2716 |
2024-06-25 07:57
|
Main.exe 9ec7f08c85bfa1b267761f225b68ab0b Malicious Library Antivirus UPX PE File PE32 OS Processor Check VirusTotal Malware Telegram MachineGuid Malicious Traffic WMI Tofsee ComputerName DNS crashed |
2
https://steamcommunity.com/profiles/76561199677575543
https://t.me/snsb82
|
5
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.76.78.101) - mailcious 149.154.167.99 - mailcious
5.75.208.137
104.76.78.101 - mailcious
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO Observed Telegram Domain (t .me in TLS SNI)
|
|
6.2 |
M |
61 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2717 |
2024-06-25 07:55
|
pic2.exe 5f9be6e22310cc089a32fac1d037ced4 UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.6 |
|
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2718 |
2024-06-25 07:55
|
288c47bbc1871b439df19ff4df68f0... ba354d029f0e09cb6b02a4c196524da4 Generic Malware Malicious Library UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder |
|
|
|
|
3.6 |
|
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2719 |
2024-06-25 07:53
|
chromedriver.exe 7e9e5a3bb475784e3fd62cd8ec68901b Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.6 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2720 |
2024-06-25 07:52
|
cap.exe 22e35bea6a2653c8393db13a83b0cf97 Malicious Library PE File PE64 VirusTotal Malware Buffer PE PDB MachineGuid Check memory Checks debugger buffers extracted unpack itself crashed |
|
|
|
|
3.6 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2721 |
2024-06-25 07:52
|
num.exe 919db35f2bf4dad6dd23e16b68dbb205 Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName Firmware DNS Software crashed plugin |
8
http://85.28.47.4/69934896f997d5bb/freebl3.dll http://85.28.47.4/69934896f997d5bb/nss3.dll http://85.28.47.4/69934896f997d5bb/vcruntime140.dll http://85.28.47.4/69934896f997d5bb/mozglue.dll http://85.28.47.4/69934896f997d5bb/softokn3.dll http://85.28.47.4/920475a59bac849d.php http://85.28.47.4/69934896f997d5bb/msvcp140.dll http://85.28.47.4/69934896f997d5bb/sqlite3.dll
|
1
|
15
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
|
11.0 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2722 |
2024-06-25 07:48
|
288c47bbc1871b439df19ff4df68f0... 4645adc87acf83b55edff3c5ce2fc28e Generic Malware Malicious Library UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder |
|
|
|
|
3.6 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2723 |
2024-06-25 07:48
|
e0cbefcb1af40c7d4aff4aca26621a... 78a9e69486fa214a1af7dc245ab3ec06 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
2.0 |
|
66 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2724 |
2024-06-25 07:46
|
Videopro02.exe 7d91ac0d3852641715e5248d384d27c7 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
2.2 |
|
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2725 |
2024-06-25 07:44
|
ExtExport2.exe 901a623dbccaa22525373cd36195ee14 Suspicious_Script_Bin UPX PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces IP Check installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c http://185.38.142.10:7474/
|
8
ipinfo.io(34.117.186.192) api.ipify.org(172.67.74.152) api.ip.sb(104.26.13.31) 172.67.75.172 - mailcious 34.117.186.192 104.26.12.205 185.38.142.10 114.108.166.82
|
8
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE RedLine Stealer - CheckConnect Response ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SURICATA HTTP unable to match response to request
|
|
9.4 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2726 |
2024-06-25 07:44
|
3.exe 62ae0796c580559b876ecd052ddf80c4 Malicious Library PE File PE32 VirusTotal Malware |
|
|
|
|
1.4 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2727 |
2024-06-25 05:38
|
70f316a5492848bb_down[1] 555e83ce7f5d280d7454af334571fb25 AntiDebug AntiVM PNG Format Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email |
|
|
|
|
3.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2728 |
2024-06-25 05:37
|
a8ae8647bbcca480_recoverystore... bc10f337c3a77c5f9d4bf6a20049e31e AntiDebug AntiVM MSOffice File Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
3.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2729 |
2024-06-25 05:29
|
http://l.instagram.com/?235901... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg|virtaava https://business.instagram.com/micro_site/url/?event_type=click https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg|virtaava
|
3
l.instagram.com(157.240.11.52) business.instagram.com(157.240.11.52) 157.240.215.63
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.2 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2730 |
2024-06-25 05:29
|
https://business.instagram.com... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
1
https://business.instagram.com/micro_site/url/?event_type=click
|
2
business.instagram.com(157.240.11.52) 157.240.215.63
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
|
4.8 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|