http://pinkipinevazzey.pw/api

pinkipinevazzey.pw(172.67.182.33)
91.92.242.194
172.67.182.33

ET INFO HTTP Request to a *.pw domain
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration
ET DNS Query to a *.pw domain - Likely Hostile
ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In

UKnDvWMKHLvcOHop.UKnDvWMKHLvcOHop()
JDyyDoFHAd.JDyyDoFHAd()
91.92.252.85

85.209.176.216 - mailcious

http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
http://5.42.64.45/eaf08ca3e93323672f845af593b238c0
http://5.42.64.45/ - rule_id: 38686
http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll

OehFAoaJixIuGMFQDbBpv.OehFAoaJixIuGMFQDbBpv()
5.42.64.45 - malware

ET MALWARE Win32/RecordBreaker CnC Checkin M1
ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET HUNTING Possible Generic Stealer Sending System Information

http://5.42.64.45/

http://185.172.128.5/v8sjh3hs8/index.php

185.172.128.5 - malware

23.95.235.86 - mailcious

89.23.99.86

http://192.3.179.162/352/wlanext.exe

192.3.179.162 - malware
172.67.195.141 - malware

ET INFO Executable Download from dotted-quad Host