1921 |
2024-07-26 10:52
|
RoguePotato.exe 2dd755be5842e71b304d2fbff93eb2a3 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware DNS |
|
1
|
|
|
2.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1922 |
2024-07-26 10:51
|
25072023.exe a9a37926c6d3ab63e00b12760fae1e73 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
185.215.113.67 - mailcious
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
7.6 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1923 |
2024-07-26 10:50
|
5447jsX.exe 5dd9c1ffc4a95d8f1636ce53a5d99997 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1924 |
2024-07-26 10:49
|
industries.exe b77405e92a8557ab11d1d6ed25d6b390 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS |
13
http://www.coremagic.dev/rvsk/?MX7FkojV=Q6rrnvlrZTKYSle47xg6Y6OwSS9N0FqK+Mj9cH/UpKnUyMI1FWbgFk/FlNfWovow3hwVTGhvILolNNo3GNpr7hq9bWNUl6+SP6zUu/gjCFkqdjEUw+tJr6mTAbu4eV1uJ6YGGN8=&2Oj70=wymB9 http://www.balneo.shop/9kwt/?MX7FkojV=/fSY3QZdojWpNRWxwqctiQNAdxt1JuBXe68kaBTFsj+2jUSklURH6kjWh0GMyO+4mMP491VErEY7I0ob1VlJfdzB+SlT7K2iZIvlJJCUvillQoZjNNO9VKVTJ25PKBfJXbttaTY=&2Oj70=wymB9 http://www.butlay.website/u759/?MX7FkojV=MCukImoArEyLOTWqdQ1z2ePajSp2A5/BJZ6VTOICmOwJAgwJdKZCqOuSR5fILSmCknZcGV/72lN4bKl6niuzWckaU42fOjXxFvVyCgHozLVBKAJAIlIa8E7shRk9RybY7kmvMQk=&2Oj70=wymB9 http://www.hyattcreekoutpost.biz/sz4t/?MX7FkojV=PqYvDSUa5xpzdedq5tdpwiJC3gthoupmRjBzzJ3FbntVibPZI1/EKZl9s9hOn0Zmb9xaCSNsWJoSe51ux6SQqL8VwrNWtNbiyPi6OavNpFulETA7IisDPhWpDVcfmzCLy1FFmkA=&2Oj70=wymB9 http://www.mospos.top/q66s/?MX7FkojV=WxU+nNp+nJpz7Op4b6PDRlI6uXxtCFalh3oS6b0UMJSG3vkyp0IBCXywBW0+wHruShb13AiiEAiVUnW1+sH/RYwiBhm8QqKdAs/yfan11L/sTt125NYKX4Rdp1lkm/iDq+nnZa4=&2Oj70=wymB9 http://www.tepco-co.online/hkxp/?MX7FkojV=gPAUIlTRKA7qXOL1ZTlMStdeIysZD39Vk2/re0B3mS8rGAQ0GotM5sSvAkfRsadCl6ftFGx2rGJjUrcRh8RdozefQI8XmfbOp1GwBEXiGavuSYQFbTIXZtPOAEv8EMoS+0xwku0=&2Oj70=wymB9 http://www.sweatequitypac.org/raxq/?MX7FkojV=x7NDGsgoCWTIEJ1tNCkkA1f2sMsJkFt2/Kg/6Gal8l5Ws0UwXECJP572vAzACYdkP61pUsrmPyJQfMGcau4sPIxMO6OtXz5Fl6YkZsF6thbJOhJ/u+Iz2uLJY5XPwE+BFsUyCr8=&2Oj70=wymB9 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3280000.zip http://www.summitpublications.net/ra7c/?MX7FkojV=SvKeswTuzWazx34ZRwNYWOUL+4Qzi3RGXdHaFUpExCUZEgDUs1lV719mAF8EtsBn/AVD65QVQa8ibY4gFbZqCpH5b+leOD1Jj6HueKbZfx9J0tpKEMSaJYca0b0uZ3KvEkzLgBc=&2Oj70=wymB9 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.teandone.buzz/o6pn/?MX7FkojV=UJn6hLCr5CE83JGsiFr6F3dlh+gjmnQgpGSYIUWsdErR1O5ttgS2rCz/oa92Vy1JsAs4Vb0vhE186yqRppZqSaM6EjKfJ/MzG1s7XTw2DqO7xvMmiA2yEfwBZPs4V1K4aWoq150=&2Oj70=wymB9 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.summitpublications.net/ra7c/
|
21
www.hyattcreekoutpost.biz(15.197.148.33) www.sweatequitypac.org(15.197.148.33) www.balneo.shop(81.169.145.84) www.mospos.top(203.161.42.161) www.nswurology.store() www.teandone.buzz(104.21.5.210) www.unyiinnflcng.xyz() www.butlay.website(103.224.182.242) www.summitpublications.net(66.81.203.135) www.tepco-co.online(84.32.84.32) www.coremagic.dev(85.13.154.127) 15.197.148.33 - mailcious 85.13.154.127 84.32.84.32 - mailcious 172.67.133.217 3.33.130.190 - phishing 203.161.42.161 81.169.145.84 - mailcious 66.81.203.10 45.33.6.223 103.224.182.242 - phishing
|
4
ET DNS Query to a *.top domain - Likely Hostile ET INFO Observed DNS Query to .biz TLD ET INFO HTTP Request to a *.buzz domain ET INFO HTTP Request to a *.top domain
|
|
7.0 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1925 |
2024-07-26 10:48
|
RP.exe 3fc6176c962e7a70da7cc35fbdaf3fdc Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB MachineGuid |
|
|
|
|
2.0 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1926 |
2024-07-26 10:47
|
crypteda.exe 04e90b2cf273efb3f6895cfcef1e59ba Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.2 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1927 |
2024-07-26 10:46
|
RogueOxidResolver.exe 73446530325d8bdf09edd62d56e2e329 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1928 |
2024-07-26 10:45
|
crypted.exe 371d606aa2fcd2945d84a13e598da55f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
2.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1929 |
2024-07-26 10:44
|
4ck3rr.exe d6a034f75349665f43aa35dee0230379 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
7.2 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1930 |
2024-07-26 10:43
|
random.exe 25db2d5ac24b8e34330f8dd7882b6dd6 SystemBC Gen1 RedLine stealer RedlineStealer Generic Malware Downloader UPX Malicious Library Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder VMware anti-virtualization installed browsers check Tofsee Ransomware Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
11
http://185.215.113.16/inc/pered.exe http://185.215.113.16/inc/svhosts.exe http://185.215.113.16/inc/4ck3rr.exe http://185.215.113.16/inc/crypteda.exe http://185.215.113.16/Jo89Ku7d/index.php http://185.215.113.16/inc/crypted.exe http://185.215.113.16/inc/2020.exe http://185.215.113.16/inc/build.exe http://185.215.113.16/inc/gawdth.exe http://185.215.113.16/inc/5447jsX.exe http://185.215.113.16/inc/25072023.exe
|
6
coe.com.vn(103.28.36.182) - malware mkstat595.xyz() 103.28.36.182 - malware 185.215.113.67 - mailcious 185.215.113.16 - mailcious 38.180.203.208
|
16
ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET HUNTING Download Request Containing Suspicious Filename - Crypted SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Amadey Bot Activity (POST) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
|
|
19.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1931 |
2024-07-26 10:41
|
2023.exe a2348de3f84a433171df2f2d09b036aa Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB Checks debugger unpack itself crashed |
|
|
|
|
2.6 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1932 |
2024-07-26 10:41
|
FullPowers.exe aa75221e6e2b20a5719e221ea1c1ca77 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
0.6 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1933 |
2024-07-26 10:34
|
random.exe c225910168e4d400b52e9ee5106c8e7a RedLine stealer Generic Malware Downloader Malicious Library Malicious Packer UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Internet API FTP KeyLogger P2P Anti_VM AntiDebug Browser Info Stealer MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed |
|
3
crash-reports.mozilla.com(34.49.45.138) 185.215.113.16 - mailcious 34.49.45.138
|
2
ET DROP Spamhaus DROP Listed Traffic Inbound group 33 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1934 |
2024-07-26 10:28
|
chisel32.exe 7eae075c51e9bda629835d4b2815ee03 Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware WriteConsoleW crashed |
|
|
|
|
1.8 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1935 |
2024-07-26 10:28
|
random.exe d04ce1fea5d986c68c8570a9e73f01b6 Generic Malware Downloader Malicious Library UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS BitCoin Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName crashed |
|
2
crash-reports.mozilla.com(34.49.45.138) 34.49.45.138
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.6 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|