| 6421 |
2024-08-19 15:02
|
watersmoothbutterburnsweetandh... 38f791dbf6e64dd4ec64edcf5c1965df
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
1
http://192.3.101.150/24/swwiamagoodchocolatebuoyssee.tIF
|
3
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
192.3.101.150 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6422 |
2024-08-19 15:01
|
 fixHosts.exe 754c738f12caa66eae85d417a235908e
CoinMiner AutoIt Generic Malware UPX PE File PE32 Malware download VirusTotal Malware Check memory Checks debugger Windows Downloader |
2
http://wieie.cn:8765//hosts/plugs/ow.exe
http://wieie.cn:8765//hosts/plugs/
|
2
wieie.cn(58.23.215.23) - malware
58.23.215.23 - malware
|
4
ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET INFO AutoIt User Agent Executable Request
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
2.6 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6423 |
2024-08-19 15:00
|
 CFGG.exe d042c41a79787fb48e3bdf6ededd7a9a
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory |
|
|
|
|
1.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6424 |
2024-08-19 14:59
|
 66bf1a73a318a_otraba.exe#kisot... 36ea75b21cfb54d45e752c4f634ef88f
Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Malware c&c PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser ComputerName DNS Software plugin |
10
http://193.176.190.41/9e7fbd3f0393ef32/nss3.dll
http://193.176.190.41/9e7fbd3f0393ef32/freebl3.dll
http://193.176.190.41/9e7fbd3f0393ef32/msvcp140.dll
http://193.176.190.41/9e7fbd3f0393ef32/softokn3.dll
http://193.176.190.41/9e7fbd3f0393ef32/sqlite3.dll
http://193.176.190.41/
http://193.176.190.41/2fa883eebd632382.php
http://x1.i.lencr.org/
http://193.176.190.41/9e7fbd3f0393ef32/vcruntime140.dll
http://193.176.190.41/9e7fbd3f0393ef32/mozglue.dll
|
5
aldiablo.cl(186.64.114.115) - malware
x1.i.lencr.org(23.207.177.83)
193.176.190.41
23.41.113.9
186.64.114.115 - malware
|
16
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET MALWARE Win32/Stealc Submitting System Information to C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
|
16.0 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6425 |
2024-08-19 14:59
|
 random.exe 3e361ace127f05f087344f33d05b37da
PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6426 |
2024-08-19 14:57
|
 wxupup.exe 5fb6829b52847d878a98f9069e5c5fa4
CoinMiner AutoIt Generic Malware UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
3.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6427 |
2024-08-19 14:57
|
 rama.exe 304eb6432c7696e15f48eda1ffd469aa
Stealc RedLine stealer Gen1 Generic Malware Downloader Malicious Library UPX Admin Tool (Sysinternals etc ...) Antivirus Malicious Packer Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff A Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Tofsee Ransomware Stealc Stealer Windows Exploit Browser Email ComputerName DNS Software crashed plugin |
10
http://185.215.113.100/0d60be0de163924d/sqlite3.dll
http://185.215.113.100/0d60be0de163924d/nss3.dll
http://185.215.113.100/0d60be0de163924d/freebl3.dll
http://185.215.113.100/0d60be0de163924d/vcruntime140.dll
http://31.41.244.10/Dem7kTu/index.php
http://185.215.113.100/0d60be0de163924d/msvcp140.dll
http://185.215.113.100/ - rule_id: 41969
http://185.215.113.100/0d60be0de163924d/mozglue.dll
http://185.215.113.100/0d60be0de163924d/softokn3.dll
http://185.215.113.100/e2b1563c6670f193.php - rule_id: 41968
|
5
crash-reports.mozilla.com(34.49.45.138)
34.49.45.138
31.41.244.10 - malware
185.215.113.100 - mailcious
31.41.244.11 - mailcious
|
21
ET DROP Spamhaus DROP Listed Traffic Inbound group 2
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET MALWARE Win32/Stealc Submitting System Information to C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
2
http://185.215.113.100/
http://185.215.113.100/e2b1563c6670f193.php
|
23.8 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6428 |
2024-08-19 14:56
|
 POS_C081.exe 1ccf158942cdc89a6b0a2889b8448497
Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware Check memory unpack itself |
|
|
|
|
2.0 |
M |
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6429 |
2024-08-19 14:54
|
 TestikBro.exe 7c0a5c2cde620549b93d8372960b63c1
Generic Malware Malicious Library Downloader UPX PE File PE64 OS Processor Check VirusTotal Malware Checks debugger Creates executable files Tofsee |
1
https://bitbucket.org/fcsdcvscvc/mainprojectf/downloads/rock.exe
|
2
bitbucket.org(104.192.140.24) - malware
104.192.140.24
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6430 |
2024-08-19 14:54
|
MPDW-constraints.vbs a688b4bdbe8491ab01ed19eaec5ed363
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6431 |
2024-08-19 14:50
|
 crypted.exe 89f8854b55c785c3ff89726b7e763a33
PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.6 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6432 |
2024-08-19 14:49
|
 alsuuu.exe 0db78abd5b7a1504ae68963800823ea5
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PE64 VirusTotal Malware AutoRuns PDB Creates executable files unpack itself AppData folder Tofsee Windows RCE crashed |
1
https://bitbucket.org/fcsdcvscvc/sadcasdv/raw/640914c3276630f3faf77d5ac3551bf072ba43a2/flLCSC
|
2
bitbucket.org(104.192.140.26) - malware
104.192.140.24
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.2 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6433 |
2024-08-19 14:48
|
 MJDSWXBP.exe 499cea41f461a8b85fa9d93bb6adf88c
Generic Malware Malicious Library UPX Malicious Packer Obsidium protector Admin Tool (Sysinternals etc ...) PE File PE32 DLL OS Processor Check MZP Format VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk VM Disk Size Check ComputerName |
|
|
|
|
5.6 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6434 |
2024-08-19 14:46
|
 fskn.exe 47f6d152f5e20e8599def568c3b4dd2a
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Tofsee crashed |
1
https://bitbucket.org/fcsdcvscvc/sadcasdv/raw/5e26094c113368ffe700e7831cddf9cbb14147f0/HARDCOREE
|
2
bitbucket.org(104.192.140.24) - malware
104.192.140.26 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.6 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6435 |
2024-08-19 14:46
|
 POS_C014.exe 81ebdfd489183d94dc5b77c6e29a9876
Malicious Library UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed |
|
|
|
|
1.8 |
M |
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|