7096 |
2023-11-15 10:15
|
6f68354e.exe e085abe5e940631d40f20acd0f98fcb7 Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows crashed |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7097 |
2023-11-15 10:15
|
c.txt.ps1 9680b91497d9c6baa543f55d9a2be4d1 Generic Malware Antivirus VirusTotal Malware unpack itself WriteConsoleW Windows Cryptographic key |
1
http://borgomaira.it/wp-admin/images/hb.jpg
|
|
|
|
1.2 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7098 |
2023-11-15 10:09
|
InstallSetup4.exe 5655432921d1f7ba0005a97a19904ca5 Generic Malware Malicious Library Malicious Packer UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key |
|
|
|
|
2.2 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7099 |
2023-11-15 08:03
|
done.exe 812b3b8f8ca28e56da24f2a04f9a65e0 RedLine stealer Malicious Library UPX ScreenShot PWS AntiDebug AntiVM PE32 PE File OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response
|
|
10.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7100 |
2023-11-15 08:03
|
Morning.exe 23c56a60085d98d2f35e6bfd87969568 Gen1 Malicious Library UPX Malicious Packer Http API ScreenShot PWS HTTP Internet API AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Malware RecordBreaker MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Collect installed applications AppData folder sandbox evasion installed browsers check Stealer Windows Browser DNS |
8
http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://195.20.16.35/e426550c5c1e00f998086a60f1574778 http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
|
1
|
11
ET MALWARE Win32/RecordBreaker CnC Checkin M1 ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING Possible Generic Stealer Sending System Information
|
|
11.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7101 |
2023-11-15 07:58
|
xin.exe 24420ef6433c1b0a907056208c3c12a6 Malicious Library Malicious Packer PE32 PE File Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
2
195.20.16.35 - mailcious 194.49.94.80 - mailcious
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response)
|
|
5.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7102 |
2023-11-15 07:57
|
TrueCrypt_KSfcnd.exe ca18c2fc430d73758ee4b12f5108e413 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 crashed |
|
|
|
|
0.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7103 |
2023-11-15 07:56
|
netTimer.exe 457ba217e61453ff1dc2225ce50d9246 Malicious Packer UPX PE File PE64 suspicious privilege MachineGuid Check memory Checks debugger unpack itself anti-virtualization ComputerName Remote Code Execution |
|
|
|
|
3.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7104 |
2023-11-15 07:54
|
Soft.exe 7918013ae55de62f5e108342a464864c Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows crashed |
|
|
|
|
1.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7105 |
2023-11-15 07:53
|
wsclient.1.25.win.03.exe b27323c59498426807574a20824ac525 Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check PDB crashed |
|
|
|
|
0.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7106 |
2023-11-15 07:52
|
TrueCrypt_yhvFvl.exe 3490825682c943930ac5b7bc1802db73 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check crashed |
|
|
|
|
0.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7107 |
2023-11-15 07:51
|
audiodgse.exe a491f4dbb2e8aedd957e0f69b0562726 LokiBot .NET framework(MSIL) Socket PWS DNS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk suspicious TLD VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://sempersim.su/b12/fre.php
|
2
sempersim.su(104.237.252.65) - mailcious 104.237.252.65 - mailcious
|
9
ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response
|
|
12.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7108 |
2023-11-15 07:50
|
217.exe a5e011229a460fe28b1d5de73ca405d6 Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Browser Info Stealer Malware download Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory buffers extracted Collect installed applications suspicious TLD sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Firmware DNS |
1
|
2
moskhoods.pw(104.21.83.129) 172.67.176.151
|
4
ET DNS Query to a *.pw domain - Likely Hostile ET INFO HTTP Request to a *.pw domain ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In
|
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7109 |
2023-11-15 07:49
|
london.exe 27137cb3cc5b6b3ef3a28ed8daf55ba7 Malicious Library Malicious Packer PE32 PE File Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
194.169.175.235 - mailcious
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)
|
|
5.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7110 |
2023-11-15 07:48
|
Binary.exe fd7ba34260b053e342c996b2190ad23b Gen1 Malicious Library UPX Http API ScreenShot PWS HTTP Internet API AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Malware RecordBreaker MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Collect installed applications AppData folder sandbox evasion installed browsers check Stealer Windows Browser DNS crashed |
8
http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll http://195.20.16.35/066ef227bf519d5f8095e2246cd15509 http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://195.20.16.35/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
|
1
|
11
ET MALWARE Win32/RecordBreaker CnC Checkin M1 ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING Possible Generic Stealer Sending System Information
|
|
11.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|