48046 |
2024-09-17 13:22
|
wywy8.exe 54d0f9cd7751a2dfa84f1faf3a901a1c UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48047 |
2024-09-17 13:24
|
PO.exe 644c70c76df47981aeac98d4f7a08971 ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader |
1
http://147.45.44.131/files/jrj6.exe
|
1
|
6
ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.0 |
|
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48048 |
2024-09-17 13:24
|
b99.exe d18738ee43bda16b6a6d309f2baeef4d UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
|
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48049 |
2024-09-17 13:26
|
66e464075714d_otr.exe#kisotrme... 39792b5d0b6a20c9216623181135f397 RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Stealer DNS |
|
1
89.105.223.249 - mailcious
|
1
ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI)
|
|
2.4 |
M |
56 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48050 |
2024-09-17 13:28
|
random.exe 8bc68fd89fc539a6f195fb11cafff7dd Stealc Gen1 Themida Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin |
9
http://185.215.113.103/0d60be0de163924d/msvcp140.dll http://185.215.113.103/ - rule_id: 42566 http://185.215.113.103/0d60be0de163924d/sqlite3.dll http://185.215.113.103/0d60be0de163924d/nss3.dll http://185.215.113.103/0d60be0de163924d/freebl3.dll http://185.215.113.103/0d60be0de163924d/mozglue.dll http://185.215.113.103/0d60be0de163924d/vcruntime140.dll http://185.215.113.103/e2b1563c6670f193.php http://185.215.113.103/0d60be0de163924d/softokn3.dll
|
1
185.215.113.103 - mailcious
|
15
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
1
|
12.6 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48051 |
2024-09-17 13:28
|
seed.exe c52e326b3e71b7930cf6b314d1fa1cff PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger ICMP traffic unpack itself Windows utilities suspicious process AppData folder Windows DNS |
|
1
|
|
|
6.2 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48052 |
2024-09-17 13:29
|
debug.dbg 000ccbf32b9b4c304bd076b2451d5994 AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
4.6 |
M |
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48053 |
2024-09-17 13:31
|
s.exe 3eee1ec7c33c0101a5dcfe2656d26b3c UPX PE File PE32 VirusTotal Malware Check memory unpack itself |
|
|
|
|
1.8 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48054 |
2024-09-17 13:32
|
999.exe 290a51a1f510c3983bab387318311a00 Generic Malware Malicious Library Antivirus Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key |
1
http://147.45.44.131/files/ponos.exe
|
1
|
5
ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
8.2 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48055 |
2024-09-17 13:33
|
ZZ.exe aa4aca6b0973b169a4242718f04d9c54 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check ENERGETIC BEAR VirusTotal Malware Windows DNS DDNS keylogger |
|
2
sungito2.ddns.net(154.216.19.222) - mailcious 154.216.19.222 - mailcious
|
2
ET POLICY DNS Query to DynDNS Domain *.ddns .net ET DROP Spamhaus DROP Listed Traffic Inbound group 24
|
|
4.4 |
M |
64 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48056 |
2024-09-17 13:33
|
check2.exe d50d4c1c6ba5a9cc0522150dbf3c2f18 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName |
1
|
4
xone.fun(185.178.208.135) x1.i.lencr.org(23.207.177.83) 23.41.113.9 185.178.208.135 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48057 |
2024-09-17 13:36
|
66e404f0b4ec1_main.exe 44085b8a499d1affb7656982fd6ab47b Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed |
|
|
|
|
3.6 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48058 |
2024-09-17 13:36
|
66e705d09b33c_jack.exe abdbcc23bd8f767e671bac6d2ff60335 Generic Malware Malicious Library .NET framework(MSIL) UPX Socket ScreenShot PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS |
|
1
|
|
|
10.6 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48059 |
2024-09-17 13:37
|
whiteheroin.exe ca0a3f23c4743c84b5978306a4491f6f Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed |
|
|
|
|
3.4 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48060 |
2024-09-17 13:38
|
lake.exe 8b28fc96840848b88d76fb6df662eb23 Stealc Themida Anti_VM PE File PE32 Malware download VirusTotal Malware c&c Malicious Traffic Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Stealc Windows ComputerName DNS crashed |
2
http://185.215.113.103/e2b1563c6670f193.php http://185.215.113.103/ - rule_id: 42566
|
1
185.215.113.103 - mailcious
|
1
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
|
1
|
7.6 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|