196 |
2024-09-12 13:00
|
vgew.exe f33b34d0de9bb27980bc99ea468c1181 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
1
https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498
|
6
t.me(149.154.167.99) - mailcious steamcommunity.com(104.74.170.104) - mailcious 149.154.167.99 - mailcious 104.76.74.15 116.202.183.159 45.33.6.223
|
3
ET INFO TLS Handshake Failure ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://steamcommunity.com/profiles/76561199768374681
|
16.8 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
197 |
2024-09-12 13:00
|
vtrwh12.exe d264213f54193475ffd0301f7d92639f Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
1
https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498
|
6
t.me(149.154.167.99) - mailcious steamcommunity.com(104.74.170.104) - mailcious 149.154.167.99 - mailcious 147.45.126.10 - mailcious 104.76.74.15 116.202.183.159
|
3
ET INFO TLS Handshake Failure ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://steamcommunity.com/profiles/76561199768374681
|
17.0 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
198 |
2024-09-12 12:58
|
svc.exe ae6112b72845c6a495561783ac5eeffd Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Windows Remote Code Execution |
|
|
|
|
3.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
199 |
2024-09-12 12:58
|
avoufshire.exe 0ffee13ff36c1cd606d032450deb5ac1 Suspicious_Script_Bin Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName |
|
|
|
|
6.2 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
200 |
2024-09-12 12:57
|
bin.exe 95c51c6dc018281130ce62629f0ad475 Generic Malware Malicious Library UPX PE File PE32 DLL Browser Info Stealer VirusTotal Malware buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS |
16
http://www.zz82x.top/ym8o/ http://www.zz82x.top/ym8o/?2V=0oBut1yNYbWGPCBlgyv3pZVha+opv9VnbBTx5iLcdFvMwA802wT5+eN4s6JX6RPQYa1HVkeDIT7ul87fzWjyS3+9Bl5G+MuIzE/ROIZBkpIpmi83C/mWL5yyeDtdBV6PHeqsO2U=&5N=yBxsewvl1 http://www.lanxuanz.tech/em49/ http://www.coffee-and-blends.info/v35v/ http://www.mayawashfold.net/mtee/?2V=mIo06BHEAes+1ktXaBAtNGKqBpRmqRxWlUKS3fumHCh/F9Apz5MmL+0gaGFLr/u+11M8U18avNpkfr0bp21uUDjReIWSdbsSeAfUqf/zog6+kRphWsZifsnSv92p91nXivHnLMY=&5N=yBxsewvl1 http://www.wcm50.top/sok0/?2V=9nK66fHSoCGrYX5gaK/AO9t7tPQ5/QEti9hRjfn4Wr4e/FiQigglpcmZABT8bPLN/EEfVpiA5WrUcuyZtKi/BBJRI9fYI3SyqgQHC3eDkS3RCCCNVpOtSHUDKdaHP3QuqehRYy8=&5N=yBxsewvl1 http://www.mayawashfold.net/mtee/ http://www.lanxuanz.tech/em49/?2V=vV5RcTk6UjJnp8cFAK/SOuBjTCno8ikmF8l1hdm9JL6NOoivCUbMGww4nWsmekXmD/ydRpWe52eDtuCzDhpXjdrcsjftmH+l+fFtrvvEqEsdx0xgXMMdSTOC4EPGj+TD2I4a44E=&5N=yBxsewvl1 http://www.wcm50.top/sok0/ http://www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip http://www.withad.xyz/r0nv/?2V=MbxsL1z6NlMfyEEdZx/ZxPf8EiE8jFH+EotLfQicwl73p/l3IQxOGOCDPbvxx6J9DUF2ANV1DH6MzynBnTYcCPycA1shdY1mvpanTFbxObMy1SnsPVKhvAf5oxTVz0DK2AgMbQQ=&5N=yBxsewvl1 http://www.filelabel.info/2w7y/?2V=Lawv0YecSOnZdZmqngGcZvprhomfb4X9YfPVtq1IvWwToR7xRnuqxAjnf14Kb1P7OK3qF8y3rVlNPzF5bdVhlCUeYm2+7ddpSexImSbNaMK380N1MHIbJRhlUDS9sCT5SZ96r/0=&5N=yBxsewvl1 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.coffee-and-blends.info/v35v/?2V=QLykxYh4zvA0eVm8sHd9vJ7cm8Ocwd+aLw1iNOUTi/NZcFg0+k6SuajB+VDZEgWr7u3QxNH7fyl6o0+K3GiYVb/CpQQZmkLRlg6A/sXIMKu948ijpPl34Lh5vJIQLmsCgl/X2MY=&5N=yBxsewvl1 http://www.withad.xyz/r0nv/ http://www.filelabel.info/2w7y/
|
15
www.lanxuanz.tech(136.143.186.12) www.coffee-and-blends.info(217.160.0.231) www.withad.xyz(162.0.238.43) www.wcm50.top(154.23.184.60) www.zz82x.top(38.47.232.196) www.filelabel.info(15.197.148.33) www.mayawashfold.net(15.197.148.33) 38.47.232.196 15.197.148.33 - mailcious 217.160.0.231 - mailcious 3.33.130.190 - phishing 136.143.186.12 - mailcious 45.33.6.223 162.0.238.43 - mailcious 154.23.184.60 - mailcious
|
2
ET DNS Query to a *.top domain - Likely Hostile ET INFO HTTP Request to a *.top domain
|
|
5.4 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
201 |
2024-09-12 12:55
|
66e1db5a46161_cry.exe#kiscrypt... 032d49a1f22f5ec2d498fcf0f4076d91 Client SW User Data Stealer ftp Client info stealer Antivirus Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName |
|
|
|
|
8.4 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
202 |
2024-09-12 12:13
|
imjp14k.dll 4fa897798a9028ea4f8dad8f8da5dc63 Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
M |
53 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
203 |
2024-09-12 11:15
|
INF0_PAY_SCAN1ND_8403876378294... 825ccb1ffa07afa207ec10d5f9571d95 Lnk Format GIF Format VirusTotal Malware Creates shortcut unpack itself WriteConsoleW |
|
|
|
|
1.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
204 |
2024-09-12 11:14
|
1B0S_YS63093BVSA_URDSGA_pdf.ln... 825ccb1ffa07afa207ec10d5f9571d95 Lnk Format GIF Format VirusTotal Malware Creates shortcut unpack itself WriteConsoleW |
|
|
|
|
1.6 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
205 |
2024-09-11 17:47
|
jIML.txt.ps1 c96ca6878a5c726ddf6a75c35a1d84f4 Generic Malware Antivirus Anti_VM VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key |
|
|
|
|
1.6 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
206 |
2024-09-11 10:50
|
66e010f468498_otr.exe#kisotrme... faaf13f6a1dd574396fea7e084504150 RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Stealer DNS |
|
1
89.105.223.249 - mailcious
|
1
ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI)
|
|
2.4 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
207 |
2024-09-11 10:48
|
66df5745ca628_SETUP.exe 41acc938951854469f46ca6856927c22 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
2.2 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
208 |
2024-09-11 10:48
|
test1.hta 48c607b48c2f4dbacbed1c2d163ef7df Generic Malware Antivirus Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
5.6 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
209 |
2024-09-11 10:47
|
66dfd447dcd00_lyla.exe#lyla3 b36f21ca653ea179246c98cda2373879 Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 DLL Malware download VirusTotal Malware Malicious Traffic AppData folder suspicious TLD CryptBot DNS |
1
http://tventyv20pn.top/v1/upload.php
|
2
tventyv20pn.top(194.87.248.136) 194.87.248.136 - mailcious
|
3
ET DNS Query to a *.top domain - Likely Hostile ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 ET INFO HTTP Request to a *.top domain
|
|
3.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
210 |
2024-09-11 10:46
|
66e014584fcee_w2.exe#ww2metaki... d11952cce9c0e9a38a52fbf887e96681 RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Stealer DNS |
|
1
89.105.223.249 - mailcious
|
1
ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI)
|
|
2.0 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|