91.68.30 - malware
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.30/music/rock/index.php http://77.91.68.30/music/rock/Plugins/cred64.dll http://77.91.68.30/music/rock/Plugins/clip64.dll
|
20.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
108 |
2023-06-08 14:00
|
photo250.exe cf66c33d6331c8d39b8058b46d59c108 RedLine stealer[m] Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.30/music/rock/index.php - rule_id: 34087 http://77.91.68.30/music/rock/Plugins/cred64.dll - rule_id: 34101 http://77.91.68.30/music/rock/Plugins/clip64.dll - rule_id: 34102
|
2
77.91.68.30 - malware 83.97.73.129 - mailcious
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.30/music/rock/index.php http://77.91.68.30/music/rock/Plugins/cred64.dll http://77.91.68.30/music/rock/Plugins/clip64.dll
|
20.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
109 |
2023-06-08 09:28
|
main.exe d24e233cbed550a67e8d56f88632a869 Gen1 Emotet Generic Malware UPX Malicious Library Antivirus CAB PE64 PE File PDB Check memory unpack itself WriteConsoleW Windows Remote Code Execution Cryptographic key |
|
|
|
|
1.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
110 |
2023-06-08 09:08
|
fotod25.exe 16a7613fd06e8be30c74a2392a78fcd4 RedLine stealer[m] Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.30/music/rock/index.php http://77.91.68.30/music/rock/Plugins/cred64.dll http://77.91.68.30/music/rock/Plugins/clip64.dll
|
2
77.91.68.30 - malware 83.97.73.129
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
22.0 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
111 |
2023-06-08 09:07
|
foto124.exe 36be93fe994c73fdac44e390bacda2dd RedLine stealer[m] Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
5
http://77.91.68.30/music/rock/index.php
http://77.91.68.30/DSC01491/foto124.exe
http://77.91.68.30/DSC01491/fotod25.exe
http://77.91.68.30/music/rock/Plugins/cred64.dll
http://77.91.68.30/music/rock/Plugins/clip64.dll
|
2
83.97.73.129
77.91.68.30 - malware
|
11
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request
|
|
22.4 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
112 |
2023-06-04 17:45
|
foto124.exe 5179b8f5f0a4a2c88c1c9ab074f50e60 Redline Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725 http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724 http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware 83.97.73.126 - malware
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll http://77.91.68.62/wings/game/Plugins/cred64.dll http://77.91.68.62/wings/game/index.php
|
14.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
113 |
2023-06-04 17:37
|
fotod25.exe 001ba557c3a6837ac5635bbf859ed645 Redline Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
5
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725 http://77.91.68.62/DSC01491/foto124.exe http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724 http://77.91.68.62/wings/game/index.php - rule_id: 33726 http://77.91.68.62/DSC01491/fotod25.exe
|
2
77.91.68.62 - malware 83.97.73.126 - malware
|
11
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll http://77.91.68.62/wings/game/Plugins/cred64.dll http://77.91.68.62/wings/game/index.php
|
14.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
114 |
2023-06-04 17:37
|
foto124.exe 1b28062bf3a3a5e2e681649e4a0d22dc Redline Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725 http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724 http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware 83.97.73.126 - malware
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll http://77.91.68.62/wings/game/Plugins/cred64.dll http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
115 |
2023-05-31 22:22
|
photo430.exe b6ed4cad3e59dbf00df04523cfc39466 Redline Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
5
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725 http://77.91.68.62/DSC01491/fotocr06.exe - rule_id: 33774 http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724 http://77.91.68.62/wings/game/index.php - rule_id: 33726 http://77.91.68.62/DSC01491/foto148.exe - rule_id: 33773
|
2
77.91.68.62 - malware 83.97.73.127 - mailcious
|
11
ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET INFO Executable Download from dotted-quad Host ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request
|
5
http://77.91.68.62/wings/game/Plugins/clip64.dll http://77.91.68.62/DSC01491/fotocr06.exe http://77.91.68.62/wings/game/Plugins/cred64.dll http://77.91.68.62/wings/game/index.php http://77.91.68.62/DSC01491/foto148.exe
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
116 |
2023-05-30 13:41
|
06777499.exe 6392f9473488585adf633a7fde82f28b Redline Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Ransomware Lumma Stealer Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed |
5
http://95.214.27.98/lend/kds7uq5kknv.exe http://95.214.27.98/cronus/Plugins/cred64.dll http://95.214.27.98/cronus/index.php - rule_id: 33802 http://95.214.27.98/cronus/index.php http://185.99.133.246/c2sock - rule_id: 33485
|
3
83.97.73.127 - mailcious 95.214.27.98 - malware 185.99.133.246 - mailcious
|
14
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request SURICATA HTTP unable to match response to request
|
2
http://95.214.27.98/cronus/index.php http://185.99.133.246/c2sock
|
22.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
117 |
2023-05-30 09:56
|
foto148.exe bd83774449462adfb38deec655db2d53 Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725 http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724 http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware 83.97.73.127 - mailcious
|
10
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll http://77.91.68.62/wings/game/Plugins/cred64.dll http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
118 |
2023-05-30 09:54
|
fotocr06.exe 990c304a94d6c1421a36461c0b6bee0d Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725 http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724 http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware 83.97.73.127 - mailcious
|
10
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll http://77.91.68.62/wings/game/Plugins/cred64.dll http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
119 |
2023-05-30 09:52
|
fotocr06.exe 990c304a94d6c1421a36461c0b6bee0d Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725 http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724 http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware 83.97.73.127
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll http://77.91.68.62/wings/game/Plugins/cred64.dll http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
120 |
2023-05-30 09:52
|
foto148.exe bd83774449462adfb38deec655db2d53 Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.62/wings/game/Plugins/clip64.dll - rule_id: 33725 http://77.91.68.62/wings/game/Plugins/cred64.dll - rule_id: 33724 http://77.91.68.62/wings/game/index.php - rule_id: 33726
|
2
77.91.68.62 - malware 83.97.73.127
|
9
ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.62/wings/game/Plugins/clip64.dll http://77.91.68.62/wings/game/Plugins/cred64.dll http://77.91.68.62/wings/game/index.php
|
13.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|