1 |
2024-12-24 15:05
|
AD.exe 877cefe82dcee5f8e9961f020a636b2b Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware Windows keylogger |
|
1
newstaticfreepoint24.ddns-ip.net(181.131.217.244)
|
|
|
2.2 |
|
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
2024-11-11 10:16
|
MARRON.exe 5640bcf1ea28494be59aecce64c242ad Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware Windows DNS DDNS DoTNet keylogger |
|
1
concilio399.strangled.net(181.141.40.225) -
|
1
ET INFO DYNAMIC_DNS Query to a *.strangled .net Domain
|
|
2.6 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
2024-11-11 09:47
|
remcos_a.exe 910327e1694532d09255bd8873c2265b Themida Malicious Packer Anti_VM PE File PE32 VirusTotal Malware Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows DNS DDNS crashed keylogger |
|
2
ms-office1.duckdns.org() - ms-office.duckdns.org(194.59.31.120) -
|
2
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
7.0 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
2024-10-21 13:53
|
file.exe 13095aaded59fb08db07ecf6bc2387ef Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Windows DNS DDNS |
|
1
liveos.zapto.org(194.26.192.138)
|
1
ET POLICY DNS Query to DynDNS Domain *.zapto .org
|
|
3.2 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
2024-10-21 13:48
|
DEF.exe 6520492a4e7f9bc4dfb068de1c7b6450 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Windows DNS DDNS |
|
1
liveos.zapto.org(194.26.192.138)
|
1
ET POLICY DNS Query to DynDNS Domain *.zapto .org
|
|
3.8 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6 |
2024-10-17 14:31
|
rundl.exe 0bc532538aea8f63c70ed009d4290c73 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.4 |
|
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7 |
2024-10-15 14:25
|
RRFCCE.txt.exe 57d3d8dd95d86ac35f4b428da9cc1e30 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check ICMP traffic Windows DNS DDNS keylogger |
|
2
idabo.duckdns.org() 135.148.195.248
|
2
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
3.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
2024-10-08 21:57
|
CCRNC.txt.exe 1a3fee38ced030e1751a309616c39202 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware DNS DDNS |
|
2
michelsrmccontrol.duckdns.org(107.175.130.20) 107.175.130.20
|
2
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
3.8 |
|
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
2024-09-17 13:33
|
ZZ.exe aa4aca6b0973b169a4242718f04d9c54 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check ENERGETIC BEAR VirusTotal Malware Windows DNS DDNS keylogger |
|
2
sungito2.ddns.net(154.216.19.222) - mailcious 154.216.19.222 - mailcious
|
2
ET POLICY DNS Query to DynDNS Domain *.ddns .net ET DROP Spamhaus DROP Listed Traffic Inbound group 24
|
|
4.4 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10 |
2024-09-08 10:49
|
RNOLL.txt.exe ec6ab34d1735320d12edba8b85825e52 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) ugnrv.duckdns.org(192.3.101.254) 178.237.33.50 192.3.101.254
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
9.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
11 |
2024-09-08 10:46
|
WERFFG.txt.exe 432ea49d6aeb2594b6a554bbba941f92 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) dremom2.duckdns.org(45.89.247.65) 178.237.33.50 45.89.247.65
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 4 ET JA3 Hash - Remcos 3.x/4.x TLS Connection ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
2024-09-02 10:22
|
jhg.exe b21e324a39b4279504b10fee217239d3 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Windows DNS |
|
1
|
|
|
4.6 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
13 |
2024-08-24 19:05
|
rword.txt.exe e93b549ac1147b884fe1093ac5d32705 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory DNS |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50) 178.237.33.50 23.227.193.34 - mailcious
|
1
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
3.0 |
|
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14 |
2024-07-30 10:05
|
HRD.txt.exe 437b017eb2cc7db4677091a38116e7bb Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) wemberdag.duckdns.org(103.186.116.99) 103.186.116.99 178.237.33.50
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
12.4 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
15 |
2024-07-30 10:05
|
SRV.txt.vbs 558ec1566a5e96df14e34f69c20423f1 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) juiololo.duckdns.org() 178.237.33.50 45.66.231.190
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
2.8 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|