48136 |
2024-09-19 10:00
|
66e877203afd3_vfdsofa12.exe#d1... 5c984dd83c65ae6b6f2d93a60ae40bfd Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
1
https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498
|
5
t.me(149.154.167.99) - mailcious steamcommunity.com(104.76.74.15) - mailcious 149.154.167.99 - mailcious 104.76.74.15 78.47.207.136 - mailcious
|
3
ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure
|
1
https://steamcommunity.com/profiles/76561199768374681
|
16.0 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48137 |
2024-09-19 10:02
|
zabardast-movie2024.mp3.exe cbef9bb615e2bd37d730ed30fde6ae03 UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory unpack itself |
|
|
|
|
1.8 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48138 |
2024-09-19 10:02
|
clip.exe 6ca0b0717cfa0684963ff129abb8dce9 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Malicious Traffic DNS |
1
http://185.215.113.117/nholman/
|
1
185.215.113.117 - malware
|
|
|
2.8 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48139 |
2024-09-19 10:04
|
66e877160911d_vnfdewk16.exe#d1... 65ac3fe80ceced1ad72a4ab03dfd14f2 Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName |
|
|
|
|
3.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48140 |
2024-09-19 10:04
|
66e8771d4d239_vfdokdf15.exe#d1... 3817c947e0d26bde329f7481b6d76709 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
1
https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498
|
5
t.me(149.154.167.99) - mailcious steamcommunity.com(104.76.74.15) - mailcious 149.154.167.99 - mailcious 104.76.74.15 78.47.207.136 - mailcious
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Telegram Domain (t .me in TLS SNI)
|
1
https://steamcommunity.com/profiles/76561199768374681
|
14.8 |
M |
54 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48141 |
2024-09-19 10:06
|
B.exe 7778bbeacc8add7df3996267fc83ece5 AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Browser Email ComputerName DNS Software crashed |
1
http://ip-api.com/line/?fields=hosting
|
4
ftp.jeepcommerce.rs(195.252.110.253) ip-api.com(208.95.112.1) 208.95.112.1 195.252.110.253 - mailcious
|
3
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) ET POLICY External IP Lookup ip-api.com SURICATA Applayer Detect protocol only one direction
|
|
6.6 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48142 |
2024-09-19 10:09
|
univ.exe 85737d1c7426259423c84f96719e82ea Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Windows Remote Code Execution |
|
|
|
|
3.2 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48143 |
2024-09-19 10:10
|
66e87722b6018_sdfjen.exe#space 38ae00650fbf32979ee3d6163e5c579e Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName |
|
|
|
|
3.0 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48144 |
2024-09-19 10:12
|
66e9b62daa62d_xin.exe 8e3fb69a56d807d7ef1c432ea1590496 RedLine stealer Antivirus PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS |
|
1
95.216.107.53 - mailcious
|
|
|
9.2 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48145 |
2024-09-19 10:15
|
vfdaj15.exe ad31361e15557683381bfeafda7fc981 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
1
https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498
|
5
t.me(149.154.167.99) - mailcious steamcommunity.com(104.76.74.15) - mailcious 149.154.167.99 - mailcious 104.76.74.15 78.47.207.136 - mailcious
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Telegram Domain (t .me in TLS SNI)
|
1
https://steamcommunity.com/profiles/76561199768374681
|
17.0 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48146 |
2024-09-19 10:17
|
87.exe 8031214dd28074aecf6482fcff90565b Malicious Library PE File PE64 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS |
|
1
|
|
|
5.2 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48147 |
2024-09-19 10:19
|
vhgwe12.exe b9e09917fbda00f390cf009dc958051d Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software |
1
https://steamcommunity.com/profiles/76561199768374681 - rule_id: 42498
|
5
t.me(149.154.167.99) - mailcious steamcommunity.com(104.74.170.104) - mailcious 149.154.167.99 - mailcious 104.76.74.15 78.47.207.136 - mailcious
|
3
ET INFO Observed Telegram Domain (t .me in TLS SNI) ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
https://steamcommunity.com/profiles/76561199768374681
|
16.6 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48148 |
2024-09-19 10:21
|
euro.exe e89f78e780b64eeb920d5dfebd033ffa AgentTesla Malicious Library Malicious Packer UPX PE File OS Memory Check .NET EXE PE32 OS Name Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Browser Email ComputerName DNS Software crashed |
1
http://ip-api.com/line/?fields=hosting
|
4
ip-api.com(208.95.112.1) ftp.antoniomayol.com(162.241.62.63) 162.241.62.63 - mailcious 208.95.112.1
|
3
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) ET POLICY External IP Lookup ip-api.com SURICATA Applayer Detect protocol only one direction
|
|
6.6 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48149 |
2024-09-19 10:26
|
onePackage.exe 6c2db0ef90b27f880a1566de7711e6c6 Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File DllRegisterServer dll PE32 OS Processor Check |
|
|
|
|
0.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
48150 |
2024-09-19 10:27
|
66ea645129e6a_jacobs.exe d60d266e8fbdbd7794653ecf2aba26ed PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner |
|
2
pool.hashvault.pro(125.253.92.50) - mailcious 125.253.92.50 - mailcious
|
1
ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)
|
|
1.6 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|