| 1651 |
2025-03-08 12:42
|
 yUI6F6C.exe a62fe491673f0de54e959defbfebd0dd
Themida UPX Anti_VM PE File PE32 VirusTotal Malware Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows DNS crashed |
|
1
|
|
|
6.0 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1652 |
2025-03-08 12:42
|
 851ed480-459a-4e09-83d2-9ce8a0... 12f5c72ed46b4730a3019053bf5cc206
ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself crashed |
|
|
|
|
7.6 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1653 |
2025-03-08 12:41
|
 b1ffae7f-0320-454d-be08-58ace9... 657d75be7f740e2dbbd6a6f0d7e9de58
njRAT backdoor Generic Malware Malicious Library Antivirus UPX PE File MSOffice File CAB PE32 OS Processor Check OS Name Check DLL VirusTotal Malware PDB suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check human activity check Windows ComputerName RCE DNS Cryptographic key crashed |
|
3
prof.innocreed.com(45.83.31.35)
45.33.6.223
45.83.31.35
|
|
|
6.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1654 |
2025-03-08 12:40
|
 debd1d6d-b47e-4404-a91b-71d482... 857dd215dcf687086dc512e0002e6152
Malicious Library .NET framework(MSIL) ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself crashed |
|
|
|
|
8.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1655 |
2025-03-08 12:39
|
 emma.ps1 74ea4fd17754c1068f111d46d2fce4fa
Hide_EXE Generic Malware Antivirus Confuser .NET UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself powershell.exe wrote AppData folder Windows Browser DNS Cryptographic key |
15
http://www.sqlite.org/2018/sqlite-dll-win32-x86-3260000.zip
http://www.ddvids.xyz/woo9/
http://www.iighpb.bid/5d1n/
http://www.sbrqmu.info/i883/?Bn4uPG=huU73JBtu3QyRUSva8mlc4VM62Ko0Xc2M3iXbmGsv5OJILTOM0eREVkX+jSCcFjglKBhrhOcOpoUYzGu15X9RjKkbHF88msUhX/mnpDKTKXKLLfW9eyFo/HeGZ1M8hO+4DNCATo=&Vcwj=4aAc
http://www.ganjubaspepe.shop/xuh3/?Bn4uPG=IaEP9l0bvW2FY56Ja/vGWov3+eLbumgWWdgQ6YQDxSUuegQZjPsgg8yUWW0L3fr7l0MrDhbdM2OVgc0I1OJs7eJnFzzLLchM9iy+w2WbZhy1Q4TzF2nv9eEICoF+EmBgA1JBu4o=&Vcwj=4aAc
http://www.sbrqmu.info/i883/
http://www.topanked.top/0fhi/?Bn4uPG=cCXyyk4J5faVFTox+ER0RAjK1Z9ezHk0lrOwdAeOPfQPZof5UExjSf5+z32UEGUY2RvHxIeZh84xexKPhP2Wt9YWBTosPSkYAOuNjmbEy7eZW95sQnWGsLl87K/ZMBw5C9s6Sjc=&Vcwj=4aAc
http://www.plantgarden.xyz/3rf3/?Bn4uPG=nNUOoQlab+bdBqfuF+khALVUmeMsKjb1j1cb6IBU0Mic4iHAvAavjlwQZEQKzKLkbLx3n7hvBl/yAWvUQCwMI1dSgzZsdafbf7kznb0lQcEsOg1IUYT4FfKxQOMPq88fudV2Kok=&Vcwj=4aAc
http://www.topanked.top/0fhi/
http://www.ddvids.xyz/woo9/?Bn4uPG=Ctp2Csd8snwCAAuq+RhIGc8y73rjA79cYY9yf3pDFf9BGTycD8yIDUQcrIec3wCe/NdFl1LxRqJjhC0a3XbgS+5O7jounWyTbnXMDRi3is3s3Eh62gnvfSw2GphUSSZx+6/bYAk=&Vcwj=4aAc
http://www.plantgarden.xyz/3rf3/
http://www.memelending.xyz/akvb/
http://www.ganjubaspepe.shop/xuh3/
http://www.iighpb.bid/5d1n/?Bn4uPG=jh47ZkWe3pMLesNqQxfZnWcYZ42BfePGwJQBvqmjJc844U6cN8Ak4K3ulvzfn6lddo6S72gjxf7EodEqFRvd5fa+7Ski0xAnnVoh+cas+na3D3OiP6NDxLmvcInSsfLuZB1qyXo=&Vcwj=4aAc
http://www.memelending.xyz/akvb/?Bn4uPG=etUAwxxBsZH+778s54dWVVdYnxhpoHiG3WmQ7Xy2Jez6gkEbSSV1pnV2OkCedoCpOo91hQ5SDOX5jJoDXCCe3V8zXEVYkf5aO2mlGjtwmr2v3LCnrmqkVFJBk7wXFV2Y3Jrzzzg=&Vcwj=4aAc
|
15
www.ganjubaspepe.shop(37.220.85.148)
www.ddvids.xyz(13.248.169.48) - mailcious
www.memelending.xyz(76.223.54.146)
www.sbrqmu.info(47.83.1.90)
www.topanked.top(66.29.149.46)
www.plantgarden.xyz(15.197.129.158)
www.iighpb.bid(168.206.158.193)
37.220.85.148
76.223.54.146 - mailcious
47.83.1.90 - mailcious
66.29.149.46 - mailcious
168.206.158.193
13.248.169.48 - mailcious
45.33.6.223
15.197.129.158
|
3
ET MALWARE FormBook CnC Checkin (GET) M5
ET INFO HTTP Request to a *.top domain
ET DNS Query to a *.top domain - Likely Hostile
|
|
12.6 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1656 |
2025-03-08 12:38
|
 mainstl.exe 8dff9447ed7aaf297a0bec24a946074a
UPX PE File PE64 VirusTotal Malware |
|
|
|
|
1.8 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1657 |
2025-03-08 12:38
|
 download.php 4677605b34f1e7f4b7c691bd1fddb6a3
Amadey Emotet Gen1 Generic Malware Themida Malicious Library UPX Malicious Packer Antivirus Anti_VM PE File CAB PE32 PE64 DLL OS Processor Check MZP Format .NET EXE Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Cryptocurrency wallets Cryptocurrency powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization VM Disk Size Check installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName RCE DNS Cryptographic key Software crashed plugin |
16
http://45.93.20.28/c66c0eade263c9a8/freebl3.dll
http://176.113.115.7/files/7853925217/ogfNbjS.ps1
http://45.93.20.28/c66c0eade263c9a8/vcruntime140.dll
http://185.215.113.209/Di0Her478/index.php - rule_id: 43900
http://45.93.20.28/85a1cacf11314eb8.php
http://185.125.50.8/mVsXkjvb3/Plugins/clip64.dll
http://45.93.20.28/c66c0eade263c9a8/msvcp140.dll
http://176.113.115.6/Ni9kiput/index.php - rule_id: 44102
http://45.93.20.28/
http://185.125.50.8/mVsXkjvb3/Plugins/cred64.dll
http://45.93.20.28/c66c0eade263c9a8/mozglue.dll
http://176.113.115.7/files/2043702969/9zQZD2e.exe
http://45.93.20.28/c66c0eade263c9a8/sqlite3.dll
http://45.93.20.28/c66c0eade263c9a8/nss3.dll
http://185.125.50.8/mVsXkjvb3/index.php
http://45.93.20.28/c66c0eade263c9a8/softokn3.dll
|
10
github.com(20.200.245.247) - mailcious
176.113.115.7 - malware
176.113.115.6 - mailcious
45.93.20.28 - malware
185.215.113.16 - mailcious
185.125.50.8
185.215.113.209 - malware
45.33.6.223
20.200.245.247 - malware
185.215.113.97 - malware
|
23
ET DROP Spamhaus DROP Listed Traffic Inbound group 4
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET INFO Executable Download from dotted-quad Host
ET MALWARE Win32/Stealc Submitting System Information to C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
ET INFO Packed Executable Download
ET INFO PS1 Powershell File Request
ET DROP Spamhaus DROP Listed Traffic Inbound group 31
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
2
http://185.215.113.209/Di0Her478/index.php
http://176.113.115.6/Ni9kiput/index.php
|
23.0 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1658 |
2025-03-08 12:37
|
 dedf7120-f20b-4374-92ed-c79456... 032f2e9ef6b95a08483283d3901e25b4
Malicious Packer UPX PE File PE64 VirusTotal Malware |
|
|
|
|
2.0 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1659 |
2025-03-08 12:35
|
 5696bb60-a41f-456f-91c2-d3d7d4... 788adde317e507ad98de555656fa477c
ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself crashed |
|
|
|
|
8.6 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1660 |
2025-03-08 12:34
|
 files.exe 06ee2174e93d7559b745655790d2d060
Browser Login Data Stealer Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1661 |
2025-03-08 12:33
|
 we.exe 918f83cd6d935bd729990142f8e276e0
XWorm Hide_EXE WebCam Antivirus UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check .NET DLL VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Windows utilities AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName DNS Cryptographic key |
|
5
176.113.115.7 - malware
176.113.115.6 - mailcious
185.215.113.209 - malware
185.215.113.16 - mailcious
185.125.50.8
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 31
|
|
13.8 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1662 |
2025-03-08 12:32
|
 xmrig.exe 4e3c42b8c1558d124457f36cd2870274
PE File PE64 VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1663 |
2025-03-08 12:31
|
 dressman.exe 3e4a1eeea0b92fbe4d53fb0cc057a48b
Generic Malware Malicious Library UPX PE File PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS |
13
http://www.iighpb.bid/5d1n/?HURm=jh47ZkWe3pMLesNqQxfZnWcYZ42BfePGwJQBvqmjJc844U6cN8Ak4K3ulvzfn6lddo6S72gjxf7EodEqFRvd5fa+7Ski0xAnnVoh+cas+na3D3OiP6NDxLmvcInSsfLuZB1qyXo=&Ns-H=ldGxzsoTk
http://www.ganjubaspepe.shop/xuh3/?HURm=IaEP9l0bvW2FY56Ja/vGWov3+eLbumgWWdgQ6YQDxSUuegQZjPsgg8yUWW0L3fr7l0MrDhbdM2OVgc0I1OJs7eJnFzzLLchM9iy+w2WbZhy1Q4TzF2nv9eEICoF+EmBgA1JBu4o=&Ns-H=ldGxzsoTk
http://www.sbrqmu.info/i883/
http://www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
http://www.topanked.top/0fhi/?HURm=cCXyyk4J5faVFTox+ER0RAjK1Z9ezHk0lrOwdAeOPfQPZof5UExjSf5+z32UEGUY2RvHxIeZh84xexKPhP2Wt9YWBTosPSkYAOuNjmbEy7eZW95sQnWGsLl87K/ZMBw5C9s6Sjc=&Ns-H=ldGxzsoTk
http://www.topanked.top/0fhi/
http://www.ddvids.xyz/woo9/
http://www.ddvids.xyz/woo9/?HURm=Ctp2Csd8snwCAAuq+RhIGc8y73rjA79cYY9yf3pDFf9BGTycD8yIDUQcrIec3wCe/NdFl1LxRqJjhC0a3XbgS+5O7jounWyTbnXMDRi3is3s3Eh62gnvfSw2GphUSSZx+6/bYAk=&Ns-H=ldGxzsoTk
http://www.memelending.xyz/akvb/
http://www.ganjubaspepe.shop/xuh3/
http://www.sbrqmu.info/i883/?HURm=huU73JBtu3QyRUSva8mlc4VM62Ko0Xc2M3iXbmGsv5OJILTOM0eREVkX+jSCcFjglKBhrhOcOpoUYzGu15X9RjKkbHF88msUhX/mnpDKTKXKLLfW9eyFo/HeGZ1M8hO+4DNCATo=&Ns-H=ldGxzsoTk
http://www.iighpb.bid/5d1n/
http://www.memelending.xyz/akvb/?HURm=etUAwxxBsZH+778s54dWVVdYnxhpoHiG3WmQ7Xy2Jez6gkEbSSV1pnV2OkCedoCpOo91hQ5SDOX5jJoDXCCe3V8zXEVYkf5aO2mlGjtwmr2v3LCnrmqkVFJBk7wXFV2Y3Jrzzzg=&Ns-H=ldGxzsoTk
|
12
www.ganjubaspepe.shop(37.220.85.148)
www.ddvids.xyz(13.248.169.48) - mailcious
www.memelending.xyz(76.223.54.146)
www.sbrqmu.info(47.83.1.90)
www.topanked.top(66.29.149.46)
www.iighpb.bid(168.206.158.193)
37.220.85.148
47.83.1.90 - mailcious
66.29.149.46 - mailcious
168.206.158.193
13.248.169.48 - mailcious
45.33.6.223
|
3
ET MALWARE FormBook CnC Checkin (GET) M5
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
|
|
5.4 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1664 |
2025-03-08 12:29
|
 9458c927-c102-44e9-bc9f-9c3b4e... 130c3af60db25755ec1c7f19f924885d
PE File PE64 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself |
|
|
|
|
2.0 |
M |
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1665 |
2025-03-08 12:29
|
 PQkVDtx.exe 6575f782073ab4fd19e7df1c5e2a73be
Malicious Library Antivirus UPX Anti_VM PE File PE64 OS Processor Check VirusTotal Malware PDB Checks debugger |
|
|
|
|
1.2 |
M |
29 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|