| 47791 |
2024-09-03 09:15
|
shereallywantmebutheresituatio... 8ce06dc4ce1fa52f729607c6058f991c
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed |
1
http://23.95.235.112/122/realgirlfriendeverykissnicefeelingsgive.Tif
|
3
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
23.95.235.112 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.8 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47792 |
2024-09-03 09:20
|
 66d4d0726b5b3_sgdk.exe 155105824c859e795361a482d2553c57
Stealc Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Downloader Antivirus Malicious Library UPX Malicious Packer ScreenShot Http API PWS Create Service Socket DGA Escalate priviledges Steal credential Sniff Audio Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName DNS Software plugin |
13
http://46.8.231.109/1309cdeb8f4c8736/nss3.dll
http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll
http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll
http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211
http://147.45.44.104/prog/66d5ddc254656_lfem.exe
http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll
http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll
http://147.45.44.104/prog/66d5ddcbb9f86_vyre.exe
http://46.8.231.109/ - rule_id: 42142
http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll
http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll
https://steamcommunity.com/profiles/76561199768374681
https://t.me/edm0d
|
7
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.74.170.104) - mailcious
149.154.167.99 - mailcious
116.203.6.46
147.45.44.104 - malware
104.74.170.104
46.8.231.109 - mailcious
|
21
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET MALWARE Win32/Stealc Submitting System Information to C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET DROP Spamhaus DROP Listed Traffic Inbound group 23
ET INFO Executable Download from dotted-quad Host
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
2
http://46.8.231.109/c4754d4f680ead72.php
http://46.8.231.109/
|
19.2 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47793 |
2024-09-03 09:30
|
 R3nzSkin_Injector.exe 8af17734385f55dc58f1ca38bce22312
Malicious Library PE File PE64 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee |
1
https://api.github.com/repos/R3nzTheCodeGOD/R3nzSkin/releases/latest
|
2
api.github.com(20.200.245.245)
20.200.245.245
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47794 |
2024-09-03 09:32
|
 ModSkin_Eng.exe 251506af767bc121f5e65970488030c1
Malicious Library Confuser .NET PE File PE64 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee |
1
https://toolgamepc.blogspot.com/p/tgp.html
|
2
toolgamepc.blogspot.com(142.250.207.97)
172.217.27.33
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47795 |
2024-09-03 09:34
|
 Launcher.exe 8e9d1161d84aa416108c23f8d457a633
UPX PE File PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47796 |
2024-09-03 09:36
|
 CMLiteInstaller.exe 02ea34533272f916fb52990a45917913
Malicious Library UPX PE File PE64 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
2.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47797 |
2024-09-03 09:38
|
 Nezur.exe d6f133dee71ed4c119a2d2aaf4cf3a69
Malicious Packer UPX PE File ftp PE64 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.8 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47798 |
2024-09-03 09:40
|
 SolaraBootstrapper.exe 06f13f50c4580846567a644eb03a11f2
PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces WriteConsoleW Tofsee |
|
4
github.com(20.200.245.247) - mailcious
raw.githubusercontent.com(185.199.108.133) - malware
20.200.245.247 - malware
185.199.109.133 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47799 |
2024-09-03 09:42
|
 SecHex-GUI.dll ad714ee48d2e829c5012c65de6166c05
Generic Malware Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.6 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47800 |
2024-09-03 12:00
|
 WORDICON.EXE 068918a65830b7e7671056f125412757
ASPack UPX PE File DLL PE64 |
|
|
|
|
|
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47801 |
2024-09-04 09:35
|
 66d7540419a3a_installer.exe 9a0770b61e54640630a3c8542c5bc7ac
Malicious Library UPX PE File PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself crashed |
|
|
|
|
2.2 |
M |
12 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47802 |
2024-09-04 09:40
|
 1388.exe 7109c985bd8a553012ea843d05737794
Malicious Library PE File PE64 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS |
|
1
|
|
|
5.2 |
M |
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47803 |
2024-09-04 09:40
|
 2.exe 727d942e4c26b713b9498e8997fabf38
Malicious Packer UPX PE File PE64 VirusTotal Malware RWX flags setting DNS crashed |
|
1
|
|
|
3.8 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47804 |
2024-09-04 10:03
|
 66d707730e9bf_s.exe#space 998f7fb6068e4377618bcdb2138bc6f0
Stealc Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Downloader Antivirus Malicious Library UPX Malicious Packer Http API PWS Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software plugin |
19
http://46.8.231.109/1309cdeb8f4c8736/nss3.dll
http://147.45.68.138/softokn3.dll
http://147.45.44.104/prog/66d7077a2064d_l.exe
http://147.45.68.138/mozglue.dll
http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll
http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211
http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll
http://147.45.68.138/freebl3.dll
http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll
http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll
http://147.45.68.138/nss3.dll
http://147.45.68.138/sql.dll
http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll
http://147.45.44.104/prog/66d70775c548d_v.exe
http://46.8.231.109/ - rule_id: 42142
http://147.45.68.138/ - rule_id: 42298
http://147.45.68.138/msvcp140.dll
http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll
http://147.45.68.138/vcruntime140.dll
|
3
147.45.68.138 - mailcious
147.45.44.104 - malware
46.8.231.109 - mailcious
|
19
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Submitting System Information to C2
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
ET DROP Spamhaus DROP Listed Traffic Inbound group 23
ET INFO Executable Download from dotted-quad Host
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
|
3
http://46.8.231.109/c4754d4f680ead72.php
http://46.8.231.109/
http://147.45.68.138/
|
16.6 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47805 |
2024-09-04 10:07
|
 66d58b1858bcb_crypted.exe#xin d8ecb462d3046a0ee172551c5d505c8e
RedLine stealer Antivirus PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself DNS |
|
1
95.216.107.53 - mailcious
|
|
|
9.0 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|