| 48046 |
2024-09-17 13:22
|
 wywy8.exe 54d0f9cd7751a2dfa84f1faf3a901a1c
UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48047 |
2024-09-17 13:24
|
 PO.exe 644c70c76df47981aeac98d4f7a08971
ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader |
1
http://147.45.44.131/files/jrj6.exe
|
1
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 23
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.0 |
|
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48048 |
2024-09-17 13:24
|
 b99.exe d18738ee43bda16b6a6d309f2baeef4d
UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48049 |
2024-09-17 13:26
|
 66e464075714d_otr.exe#kisotrme... 39792b5d0b6a20c9216623181135f397
RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Stealer DNS |
|
1
89.105.223.249 - mailcious
|
1
ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI)
|
|
2.4 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48050 |
2024-09-17 13:28
|
 random.exe 8bc68fd89fc539a6f195fb11cafff7dd
Stealc Gen1 Themida Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin |
9
http://185.215.113.103/0d60be0de163924d/msvcp140.dll
http://185.215.113.103/ - rule_id: 42566
http://185.215.113.103/0d60be0de163924d/sqlite3.dll
http://185.215.113.103/0d60be0de163924d/nss3.dll
http://185.215.113.103/0d60be0de163924d/freebl3.dll
http://185.215.113.103/0d60be0de163924d/mozglue.dll
http://185.215.113.103/0d60be0de163924d/vcruntime140.dll
http://185.215.113.103/e2b1563c6670f193.php
http://185.215.113.103/0d60be0de163924d/softokn3.dll
|
1
185.215.113.103 - mailcious
|
15
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET MALWARE Win32/Stealc Submitting System Information to C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
1
|
12.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48051 |
2024-09-17 13:28
|
 seed.exe c52e326b3e71b7930cf6b314d1fa1cff
PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger ICMP traffic unpack itself Windows utilities suspicious process AppData folder Windows DNS |
|
1
|
|
|
6.2 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48052 |
2024-09-17 13:29
|
debug.dbg 000ccbf32b9b4c304bd076b2451d5994
AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
4.6 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48053 |
2024-09-17 13:31
|
 s.exe 3eee1ec7c33c0101a5dcfe2656d26b3c
UPX PE File PE32 VirusTotal Malware Check memory unpack itself |
|
|
|
|
1.8 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48054 |
2024-09-17 13:32
|
 999.exe 290a51a1f510c3983bab387318311a00
Generic Malware Malicious Library Antivirus Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://147.45.44.131/files/ponos.exe
|
1
|
5
ET DROP Spamhaus DROP Listed Traffic Inbound group 23
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
8.2 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48055 |
2024-09-17 13:33
|
 ZZ.exe aa4aca6b0973b169a4242718f04d9c54
Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check ENERGETIC BEAR VirusTotal Malware Windows DNS DDNS keylogger |
|
2
sungito2.ddns.net(154.216.19.222) - mailcious
154.216.19.222 - mailcious
|
2
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET DROP Spamhaus DROP Listed Traffic Inbound group 24
|
|
4.4 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48056 |
2024-09-17 13:33
|
 check2.exe d50d4c1c6ba5a9cc0522150dbf3c2f18
PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName |
1
|
4
xone.fun(185.178.208.135)
x1.i.lencr.org(23.207.177.83)
23.41.113.9
185.178.208.135 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48057 |
2024-09-17 13:36
|
 66e404f0b4ec1_main.exe 44085b8a499d1affb7656982fd6ab47b
Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed |
|
|
|
|
3.6 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48058 |
2024-09-17 13:36
|
 66e705d09b33c_jack.exe abdbcc23bd8f767e671bac6d2ff60335
Generic Malware Malicious Library .NET framework(MSIL) UPX Socket ScreenShot PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
|
1
|
|
|
10.6 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48059 |
2024-09-17 13:37
|
 whiteheroin.exe ca0a3f23c4743c84b5978306a4491f6f
Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed |
|
|
|
|
3.4 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48060 |
2024-09-17 13:38
|
 lake.exe 8b28fc96840848b88d76fb6df662eb23
Stealc Themida Anti_VM PE File PE32 Malware download VirusTotal Malware c&c Malicious Traffic Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Stealc Windows ComputerName DNS crashed |
2
http://185.215.113.103/e2b1563c6670f193.php
http://185.215.113.103/ - rule_id: 42566
|
1
185.215.113.103 - mailcious
|
1
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
|
1
|
7.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|