| 2161 |
2025-02-07 14:20
|
 laserrr.exe 3c723a1f7fb2d94308da84750fc7a75c
Generic Malware Malicious Library UPX PE File PE64 PE32 DLL Browser Info Stealer VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder Windows Browser DNS |
7
http://www.l63339.xyz/vhr7/?8eahTb_=iaSfD1StI7hDT4qLO8uUiRMZCfzOjk7n7gYmLjmbAGxKTACTDmsojAseBTws2ae3nsJ7oX723eTW3ctEzpxpoAGWw5lYsZyjnFbtqE7RDBWvF3wnDTau3wgNIBcGnVL27k7EtEM=&00Dj=kNZ8XRK0WV
http://www.lucynoel6465.shop/jgkl/?8eahTb_=hI+cEEoDMRK5HtHm9IZKcVLqeO4rH3Lo+nuR9x41ri89hVkyLZ4bcwu1mex5brSMZV4GWavlrf0/NsblmXI4eKNzhD3LBC/4pVsqqx1rwhcrHMghz/r2elc8myKvxM7B12e/f+g=&00Dj=kNZ8XRK0WV
http://www.lucynoel6465.shop/jgkl/
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
http://www.tumbetgirislinki.fit/k566/
http://www.tumbetgirislinki.fit/k566/?8eahTb_=RARW43WNMKajmHobr0h+FYOVnPeo69WXvXreCHJ6fEp5jkldk9mcfHn6UnU82+9OdsowyVV8wlYPh4e4mYqP64YSjghMuBr0WoXV5avhz1caW9rj8asJcaLGlYzIq2qtHDCYWJw=&00Dj=kNZ8XRK0WV
http://www.l63339.xyz/vhr7/
|
10
www.l63339.xyz(162.218.30.235)
www.tumbetgirislinki.fit(104.21.16.1)
www.lucynoel6465.shop(104.21.32.1)
www.seasay.xyz(103.106.67.112)
162.218.30.235
104.21.16.1 - malware
45.33.6.223
103.106.67.112
104.21.48.1 - malware
87.120.120.56 - mailcious
|
7
ET DROP Spamhaus DROP Listed Traffic Inbound group 10
ET INFO Observed DNS Query to .fit TLD
ET INFO HTTP Request to Suspicious *.fit Domain
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
9.6 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2162 |
2025-02-07 14:18
|
 fxghx.dll 071769271b025452e9dcf3c67d0c92f8
Generic Malware Malicious Library PE File DLL PE64 DllRegisterServer dll VirusTotal Malware PDB RCE |
|
|
|
|
1.4 |
M |
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2163 |
2025-02-07 14:17
|
 stealc.exe d38779b089440ccd9ca6120468528940
Emotet Generic Malware Malicious Library WinRAR UPX ASPack PE File PE64 OS Processor Check DLL PE32 MZP Format ftp DllRegisterServer dll VirusTotal Malware PDB Creates executable files unpack itself AppData folder RCE |
|
|
|
|
3.2 |
M |
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2164 |
2025-02-07 14:15
|
 LinkedinTuVanDat.exe e00fac5836ce0e292228254b4f73cfa9
UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2165 |
2025-02-07 14:14
|
 pure.exe e1408abc6c49f68336e45550423f847e
PE File .NET EXE PE32 Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Ransomware Windows Browser ComputerName DNS Cryptographic key crashed |
|
1
|
|
|
7.6 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2166 |
2025-02-07 14:14
|
 GRAW.exe a53efb52f7208752b32f1bedf578c82c
Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName keylogger |
|
|
|
|
4.4 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2167 |
2025-02-07 11:44
|
 laser.exe da401fe564d861a209ff600633e4a845
Generic Malware Malicious Library UPX PE File PE32 DLL Browser Info Stealer VirusTotal Malware buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS |
11
http://www.kjuw.party/e0jv/?_skUVv5I=T5a+nPXa7vHYgORbmIzRnsYJn/5yKJpyja1Bw4L97U3J4ftOxLqNjjmK0MbXg0R7zOiA8ZTqxO8XWXqYcYfBl6po+rPbfzDYogoaVOnbbhZcGmBPmnt3DMj2ULUXFIgoaMg3MTM=&kV=_HhJ3VPSKQ7ESY
http://www.topitch.top/goj6/
http://www.tumbetgirislinki.fit/k566/?_skUVv5I=RARW43WNMKajmHobr0h+FYOVnPeo69WXvXreCHJ6fEp5jkldk9mcfHn6UnU82+9OdsowyVV8wlYPh4e4mYqP64YSjghMuBr0WoXV5avhz1caW9rj8asJcaLGlYzIq2qtHDCYWJw=&kV=_HhJ3VPSKQ7ESY
http://www.lucynoel6465.shop/jgkl/?_skUVv5I=hI+cEEoDMRK5HtHm9IZKcVLqeO4rH3Lo+nuR9x41ri89hVkyLZ4bcwu1mex5brSMZV4GWavlrf0/NsblmXI4eKNzhD3LBC/4pVsqqx1rwhcrHMghz/r2elc8myKvxM7B12e/f+g=&kV=_HhJ3VPSKQ7ESY
http://www.l63339.xyz/vhr7/?_skUVv5I=iaSfD1StI7hDT4qLO8uUiRMZCfzOjk7n7gYmLjmbAGxKTACTDmsojAseBTws2ae3nsJ7oX723eTW3ctEzpxpoAGWw5lYsZyjnFbtqE7RDBWvF3wnDTau3wgNIBcGnVL27k7EtEM=&kV=_HhJ3VPSKQ7ESY
http://www.topitch.top/goj6/?_skUVv5I=90Ns8gSHVfuKmwMvqoBDvov0x0TuRSc4CHvhiyRIaCFX9JzO3hXkGdLkIxbX7QQ8WI53tEhNGahKOUZIphRSegDcYcrC0WhrrPS45v/w4f2SjHeENV+PjA2DCpp4ca+uy9lGHYA=&kV=_HhJ3VPSKQ7ESY
http://www.lucynoel6465.shop/jgkl/
http://www.tumbetgirislinki.fit/k566/
http://www.l63339.xyz/vhr7/
http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
http://www.kjuw.party/e0jv/
|
14
www.l63339.xyz(162.218.30.235)
www.topitch.top(162.0.231.203)
www.kjuw.party(134.122.133.80)
www.seasay.xyz(103.106.67.112)
www.lucynoel6465.shop(104.21.80.1)
www.partflix.net(64.29.17.194)
www.tumbetgirislinki.fit(104.21.80.1)
162.218.30.235
66.33.60.66
134.122.135.48
104.21.112.1 - mailcious
45.33.6.223
162.0.231.203
103.106.67.112
|
4
ET INFO Observed DNS Query to .fit TLD
ET INFO HTTP Request to Suspicious *.fit Domain
ET INFO HTTP Request to a *.top domain
ET DNS Query to a *.top domain - Likely Hostile
|
|
7.2 |
|
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2168 |
2025-02-07 11:36
|
 svc.exe 4868a5a4c8e0ab56fa3be8469dd4bc75
Browser Login Data Stealer Gen1 Generic Malware Malicious Library UPX Downloader ASPack Anti_VM PE File PE64 OS Processor Check DLL ZIP Format PE32 JPEG Format Browser Info Stealer Emotet Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself AppData folder sandbox evasion Windows Browser ComputerName DNS crashed Downloader |
5
http://185.81.68.156/svcstealer/get.php - rule_id: 43701
http://185.81.68.156/tnk.exe
http://185.81.68.156/bin/bot.dll
http://185.81.68.156/zx.exe - rule_id: 43702
http://176.113.115.149/bin/bot.dll
|
2
176.113.115.149 -
185.81.68.156 - malware
|
9
ET DROP Spamhaus DROP Listed Traffic Inbound group 31
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Dotted Quad Host DLL Request
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging)
ET HUNTING Suspicious Windows Executable WriteProcessMemory
|
2
http://185.81.68.156/svcstealer/get.php
http://185.81.68.156/zx.exe
|
14.8 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2169 |
2025-02-07 11:31
|
settup.msi 29ed8e07799bcc8575e7f04f2ca87fc4
Generic Malware Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName DNS |
1
http://cwikwiiisuyqymso.xyz:443/api/client_hello
|
3
cwikwiiisuyqymso.xyz(92.118.10.45)
92.118.10.45 - mailcious
185.81.68.156 - malware
|
1
ET DROP Spamhaus DROP Listed Traffic Inbound group 31
|
|
3.0 |
|
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2170 |
2025-02-07 11:28
|
NetworkEmailBackupWizardContro... 06747921583febeeec0a2a66384a5d92
MSOffice File CAB suspicious privilege Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check ComputerName DNS |
|
2
45.95.233.253
94.130.53.50
|
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2171 |
2025-02-07 11:21
|
 host.exe 44b863fa5bd7e9c1743cf4d59f5b94c7
Malicious Library UPX PE File PE32 OS Processor Check |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2172 |
2025-02-06 10:11
|
 install.exe e1d10be0d41ba9e8dbad2a53876b3a00
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS |
|
15
gbg1.ntp.se(194.58.203.20) -
ntp.nict.jp(61.205.120.130) -
time.cloudflare.com(162.159.200.1) -
time-a-g.nist.gov(129.6.15.28) -
time.apple.com(17.253.114.35) -
ts1.aco.net(193.171.23.163) -
x.ns.gin.ntt.net(129.250.35.250) -
129.250.35.250 -
17.253.114.43 -
162.159.200.123 -
194.58.203.20 -
81.19.131.103 -
193.171.23.163 -
133.243.238.164 -
129.6.15.28 -
|
|
|
2.4 |
|
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2173 |
2025-02-06 10:09
|
 jrirkfiweid.exe 2049c2a57cf70a27ed25d1a851d55bc3
Vidar Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Telegram PDB Malicious Traffic Tofsee ComputerName DNS |
2
https://steamcommunity.com/profiles/76561199824159981 - rule_id: 43856
https://steamcommunity.com/profiles/76561199824159981
|
5
t.me(149.154.167.99) -
steamcommunity.com(104.75.33.105) -
104.75.33.105 -
149.154.167.99 -
95.217.25.45 -
|
3
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
1
https://steamcommunity.com/profiles/76561199824159981
|
4.4 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2174 |
2025-02-06 10:07
|
 savedecrypter.exe f3a55d642b29d5e6fc09d0cb3fbc7977
Malicious Library Malicious Packer PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS |
|
2
baranreis123.ddns.net() -
108.181.20.39 -
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
10.0 |
|
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2175 |
2025-02-06 10:04
|
 am.exe 59b40a406af1b307f204b246371db9bf
Generic Malware UPX PE File .NET EXE PE32 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder WriteConsoleW ComputerName DNS |
|
1
|
|
|
4.6 |
|
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|