2656 |
2024-06-28 12:59
|
setup.exe 578b99fc6beb29265631e1dffe80a719 Malicious Library UPX DNS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Windows Remote Code Execution |
|
|
|
|
8.2 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2657 |
2024-06-28 12:56
|
bh.h.h.h.hhhhh.doC 71ee0c2a6053262bfceb4cd2b0aa4117 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed |
2
http://172.232.175.155/88122/flowersarebautifulforeveryonegraden.gif https://paste.ee/d/oB1cd
|
3
paste.ee(104.21.84.67) - mailcious 172.232.175.155 - mailcious 172.67.187.200 - mailcious
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2658 |
2024-06-28 12:54
|
fe.ee.e.e.eee.doc b42c7a60e045a89970b33577980acd7d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Exploit DNS crashed |
1
http://103.186.67.211/22133/beautifulimagesflowersraininggood.gif
|
2
103.186.67.211 - mailcious 66.70.160.254 - mailcious
|
|
|
6.0 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2659 |
2024-06-28 12:54
|
hd.d.d.d.dddd.doC 147baf4802996992bb3346811ce5e373 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself Exploit DNS crashed |
1
http://51.81.235.253/66166/catcallingfemalecattogiveflowersgreat.gif
|
2
66.70.160.254 - mailcious 51.81.235.253 - mailcious
|
|
|
6.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2660 |
2024-06-28 12:53
|
random.exe 97ddaf205149ee9833a9b79cbfa33e68 Gen1 EnigmaProtector Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download Vidar VirusTotal Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS crashed plugin |
8
http://85.28.47.4/69934896f997d5bb/freebl3.dll http://85.28.47.4/69934896f997d5bb/nss3.dll http://85.28.47.4/69934896f997d5bb/vcruntime140.dll http://85.28.47.4/69934896f997d5bb/mozglue.dll http://85.28.47.4/69934896f997d5bb/softokn3.dll http://85.28.47.4/920475a59bac849d.php - rule_id: 40635 http://85.28.47.4/69934896f997d5bb/msvcp140.dll http://85.28.47.4/69934896f997d5bb/sqlite3.dll
|
1
|
15
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
1
http://85.28.47.4/920475a59bac849d.php
|
8.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2661 |
2024-06-28 12:53
|
sw.w.w.w.www.doc 80e1ba7b421fd01f5319de00cf5420f7 MS_RTF_Obfuscation_Objects RTF File doc Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed |
3
http://198.46.178.144/wednesdayfile.jpeg https://uploaddeimagens.com.br/images/004/805/162/original/new_image_%281%29.jpg?1719495498 https://paste.ee/d/RgwiL
|
5
paste.ee(104.21.84.67) - mailcious uploaddeimagens.com.br(172.67.215.45) - malware 172.67.187.200 - mailcious 198.46.178.144 - mailcious 104.21.45.138 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2662 |
2024-06-28 12:50
|
au.u.u.u.uuuu.doc d268f6028d5fcdb70bf64bf7419852a4 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Exploit DNS crashed |
1
http://103.186.67.211/44155/sweetflowerislookbeautifulhereimages.gif
|
2
103.186.67.211 - mailcious 66.70.160.254 - mailcious
|
|
|
6.0 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2663 |
2024-06-28 12:50
|
alex5555555.exe a80a86c701801cbd77cf7406be6d11f0 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.4 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2664 |
2024-06-28 12:48
|
alphazxv.scr e4979c53302e30f656edf76043b5944a LokiBot Generic Malware Malicious Library .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process malicious URLs AntiVM_Disk suspicious TLD WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software |
1
http://midwestsoil.top/alpha/five/fre.php
|
2
midwestsoil.top(104.21.23.190) 172.67.212.234
|
8
ET DNS Query to a *.top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a *.top domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
|
|
16.0 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2665 |
2024-06-28 12:47
|
intalls555.exe 7e30a1a92f86e8e0a25154b1521d0588 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Telegram suspicious privilege MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces AntiVM_Disk VM Disk Size Check Tofsee Windows ComputerName DNS keylogger |
|
2
api.telegram.org(149.154.167.220) 149.154.167.220
|
4
ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2666 |
2024-06-28 12:46
|
%E5%9B%BD%E5%BA%86%E5%BB%B6%E8... d0e72468c01cf13b48c0a5ee2a310cb2 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting DNS crashed |
|
1
|
|
|
4.0 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2667 |
2024-06-28 12:45
|
123.exe cd581d68ed550455444ee6e099c44266 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check PNG Format MSOffice File JPEG Format Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
3
http://apps.identrust.com/roots/dstrootcax3.p7c http://x1.i.lencr.org/ https://moreapp4you.online/George.exe - rule_id: 40536
|
10
x1.i.lencr.org(23.52.33.11) moreapp4you.online(31.31.196.208) - malware iplogger.co(104.21.82.93) 77.91.77.81 - mailcious 23.41.113.9 31.31.196.208 - mailcious 121.254.136.74 104.21.82.93 121.254.136.9 185.215.113.67 - mailcious
|
7
ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://moreapp4you.online/George.exe
|
12.4 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2668 |
2024-06-28 12:44
|
chisel.exe 6ddee3e7fa0969931f9ec465e9c8965a Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.6 |
|
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2669 |
2024-06-28 12:42
|
mimikatz.exe e930b05efe23891d19bc354a4209be3e Generic Malware Malicious Packer UPX PE File PE64 VirusTotal Malware Check memory WriteConsoleW |
|
|
|
|
1.6 |
|
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2670 |
2024-06-27 18:24
|
system.exe e920056a531d4a0635ba526fabeda4ce Gen1 Generic Malware Malicious Library ASPack UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files crashed |
|
|
|
|
2.4 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|