http://45.152.113.10/ - rule_id: 42485
http://45.152.113.10/92335b4816f77e90.php - rule_id: 42486

45.152.113.10 - mailcious

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

http://45.152.113.10/
http://45.152.113.10/92335b4816f77e90.php

http://45.152.113.10/15a25e53742510fe/nss3.dll
http://45.152.113.10/15a25e53742510fe/vcruntime140.dll
http://45.152.113.10/15a25e53742510fe/mozglue.dll
http://45.152.113.10/15a25e53742510fe/softokn3.dll
http://45.152.113.10/ - rule_id: 42485
http://45.152.113.10/15a25e53742510fe/freebl3.dll
http://45.152.113.10/15a25e53742510fe/sqlite3.dll
http://45.152.113.10/15a25e53742510fe/msvcp140.dll
http://45.152.113.10/92335b4816f77e90.php - rule_id: 42486

evokeedgellc.com(198.54.120.231)
45.152.113.10 - mailcious
198.54.120.231 - malware

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET MALWARE Win32/Stealc Submitting System Information to C2
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
ET MALWARE Win32/Stealc Submitting Screenshot to C2

http://45.152.113.10/
http://45.152.113.10/92335b4816f77e90.php

https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498

t.me(149.154.167.99) - mailcious
steamcommunity.com(104.76.74.15) - mailcious
149.154.167.99 - mailcious
104.76.74.15
78.47.207.136 - mailcious

ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

https://steamcommunity.com/profiles/76561199768374681

https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498
https://t.me/fneogr

t.me(149.154.167.99) - mailcious
steamcommunity.com(104.76.74.15) - mailcious
149.154.167.99 - mailcious
104.76.74.15
78.47.207.136 - mailcious

ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

https://steamcommunity.com/profiles/76561199768374681

5.42.92.222