47776 |
2024-09-03 08:55
|
x11.exe ba856e48421c75592a0b45953c21dd2c Generic Malware Malicious Library WinRAR UPX Malicious Packer PE File PE32 OS Processor Check PE64 PDB Creates executable files Remote Code Execution |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47777 |
2024-09-03 08:57
|
gWsmPty.exe b7e1019218936fc5967b3b3845981231 Generic Malware Malicious Library PE File PE64 FTP Client Info Stealer Malware Malicious Traffic Check memory buffers extracted unpack itself Tofsee Software |
1
https://animalesfans.space/105567956143109?zlrgciye=pruV0RC8hqiqgVzdZv9xztJ7m5HTZdfHAqbII593BXvMow8T%2BYmEpf3Dn8pnzbBr
|
2
animalesfans.space(104.21.35.232) 104.21.35.232 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47778 |
2024-09-03 08:59
|
m20.exe 1bc0da4074693f616a71d648d4b8c106 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check |
|
|
|
|
|
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47779 |
2024-09-03 09:00
|
byebyefronbypass.exe b5128526be8a6b02a0ea3dcb4bef1478 Gen1 Emotet Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer Antivirus Anti_VM PE File PE64 OS Processor Check DLL PE32 .NET DLL ftp wget DllRegisterServer dll ZIP Format Check memory Creates executable files AppData folder |
|
|
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47780 |
2024-09-03 09:04
|
VIZSPLOIT.exe 1f29ee3673fc717fcb8f6007c3f840cd UPX PE File PE64 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.0 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47781 |
2024-09-03 09:04
|
EvolutInjector.exe 34563cc2fcd4e6e5b0063cbc0ffce9c1 Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware DNS |
|
1
104.21.35.232 - mailcious
|
|
|
1.8 |
|
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47782 |
2024-09-03 09:06
|
sWsmPty.exe 478124644da5f82d2c803238a413cd96 Generic Malware Malicious Library PE File PE64 FTP Client Info Stealer VirusTotal Malware Malicious Traffic Check memory buffers extracted unpack itself Tofsee Software |
1
https://animalesfans.space/park?jpkr7rxhi=LXc8pXq%2B90Dqtjn83Fl3FLo0pHPLDPLaSKYnB%2FH72B5yCdr0JCJOZKWkStPG67hyYHv9uiy27egbaPaFEIaCVQ%3D%3D
|
2
animalesfans.space(172.67.180.170) 172.67.180.170
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47783 |
2024-09-03 09:08
|
Youtube-Viewers.exe a7878575f2e9f431c354c17a3e768fd9 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName |
|
|
|
|
2.8 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47784 |
2024-09-03 09:08
|
66d4d06f98874_vweo12.exe 0d4368e6ac69934c3d6012daecee98ad Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download Vidar VirusTotal Malware c&c PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications malicious URLs sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin |
8
http://147.45.68.138/softokn3.dll http://147.45.68.138/mozglue.dll http://147.45.68.138/freebl3.dll http://147.45.68.138/nss3.dll http://147.45.68.138/sql.dll http://147.45.68.138/ - rule_id: 42298 http://147.45.68.138/msvcp140.dll http://147.45.68.138/vcruntime140.dll
|
1
147.45.68.138 - mailcious
|
10
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
|
1
|
14.2 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47785 |
2024-09-03 09:10
|
CheatEngine75.exe 609fea742d34dc1d53f0eeb4873b1a0a Emotet Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check PNG Format DLL PE64 VirusTotal Malware MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion VMware China VM Disk Size Check Tofsee Browser |
3
https://d2oq4dwfbh6gxl.cloudfront.net/o https://d2oq4dwfbh6gxl.cloudfront.net/f/AVG_AV/images/1509/BR.png https://d2oq4dwfbh6gxl.cloudfront.net/zbd
|
2
d2oq4dwfbh6gxl.cloudfront.net(18.172.183.199) 18.154.207.228
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.8 |
|
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47786 |
2024-09-03 09:12
|
Launcher.exe 1788ecdad15cd02d42475133faa38cce UPX PE File PE64 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.4 |
|
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47787 |
2024-09-03 09:12
|
huna.exe 8424ecf2f95410ceed693e7d1011d26f PE File PE32 VirusTotal Malware |
|
|
|
|
1.4 |
M |
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47788 |
2024-09-03 09:12
|
rome.exe f43b5c1b6de35a7fdb2c48ff380bac60 Stealc Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin |
9
http://185.215.113.100/0d60be0de163924d/nss3.dll http://185.215.113.100/0d60be0de163924d/freebl3.dll http://185.215.113.100/e2b1563c6670f193.php - rule_id: 41968 http://185.215.113.100/0d60be0de163924d/vcruntime140.dll http://185.215.113.100/0d60be0de163924d/sqlite3.dll http://185.215.113.100/ - rule_id: 41969 http://185.215.113.100/0d60be0de163924d/mozglue.dll http://185.215.113.100/0d60be0de163924d/softokn3.dll http://185.215.113.100/0d60be0de163924d/msvcp140.dll
|
1
185.215.113.100 - mailcious
|
16
ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting System Information to C2 ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
2
http://185.215.113.100/e2b1563c6670f193.php http://185.215.113.100/
|
12.4 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47789 |
2024-09-03 09:13
|
66d48faf6737f_crypted.exe 67a51322cbb161374023771f2fa9c1d5 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
10.2 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
47790 |
2024-09-03 09:14
|
8_Ball_Pool_Cheto.exe b5ca92538a485317ce5c4dff6c5fd08f UPX PE File PE32 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.8 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|