1 |
2024-09-17 13:33
|
ZZ.exe aa4aca6b0973b169a4242718f04d9c54 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check ENERGETIC BEAR VirusTotal Malware Windows DNS DDNS keylogger |
|
2
sungito2.ddns.net(154.216.19.222) - mailcious 154.216.19.222 - mailcious
|
2
ET POLICY DNS Query to DynDNS Domain *.ddns .net ET DROP Spamhaus DROP Listed Traffic Inbound group 24
|
|
4.4 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
2024-09-08 10:49
|
RNOLL.txt.exe ec6ab34d1735320d12edba8b85825e52 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) ugnrv.duckdns.org(192.3.101.254) 178.237.33.50 192.3.101.254
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
9.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
2024-09-08 10:46
|
WERFFG.txt.exe 432ea49d6aeb2594b6a554bbba941f92 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) dremom2.duckdns.org(45.89.247.65) 178.237.33.50 45.89.247.65
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 4 ET JA3 Hash - Remcos 3.x/4.x TLS Connection ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
2024-09-02 10:22
|
jhg.exe b21e324a39b4279504b10fee217239d3 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Windows DNS |
|
1
|
|
|
4.6 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
2024-08-24 19:05
|
rword.txt.exe e93b549ac1147b884fe1093ac5d32705 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory DNS |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50) 178.237.33.50 23.227.193.34 - mailcious
|
1
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
3.0 |
|
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6 |
2024-07-30 10:05
|
HRD.txt.exe 437b017eb2cc7db4677091a38116e7bb Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) wemberdag.duckdns.org(103.186.116.99) 103.186.116.99 178.237.33.50
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
12.4 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7 |
2024-07-30 10:05
|
SRV.txt.vbs 558ec1566a5e96df14e34f69c20423f1 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) juiololo.duckdns.org() 178.237.33.50 45.66.231.190
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
2.8 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
2024-07-30 09:45
|
BEN.txt.exe 550a8fd698db084dde7fd1878981a9a8 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) tochisglobal.ddns.net(103.253.17.222) 178.237.33.50 103.253.17.222
|
2
ET POLICY DNS Query to DynDNS Domain *.ddns .net ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
3.8 |
|
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
2024-07-29 17:00
|
respaldo.txt.exe 1568abb08de05c87e94ce4f639a05636 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) wwwwwwwwww.duckdns.org(152.201.163.76) 152.201.163.76 178.237.33.50
|
4
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET MALWARE Remcos 3.x Unencrypted Checkin ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
3.8 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10 |
2024-07-27 15:07
|
LMTS.txt.exe 3ad8cb387874a15488508bf269fd2520 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX Antivirus ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS keylogger |
1
http://geoplugin.net/json.gp
|
8
geoplugin.net(178.237.33.50) asociatiatraditiimaria.ro(93.113.54.56) - mailcious iwarsut775laudrye2.duckdns.org(192.253.251.227) new.quranushaiqer.org.sa(34.166.62.190) - mailcious 192.253.251.227 178.237.33.50 93.113.54.56 - mailcious 34.166.62.190
|
7
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Remcos 3.x Unencrypted Checkin ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
18.4 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
11 |
2024-07-27 15:03
|
HNBC.txt.exe 2b985c758a227407855e1d8e14f8863d Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) maveing.duckdns.org(192.3.101.142) 178.237.33.50 192.3.101.142 - malware
|
3
ET JA3 Hash - Remcos 3.x/4.x TLS Connection ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
11.4 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
2024-07-20 20:08
|
ZHHR.txt.exe fa702e456caa471e2b07df76d37de539 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) www.vandashproject.site(103.161.133.243) 178.237.33.50 103.161.133.243
|
2
ET MALWARE Remcos 3.x Unencrypted Checkin ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
3.4 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
13 |
2024-07-19 13:04
|
dew.txt.exe fa105fc59f412384d0209ea62e257305 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory Windows keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) swre.remwavesw.com(141.98.10.11) 141.98.10.11 - malware 178.237.33.50
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 22 ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
3.4 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14 |
2024-07-12 15:55
|
RGBC.txt.exe 80f5b85ee5d79f166a66a2318e06cd3d Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) sembe.duckdns.org(194.187.251.115) - mailcious 178.237.33.50 194.187.251.115 - mailcious
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
3.8 |
|
67 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
15 |
2024-07-12 09:45
|
R28JUNIOSOST.txt.exe 75d689afb9d588ba45169a8cf4134972 Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50) newssssssssssssss.duckdns.org(152.201.191.104) 152.201.191.104 178.237.33.50
|
4
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain ET INFO DYNAMIC_DNS Query to *.duckdns. Domain ET MALWARE Remcos 3.x Unencrypted Checkin ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
3.8 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|