6391 |
2024-01-09 08:02
|
2024.exe 2c470494b6dc68b2346e42542d80a0fd RedlineStealer RedLine stealer .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)
|
|
6.6 |
|
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6392 |
2024-01-09 08:02
|
ugopoundzx.exe 5238fbf72ac6be4edfb03daaceca338c .NET framework(MSIL) PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.4 |
|
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6393 |
2024-01-08 09:43
|
DECEMBER_2023_COMMISSION_PAYME... eba5412c896ac51f09604239e059e1e7 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted exploit crash unpack itself Exploit DNS crashed |
|
1
|
|
|
3.8 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6394 |
2024-01-08 09:42
|
ablast.exe c0bd0765626bdb60acd2d0dbb25b8f2c .NET framework(MSIL) AntiDebug AntiVM PE32 PE File .NET EXE Malware download VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Detects VirtualBox suspicious TLD sandbox evasion VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key |
6
http://ruspyc.top///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////tasks.php?bid=3d3783a0-703a-11de-8c7a-806e6f6e69632086675629 http://ruspyc.top///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////addbot.php?UEgrnJeOGtqvTcGfnJEKa8QfiTEt+hJQhzKeGmYv3iAHZy/R2eh9rYaoI7znI+HiPQyUy1T2Ocyxs2TE7/Fc4E49ASMwc2EcVB3y7HssJ8MebjDKVgdUraudN2VNEMrE6LgPszLb4TAr6TN3XDsw7h9qN3DoZ2qXA0nxjGfu7Gef2hTb960FUZghm2qjBwokNeO1Ps6MOJlPWITrAr7OuqSOKKNS3fBtxQPFB15vOlZz649JnSGl21mQ3ZIFIQy36F138IWnjSeLJOxc5VjkdcAhfl+fwpSRpN1KzdL5SQcMD7o8cOoEYUko2RKwJddJkj5XqPqJFHtIU27yZ82ccrKf+kUTvyfSMoesVuywBjUm7xTc8n6cWOYXvdmuRbbbmrVHSVgAsWouxHZtobAxw2vUcD6hx4SPSOIN64rfNRYoWfqo4fWew+juhT9Oqu7X8IAt7wyekGNWleu2oNz1IhKw1DasPcs8zidj4F5GB1N/DZDuckyaPIba4rrPdyQdLgZzgOWeWSMfaGTXnhI5EwKbyHiUQvJN41+ZItVFzhc3zvz7ZqkL7FY0w6BuOhs0RNhVuwI7EMcPOfh2svQ/YPcQ9jsjEcdpL/akCvEvQop0E4XY89Q/YG7Fa27KZyCg4GX1YfpItaRW9pKJOnVUKC01TWsrpxvwAAQRIV99GCCsHnYByZGWKsbUDOb1In2GEOoB7mfvbsFOaJi4i3LLi0/EhRFswdoGaitj9gc9lNmnkj6MH+++3jfctmyn3MJ1pwP7LT6mMrdZF7sF9cFCvfP38kzblPFCWgyvJXjxxge1HKA+Elg1OfBZC4F4DvwGl48d+2a+8nNqGMdKA6XNDRgYjxiBA6DL/dH4dDEIYw8gkDEBdtaam7qd6hGFYkpUikTSpvcBizGpAYERyVrNJNFVMoZapxWKul/YSMMg3nRx3FK/i0Phyj3crP3gOPFpmyOfqs0RNTLkjTKwWH27Asuhzj/rEvuGH7wk2+78A/vZxbNLPfydwX2W1kqRc2MkgMwextc9gUJz311avdhGMXuenOyZdA6aYJBxLDWtXri0zy4VSgboc2peTI7cO7XZxXBquiRh9cULw782GxPkkKTE/7+x56XwxJoIjUgQuHBUFJzHE4FrWOtpgnPSYmoJvrRzkdWZ7/SnAMeA0vGojA== http://ruspyc.top///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////addbot.php?UEgrnJeOGtqvTcGfnJEKa8QfiTEt+hJQhzKeGmYv3iAHZy/R2eh9rYaoI7znI+HiPQyUy1T2Ocyxs2TE7/Fc4E49ASMwc2EcVB3y7HssJ8MebjDKVgdUraudN2VNEMrE6LgPszLb4TAr6TN3XDsw7h9qN3DoZ2qXA0nxjGfu7Gef2hTb960FUZghm2qjBwokNeO1Ps6MOJlPWITrAr7OuqSOKKNS3fBtxQPFB15vOlZz649JnSGl21mQ3ZIFIQy36F138IWnjSeLJOxc5VjkdcAhfl+fwpSRpN1KzdL5SQcMD7o8cOoEYUko2RKwJddJkj5XqPqJFHtIU27yZ82ccrKf+kUTvyfSMoesVuywBjUm7xTc8n6cWOYXvdmuRbbbmrVHSVgAsWouxHZtobAxw2vUcD6hx4SPSOIN64rfNRbtlIpdwn2HAWFMKEmx+L2Vq/+gq9hCJiyARQlLxhkfQ9mKWcpCeaqmcIcLRJpid4VFNaJO7MTD7sPGeBTw2Qr1Hvm65Cy3Kndwllumcr3PtuK5GGHsBPGFPm5UQ5x2UjHlBY3vS5Qs+/k6CSaVdmRewI0uVBwexfVP4Qe8LxlaJh7Pd7wo9w7rLu/o00capaZgcsmWY36xl99remc19jjvDefazB84HDk/f4x0kHbI0Sc0tTFcFBvIpnTKkJ3GrKOlhujcEIiF3NLtN171CG5BQY2yKYFUxM/YcOdaj0LFgAkbmKIhTEUNbNl/4b8FaZLlJpVPJHK4FDAuvu7sg0Uf3MsvwI9TGsuxF+zT39kbqcro7sV/7UEOAat6C6hZ3oUMeQpnIb1YtO517iqBvNpo5yiO7HU8VjB1913qLzAEM+WFO4Z1odHnCVagb/d2iYMl0TK6PMF39VqiaivZNX/t+Lr5QPZyx1UVsjCkK4KAQ712ntmSZkWCr9Mw2KqaM1pAsFbG16VHfgAb9XzamLE302quON6ULA0irmaABIL8EYklGK3lMvzh3sVEPvvupqrZ1YM10bnCPUHKMt7sjAJyqfdqUCvT2hP9ofH1vBlGengdv+E4ypCRSUovEHH2ZH+jBCKqjyBI9lntscgzKfSPVQxqBuMaq7GLXEgkJFxTdA3CELIL0bLWpljxgGcWIRyTXzXtfLp9bkZxlMuck5iMj/E9a2qOlYeBJOVIZoVH4g== http://ruspyc.top///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////gate.php///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////?password=ef5198eb5dd4cd9940ac6f4ace70538bc1ddb4112ba8f45774a464918a3405b7f05c097cbe1699ed8aa4fe4d8f9dc75f4a446118ae7be60244e24ee36e71d24f http://ruspyc.top///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////tasks.php?bid= http://ruspyc.top///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////addbot.php?UEgrnJeOGtqvTcGfnJEKa8QfiTEt+hJQhzKeGmYv3iAHZy/R2eh9rYaoI7znI+HiPQyUy1T2Ocyxs2TE7/Fc4E49ASMwc2EcVB3y7HssJ8MebjDKVgdUraudN2VNEMrE6LgPszLb4TAr6TN3XDsw7h9qN3DoZ2qXA0nxjGfu7Gef2hTb960FUZghm2qjBwokNeO1Ps6MOJlPWITrAr7OuqSOKKNS3fBtxQPFB15vOlZz649JnSGl21mQ3ZIFIQy36F138IWnjSeLJOxc5VjkdcAhfl+fwpSRpN1KzdL5SQcMD7o8cOoEYUko2RKwJddJkj5XqPqJFHtIU27yZ82ccrKf+kUTvyfSMoesVuywBjUm7xTc8n6cWOYXvdmuRbbbmrVHSVgAsWouxHZtobAxw2vUcD6hx4SPSOIN64rfNRab0WoEe4EmMaVAjJaeqBUWu7uDkvLDBe7FatC5FIEcsS4yeCSA/GeU2Dxx3gn5xgBXqL13/gsRU3guMLVXsN3mEstewFHgA8YNCc0h0pMCgcBoGRboa2lgwpaIDRku8cAYgzSB9UVEDkDEgTFrw1e0cUiwVeDvZhpwlqp15CGStrChOFWDgVUtd9A/0IOOAfVnhzDGzGg1R2OCWR0e732L24DVI+/GQhE0mS9HCXFy5eFSZMJCZFRPBs0qB1GW8ZS6T5qLmD6KtXNNANiC5dmZdAP41F4URaki+jdRSJEgsYUoRQ3Yvsd3n3kQkv/m2VLo20+vo8pKbJjCkQr326hwCGatyyevlI3VNlgJ+dmSjW1dXvLmlIPHBaGmWAkMcP8LeJUjhiU3kQlQhh7d1g9Ar6+D43/VGMlq5YlDrq2DhUFL0FQEUndSY1w+/jB6ctZs98H6xdog2QSFzfNEHmQNDmnrOe6oPuwNpN2eab/GRwBcDQdY3lKSpq1ke0i72lSEnYwHSLGYw13rfthSwuTYWvRLunHaXWY3uIclb5yyS0H7evOEegMHitc4/ycb9+/wrkYYcPzGQQic8pQgd6t7aCLKflfQZjxbX81GS5yiBKLs5puIfln+ypVnvafeOm9Sm+wXQ0Wj7fSj2Hj+uawYgLs5e+FR+K6owOcH1GerZL/muHU8dIfnF1yL/LD7eK3aqYeQugzRzwFNP6j8Rc3zSHt9sZYsLc1hOzmx6uh1cQ==
|
2
ruspyc.top(91.92.241.244) 91.92.241.244 - malware
|
4
ET DNS Query to a *.top domain - Likely Hostile ET INFO HTTP Request to a *.top domain ET MALWARE Generic gate .php GET with minimal headers ET HUNTING Suspicious GET To gate.php with no Referer
|
|
17.4 |
M |
24 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6395 |
2024-01-08 09:40
|
ajajjajajaj.exe 526a60e929f138a26e787599b03b11e3 Generic Malware Suspicious_Script_Bin Malicious Library .NET framework(MSIL) UPX Antivirus AntiDebug AntiVM PE32 PE File OS Processor Check .NET EXE VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check ComputerName Remote Code Execution |
|
|
|
|
9.2 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6396 |
2024-01-08 09:38
|
newrock.exe 3133d3642bfa4a27451dc4ba649d0c50 Generic Malware Malicious Packer UPX Malicious Library PE32 PE File .NET EXE PE64 VirusTotal Malware MachineGuid Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee crashed |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://i.alie3ksgaa.com/sta/imagd.jpg
|
3
i.alie3ksgaa.com(154.92.15.189) 154.92.15.189
23.67.53.17
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.8 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6397 |
2024-01-08 09:37
|
Winlog.exe f05c694a114f51a3ef0db7f93f777711 Generic Malware Antivirus PE File PE64 VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key |
1
http://85.209.176.59/server/bin/windowscachelogsregistry.bin
|
2
45.148.244.112 85.209.176.59 - mailcious
|
1
ET HUNTING Rejetto HTTP File Sever Response
|
|
8.2 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6398 |
2024-01-08 07:54
|
VoiceChangerAi.exe a95c886c9107dfc61f02274ec206f559 Gen1 Malicious Library UPX Malicious Packer Anti_VM PE File PE64 ftp OS Processor Check DLL PNG Format ZIP Format icon Malware Check memory Creates executable files Ransomware |
|
|
|
|
2.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6399 |
2024-01-08 07:50
|
Had.exe 981fb98bb6fa845c67ed22349e91867d Generic Malware Malicious Library Malicious Packer UPX PE32 PE File .NET EXE OS Processor Check PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
1.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6400 |
2024-01-08 07:46
|
birge_two.exe 76c16fdbc68b7df3bc50ecc5a9492e77 Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library UPX ScreenShot AntiDebug AntiVM PE32 PE File .NET EXE DLL OS Processor Check Buffer PE PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Windows Cryptographic key |
|
|
|
|
7.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6401 |
2024-01-08 07:46
|
legend.exe a73edc5e9a789f2819677cf53dee7bba RedlineStealer RedLine stealer .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)
|
|
5.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6402 |
2024-01-08 07:44
|
bhgt79yuh.exe ca52c4d857e5c31ac83e0c81bc2b74b4 Emotet Suspicious_Script_Bin Downloader Malicious Library UPX Malicious Packer Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogge suspicious privilege Code Injection Check memory Checks debugger Creates executable files Windows utilities malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows |
|
|
|
|
4.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6403 |
2024-01-08 07:44
|
movie.exe bc7963a7d0a8b745e704d22bbc2c3e03 Malicious Library PE32 PE File unpack itself |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6404 |
2024-01-06 17:20
|
setup.exe b13686dff2f18689d5e340d107c7e45a Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL DllRegisterServer dll ftp wget VirusTotal Malware Check memory Creates executable files unpack itself Remote Code Execution |
|
|
|
|
4.0 |
|
54 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6405 |
2024-01-06 10:58
|
nocry.exe d51470d48757a38f3023a9d40a081056 EnigmaProtector Generic Malware UPX Antivirus PE32 PE File .NET EXE DLL OS Processor Check Lnk Format GIF Format Malware download VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security powershell.exe wrote Check virtual network interfaces suspicious process AppData folder IP Check Windows RisePro ComputerName Remote Code Execution DNS Cryptographic key crashed |
|
2
ipinfo.io(34.117.186.192) 193.233.132.62
|
3
ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (External IP)
|
|
12.2 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|