| 1591 |
2025-03-26 11:19
|
 Niceevenbettergirllikeabutters... 63e23340c43a7f2d3f76897395ff0fac
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware VBScript Code Injection Check memory wscript.exe payload download Creates executable files RWX flags setting unpack itself suspicious process Tofsee DNS Dropper |
1
https://paste.ee/d/w7Xynk77/0
|
2
paste.ee(23.186.113.60) -
23.186.113.60 -
|
4
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1592 |
2025-03-26 11:19
|
 tK0oYx3.exe e3f8c373ee1990eecfc3a762e7f3bc3b
Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
2.0 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1593 |
2025-03-26 11:17
|
 newwelcomedrinkforentireteamme... b2a281c6190709fd809ee17a50ba114b
Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware VBScript Code Injection Check memory wscript.exe payload download Creates executable files RWX flags setting unpack itself suspicious process malicious URLs Tofsee DNS Dropper |
1
https://paste.ee/d/3bplPJvq/0
|
2
paste.ee(23.186.113.60) -
23.186.113.60 -
|
4
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
10.0 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1594 |
2025-03-26 11:16
|
 g354ff43hj67.exe a41636257412c033699c1a011ed43a33
Malicious Library UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed |
|
|
|
|
2.4 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1595 |
2025-03-26 11:15
|
 setup.exe baa233893561d2c4bbd4d2519909e5f6
Generic Malware Malicious Library Malicious Packer Antivirus UPX PE File CAB PE32 OS Processor Check VirusTotal Malware PDB Check memory unpack itself Check virtual network interfaces Tofsee Interception |
1
|
4
pub-c7b31ab9decd4a2684fcd9fc90862261.r2.dev(162.159.140.237) -
x1.i.lencr.org(23.52.33.11) -
23.41.113.98 -
172.66.0.235 -
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.8 |
|
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1596 |
2025-03-26 11:14
|
newwelcomedrinkforentireteamme... cdbad2902e626007c7f18da970cb588a
MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed |
1
http://217.154.55.185/450/newwelcomedrinkforentireteammemebers.hta?&border=tender
|
3
paste.ee(23.186.113.60) -
23.186.113.60 -
217.154.55.185 -
|
7
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee)
ET INFO TLS Handshake Failure
ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl
ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)
ET WEB_CLIENT Hex Obfuscation of Script Tag % Encoding
|
|
5.0 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1597 |
2025-03-26 11:13
|
 01.exe fd8a441c0c1f1f468aac1698c9518943
Generic Malware Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware |
|
|
|
|
1.0 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1598 |
2025-03-26 11:12
|
 cam.exe 7b6595a5fe71f1cd99118177cb4f156e
Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
0.8 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1599 |
2025-03-24 21:37
|
 W-1553916722.xlsb 82c18cbd86f03a752314840a80deeb80
Malicious Library ZIP Format Excel Binary Workbook file format(xlsb) VirusTotal Malware Check memory Creates executable files unpack itself suspicious process Tofsee |
3
https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
|
5
natalespatagonia.cl() - mailcious
maramaabroo.com(185.151.30.185) - mailcious
camarajocaclaudino.pb.gov.br(162.241.62.76) - mailcious
185.151.30.185
162.241.62.76 - mailcious
|
2
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.6 |
|
12 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1600 |
2025-03-24 21:34
|
 W-160957625.xlsb fdf2f291fa7b70ebea93d238db8aae1f
Malicious Library ZIP Format Excel Binary Workbook file format(xlsb) VirusTotal Malware Check memory Creates executable files unpack itself suspicious process Tofsee |
3
https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
|
5
natalespatagonia.cl() - mailcious
maramaabroo.com(185.151.30.185) - mailcious
camarajocaclaudino.pb.gov.br(162.241.62.76) - mailcious
185.151.30.185
162.241.62.76 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
4.0 |
|
33 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1601 |
2025-03-24 13:36
|
 zx4PJh6.exe 06b18d1d3a9f8d167e22020aeb066873
Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName |
|
|
|
|
8.0 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1602 |
2025-03-24 13:35
|
 advnrNo.exe 84408fe8f2675bd4b8eb6fae7dcaeffa
Themida UPX PE File PE32 VirusTotal Malware Telegram Malicious Traffic Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Tofsee Windows ComputerName DNS crashed |
2
https://steamcommunity.com/profiles/76561199832267488
https://t.me/g_etcontent
|
5
t.me(149.154.167.99) -
steamcommunity.com(104.76.74.15) -
149.154.167.99 -
104.76.74.15 -
95.216.179.65 -
|
3
ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1603 |
2025-03-24 12:10
|
 dsl.exe ca3c89c340a55b727fba1a1009cd0c0c
XWorm Generic Malware WebCam Malicious Library Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key |
|
|
|
|
11.0 |
|
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1604 |
2025-03-24 12:08
|
 1908.exe fd0339fe32254631736b257e1a35bdc7
Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName |
|
|
|
|
3.8 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1605 |
2025-03-24 12:06
|
 rclight.exe e6db118809d55b0a47b8c9c757b8a3bf
Browser Login Data Stealer Generic Malware Malicious Library Malicious Packer Downloader UPX PE File PE32 OS Processor Check VirusTotal Malware DNS DDNS |
|
2
httpss.myvnc.com(178.255.148.203) -
178.255.148.203 -
|
1
ET POLICY DNS Query to DynDNS Domain *.myvnc .com
|
|
3.2 |
|
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|