http://116.203.7.73/install.zip
http://zexeq.com/files/1/build3.exe - rule_id: 27913
http://zexeq.com/raud/get.php?pid=06280D9CD13939E9B7E95CDCAA6A83CC&first=true
http://116.203.7.73/
https://steamcommunity.com/profiles/76561199497218285
https://t.me/tg_duckworld

t.me(149.154.167.99) - mailcious
steamcommunity.com(23.198.103.114) - mailcious
api.2ip.ua(162.0.217.254)
colisumy.com(175.126.109.15) - malware
zexeq.com(95.158.162.200) - malware
149.154.167.99 - mailcious
95.158.162.200 - mailcious
184.26.243.205
162.0.217.254
116.203.7.73

ET POLICY External IP Address Lookup DNS Query (2ip .ua)
ET INFO TLS Handshake Failure
ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Observed Telegram Domain (t .me in TLS SNI)
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key
ET MALWARE Win32/Filecoder.STOP Variant Public Key Download
ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
ET MALWARE Win32/Vodkagats Loader Requesting Payload
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Dotted Quad Host ZIP Request

http://zexeq.com/files/1/build3.exe