| 1 |
2024-09-17 13:33
|
 ZZ.exe aa4aca6b0973b169a4242718f04d9c54
Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check ENERGETIC BEAR VirusTotal Malware Windows DNS DDNS keylogger |
|
2
sungito2.ddns.net(154.216.19.222) - mailcious
154.216.19.222 - mailcious
|
2
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET DROP Spamhaus DROP Listed Traffic Inbound group 24
|
|
4.4 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
2024-09-08 10:49
|
 RNOLL.txt.exe ec6ab34d1735320d12edba8b85825e52
Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
ugnrv.duckdns.org(192.3.101.254)
178.237.33.50
192.3.101.254
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
9.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
2024-09-08 10:46
|
 WERFFG.txt.exe 432ea49d6aeb2594b6a554bbba941f92
Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Browser Email ComputerName DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
dremom2.duckdns.org(45.89.247.65)
178.237.33.50
45.89.247.65
|
4
ET DROP Spamhaus DROP Listed Traffic Inbound group 4
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
9.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
2024-09-02 10:22
|
 jhg.exe b21e324a39b4279504b10fee217239d3
Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Windows DNS |
|
1
|
|
|
4.6 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
2024-08-24 19:05
|
 rword.txt.exe e93b549ac1147b884fe1093ac5d32705
Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory DNS |
1
http://geoplugin.net/json.gp
|
3
geoplugin.net(178.237.33.50)
178.237.33.50
23.227.193.34 - mailcious
|
1
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
3.0 |
|
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
2024-07-30 10:05
|
 HRD.txt.exe 437b017eb2cc7db4677091a38116e7bb
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted ICMP traffic unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
wemberdag.duckdns.org(103.186.116.99)
103.186.116.99
178.237.33.50
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
12.4 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
2024-07-30 10:05
|
 SRV.txt.vbs 558ec1566a5e96df14e34f69c20423f1
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory DNS DDNS |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
juiololo.duckdns.org()
178.237.33.50
45.66.231.190
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
2.8 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8 |
2024-07-30 09:45
|
 BEN.txt.exe 550a8fd698db084dde7fd1878981a9a8
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
tochisglobal.ddns.net(103.253.17.222)
178.237.33.50
103.253.17.222
|
2
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
3.8 |
|
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
2024-07-29 17:00
|
 respaldo.txt.exe 1568abb08de05c87e94ce4f639a05636
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
wwwwwwwwww.duckdns.org(152.201.163.76)
152.201.163.76
178.237.33.50
|
4
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET MALWARE Remcos 3.x Unencrypted Checkin
ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
3.8 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
2024-07-27 15:07
|
 LMTS.txt.exe 3ad8cb387874a15488508bf269fd2520
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX Antivirus ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download Remcos VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS keylogger |
1
http://geoplugin.net/json.gp
|
8
geoplugin.net(178.237.33.50)
asociatiatraditiimaria.ro(93.113.54.56) - mailcious
iwarsut775laudrye2.duckdns.org(192.253.251.227)
new.quranushaiqer.org.sa(34.166.62.190) - mailcious
192.253.251.227
178.237.33.50
93.113.54.56 - mailcious
34.166.62.190
|
7
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
SURICATA TLS invalid record type
SURICATA TLS invalid record/traffic
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Remcos 3.x Unencrypted Checkin
ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
18.4 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
2024-07-27 15:03
|
 HNBC.txt.exe 2b985c758a227407855e1d8e14f8863d
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
maveing.duckdns.org(192.3.101.142)
178.237.33.50
192.3.101.142 - malware
|
3
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
11.4 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
2024-07-20 20:08
|
 ZHHR.txt.exe fa702e456caa471e2b07df76d37de539
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
www.vandashproject.site(103.161.133.243)
178.237.33.50
103.161.133.243
|
2
ET MALWARE Remcos 3.x Unencrypted Checkin
ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
3.4 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13 |
2024-07-19 13:04
|
 dew.txt.exe fa105fc59f412384d0209ea62e257305
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory Windows keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
swre.remwavesw.com(141.98.10.11)
141.98.10.11 - malware
178.237.33.50
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 22
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
3.4 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
2024-07-12 15:55
|
 RGBC.txt.exe 80f5b85ee5d79f166a66a2318e06cd3d
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
sembe.duckdns.org(194.187.251.115) - mailcious
178.237.33.50
194.187.251.115 - mailcious
|
3
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
|
|
3.8 |
|
67 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
2024-07-12 09:45
|
 R28JUNIOSOST.txt.exe 75d689afb9d588ba45169a8cf4134972
Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Malware download Remcos VirusTotal Malware Malicious Traffic Check memory Windows DNS DDNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
newssssssssssssss.duckdns.org(152.201.191.104)
152.201.191.104
178.237.33.50
|
4
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET MALWARE Remcos 3.x Unencrypted Checkin
ET MALWARE Remcos 3.x Unencrypted Server Response
|
|
3.8 |
|
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|