7201 |
2023-11-07 19:12
|
StealerClient_Sharp.exe 344e9762e1477db04edfecaa07cef091 Malicious Library UPX Malicious Packer .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check Check memory Checks debugger unpack itself ComputerName Remote Code Execution |
|
|
|
|
1.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7202 |
2023-11-07 19:09
|
toolspub4.exe ba07981c0db641512c0004aac1654895 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Malware Code Injection Checks debugger buffers extracted unpack itself |
|
|
|
|
5.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7203 |
2023-11-07 19:08
|
a.exe 248fdd80b574b1379fe4f6f1cee40091 email stealer Downloader .NET framework(MSIL) Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Code injection persistence KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself suspicious process malicious URLs WriteConsoleW Windows DNS |
|
1
|
|
|
10.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7204 |
2023-11-07 19:07
|
StealerClient_Cpp.exe 0e149c713146c9c1ea53d7b7fa3b39e1 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check |
|
|
|
|
|
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7205 |
2023-11-07 19:05
|
Juderk.exe 3f47913af364115da3a560edb88035ae Themida Packer Malicious Library Anti_VM PE File PE32 .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check Stealer Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)
|
|
8.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7206 |
2023-11-07 19:05
|
xoIBL6LAISDs.exe eb29546aff8b06616b7b226986fd7827 Browser Login Data Stealer Generic Malware Malicious Library UPX Malicious Packer Downloader PE File PE32 OS Processor Check Windows DNS keylogger |
|
1
|
|
|
2.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7207 |
2023-11-07 15:02
|
CVE 2001-0241.pcap aa96f5eaeb8f04a7e6fc1f1cb455d195 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName |
|
|
|
|
3.4 |
|
|
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7208 |
2023-11-07 11:30
|
tuc19.exe a8c3b73f59bdf41eb250cba92fa934f1 Gen1 Emotet Generic Malware Malicious Library UPX Confuser .NET Malicious Packer PE File PE32 MZP Format DLL OS Processor Check CHM Format PE64 DllRegisterServer dll suspicious privilege Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName crashed |
|
|
|
|
4.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7209 |
2023-11-07 11:30
|
tuc19.exe 63b908a7f395bb899f1d4afbbc472d1e Gen1 Emotet Generic Malware Malicious Library UPX Confuser .NET Malicious Packer PE File PE32 MZP Format DLL OS Processor Check CHM Format PE64 DllRegisterServer dll suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName crashed |
|
|
|
|
4.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7210 |
2023-11-07 11:24
|
setup294.exe a05ee0fea78a297e1a4182ce9d5cd8a4 Malicious Library AntiDebug AntiVM PE File PE32 DLL Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder |
|
|
|
|
4.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7211 |
2023-11-07 11:03
|
syncUpd.exe a1fd31c9149678ba7c05e3adad8ac568 Malicious Library UPX PE File PE32 OS Processor Check unpack itself |
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7212 |
2023-11-07 10:59
|
File.rar f990fd3d664b4a2cd89a21cb6e2a9911 PrivateLoader Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Malware c&c Microsoft Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealc Stealer Windows Discord Browser RisePro DNS Downloader plugin |
62
http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911 http://157.90.152.131/9ea41fac0af12ade12ae478b6c25112b http://jaimemcgee.top/2a7743b8bbd7e4a7/softokn3.dll http://jaimemcgee.top/2a7743b8bbd7e4a7/msvcp140.dll http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://45.129.14.83/ch.exe - rule_id: 37431 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7mQSCiCXPXX6dRJCYyN_6SMF.exe&platform=0009&osver=5&isServer=0 http://jaimemcgee.top/40d570f44e84a454.php http://94.142.138.131/api/firegate.php - rule_id: 32650 http://91.92.243.151/api/tracemap.php - rule_id: 37889 http://157.90.152.131/ http://94.142.138.131/api/firecom.php - rule_id: 36179 http://jaimemcgee.top/2a7743b8bbd7e4a7/vcruntime140.dll http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://185.172.128.69/latestumma.exe http://stim.graspalace.com/order/tuc19.exe http://176.113.115.84:8080/4.php - rule_id: 34795 http://jaimemcgee.top/2a7743b8bbd7e4a7/freebl3.dll http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab http://jaimemcgee.top/2a7743b8bbd7e4a7/mozglue.dll http://apps.identrust.com/roots/dstrootcax3.p7c http://www.maxmind.com/geoip/v2.1/city/me http://jaimemcgee.top/2a7743b8bbd7e4a7/nss3.dll http://157.90.152.131/getfiles.zip http://jaimemcgee.top/2a7743b8bbd7e4a7/sqlite3.dll https://sun6-21.userapi.com/c236331/u26060933/docs/d11/19c8da91767e/Risepro.bmp?extra=EwSSGzoAfy65GGSvZoW0Ph4KCtfnD5CJ-1u-khJCbN0uxDNn5vNuDAZaJ062NR0l9b6fIdcxu5_fWGeZra_Co2jUpbbfKnN7da75BE-JQqXJESVDc3dX5d4gxqJEeVS6pTXFFfmTxgRtA_-G https://db-ip.com/demo/home.php?s=175.208.134.152 https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://sun6-22.userapi.com/c909418/u26060933/docs/d3/31f5159f58be/11M.bmp?extra=q7yy_WjSO4crX0JQqA0zrRgVKPA_BwhFITi3TkpiBNuBN76H24ifVVzGLVsXACZVJPMeewShQ3SYQq6fit-5m7yQlm5ukIqknODXs8Vp9JEzWjDpr3rUNgeRdS81CpnvMoQd5ItqRXAv6AhZ https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb https://vk.com/doc26060933_667308364?hash=p1GNfmBszTx4xyiyMmHgD2G6gamnOS6Qs3qnmrPFKHD&dl=o2oV7mrCcgrmkinSseauvXVuXZ6QwvOSPW95WlRGhv4&api=1&no_preview=1#test22 https://api.ip.sb/ip https://fdjbgkhjrpfvsdf.online/setup294.exe - rule_id: 37897 https://fdjbgkhjrpfvsdf.online/setup294.exe https://iplogger.com/2lhi52 https://sun6-20.userapi.com/c237031/u26060933/docs/d15/cc14cf618ad2/32ssh7832haf.bmp?extra=fwty-u7t3kuVDKn2Ab1i7boHK4AyOko_2OhckURSgZjMwMr1LMRzcDeu6ldvQCwfDuTH4EEUK6o17LKRsfTQtZt7FslDGR2y6GbdZCCcOp_WNzQ6CUda5D8--pR4RgBxlwovfJ0hDyZTvl6g https://sun6-22.userapi.com/c909218/u26060933/docs/d39/2b5c05ade136/PL_Client.bmp?extra=da599MOTGK0smGFDrYCbIOwnAESK93Bdw8XDZy_0vK13817g4Qsr6AWGWEf5TNMs8D67QVgYFb6fgHXsdA6lLB0kHdsNHYl2LuiA4Cchiwv-echVwulM9pvREF7eyP8R_tYUW-AEg4HMRDmJ https://sun6-20.userapi.com/c909518/u26060933/docs/d43/8987a58e0def/test031123.bmp?extra=LNcfpMmfQ4e1XyE-H-_EewnV5I3alPEAz1GiWT87qEkNNONXDFPJA59B4EdjSf6xHMjU6n27oNDeC6LkauW6gTJWelqIO0xD_w5qx4fnSi4e_urLm5ugwEHcpUfEvxKkJYlSyUrW7_Rggxqw https://db-ip.com/ https://iplis.ru/1Gemv7. https://vk.com/doc26060933_667421028?hash=j3Z25EXZmCIGuFo5YGWwnsvj9inMRrAWT9JdWCHuPks&dl=6wFoCNqOG7czMxkdXxPFPbkcj5eJ4YPZMxmedR2cQPc&api=1&no_preview=1#maff https://vk.com/doc26060933_667265534?hash=QrZOxyJfddotURGFHUaHcRtzBrPYFYi92QMrQaABFRL&dl=YGWXjzH1s6k62LlpR6zC3pzzD02Frvfpv4JhBLkPKVH&api=1&no_preview=1 https://msdl.microsoft.com/download/symbols/index2.txt https://iplis.ru/1Gemv7.mp3 https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=pKXD9T2Ja0HGIo5e8%2Fcvv0Yc9fVtfZRjyHGIX36WiAw%3D&spr=https&se=2023-11-08T02%3A35%3A45Z&rscl=x-e2eid-f67a0683-dccd4cc8-9426d7ad-4812ef6a-session-8414ebf2-89984859-8b4ebbb8-4b169b42 https://sun6-21.userapi.com/c235031/u26060933/docs/d60/17553397c370/BotClients.bmp?extra=-v4zcNPz1jW9QCJnnz9JVzDnTCKGRuMlTveecae_unmKfC9kkvBIvc2-te4xySL_yWe5nnd_YxV37ErLEFEIq7sRTyCvImhVEvmEOPxoun1R7sPoot0d8T6T-hCuuHgaJPUBO994jw7jL9uK https://vk.com/doc26060933_667404716?hash=N6wI3Dlu78zPmfalwE3rKRJ5FgIIyxAz1ZSoOw7ouQH&dl=0VFQn4zxEraMQuKRozZh3ZwLpQ7M6m03jjzYZOUAFTs&api=1&no_preview=1#1 https://dzen.ru/?yredirect=true https://sun6-20.userapi.com/c909328/u26060933/docs/d21/2cc2e6a109e1/crypted.bmp?extra=9329IUX2R9ECqwn1fgB2PsRHAwQiQF5IfXGz4Zcmshfj4-Cj0fSAuhRKbvx9FrgziFPry0eDKAetw1594ZxN3J8BTfYgczRhpTltfTyzn7_w9u923JOSl6UEO6RWfLQLPDaqGx3wAzBNy5bf https://api.2ip.ua/geo.json https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=CW2TdsX3u%2FEQJoPaUT23mMNV3SioEW9ghTlKz0cDkKQ%3D&spr=https&se=2023-11-08T02%3A12%3A02Z&rscl=x-e2eid-ca1ed09a-9ce84dbe-b0dda930-7b12b38c-session-42f81510-df9e406c-a337da90-7f880c70 https://vk.com/doc26060933_667379359?hash=RBD5wFZgphBd3Ltpr4zpvlKC5PFFn4lKiLxULYoChgD&dl=BKPDJrFBQ4b0FMpKZWHc5lZ9DL91O9orwTtaREbcz98&api=1&no_preview=1#rise10 https://sun6-21.userapi.com/c235031/u26060933/docs/d9/bc2848036729/RisePro.bmp?extra=SP1QdjCI8oU_xuYoIIuZttGFNgWH7AbE6JwtZ38DSR0pO-h7FoRCvnKkufqlmQ46-FAtSfPZhinV1S-bj-wfjvlOR9IAT1ozrONeI06QH8DZwg9_d29MnpwcitMyaiN5iQdqTV0kMpewNZlg https://vk.com/doc26060933_667364987?hash=BHX3WK0Px3UZYC6KUcanvJ8pCPk0aSa1CJ1a0crl1aL&dl=Y5COLZGRCC7rDCjMPJPVPA4Y0k1NZaZCa4v1PlcGmn8&api=1&no_preview=1 https://steamcommunity.com/profiles/76561199566884947 https://vk.com/doc26060933_667359908?hash=yQKoVWnfjFhzr903ZjYqRdETfhHRvOA3tdbWxY3zKzD&dl=zw8EgRqlD4zpJ6OqofPR0yVWnKxxgpXEHD0enFFWN4c&api=1&no_preview=1#risepro https://sun6-21.userapi.com/c235031/u26060933/docs/d17/db2aaaddfe32/WWW11_32.bmp?extra=LvgMZ5BcJibniVvg_xQUErj_9kLnqOtcusmOUyUjOIXbjkKeGQ7pW-CoV7IrznBP2wJiu4NzODsIVN7qO0IUK8lgpYQX9G5kXyxutFPWFhIaYYMu_JdxGjVFCbYekkWVqM3_yu14LtRG8yAR https://iplis.ru/1Gem https://sso.passport.yandex.ru/push?uuid=98d9fd1b-f887-410d-b8db-d30bf2bd21b5&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://iplis.ru/1
|
93
stim.graspalace.com(104.21.20.155) www.maxmind.com(104.18.145.235) db-ip.com(104.26.5.15) vanaheim.cn(158.160.73.47) - mailcious www.download.windowsupdate.com(23.199.34.11) ipinfo.io(34.117.59.81) yandex.ru(5.255.255.77) jaimemcgee.top(193.106.175.190) dzen.ru(62.217.160.2) medfioytrkdkcodlskeej.net(91.215.85.209) - malware learn.microsoft.com(23.36.221.172) api.2ip.ua(104.21.65.24) steamcommunity.com(104.76.78.101) - mailcious iplogger.org(148.251.234.83) - mailcious twitter.com(104.244.42.1) msdl.microsoft.com(204.79.197.219) cdn.discordapp.com(162.159.135.233) - malware sun6-20.userapi.com(95.142.206.0) - mailcious api.db-ip.com(104.26.4.15) ironhost.io(172.67.193.129) telegram.org(149.154.167.99) stun3.l.google.com(142.251.2.127) walkinglate.com(172.67.212.188) - malware api.ip.sb(104.26.13.31) iplogger.com(172.67.194.188) - mailcious gons09fc.top(212.113.122.87) - malware zexeq.com(201.110.235.204) - malware server3.localstats.org(185.82.216.111) t.me(149.154.167.99) - mailcious vsblobprodscussu5shard10.blob.core.windows.net(20.150.79.68) fdjbgkhjrpfvsdf.online(104.21.87.5) iplis.ru(172.67.147.32) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious sun6-22.userapi.com(95.142.206.2) - mailcious bd178ff8-29e6-47f2-a804-23d45a4bfa60.uuid.localstats.org(185.82.216.111) vsblobprodscussu5shard58.blob.core.windows.net(20.150.79.68) vk.com(87.240.129.133) - mailcious sso.passport.yandex.ru(213.180.204.24) api.myip.com(172.67.75.163) 194.169.175.128 - mailcious 162.159.133.233 - malware 104.18.145.235 93.186.225.194 - mailcious 62.217.160.2 104.244.42.1 - suspicious 104.26.5.15 5.255.255.70 157.90.152.131 - mailcious 149.154.167.99 - mailcious 104.21.65.24 91.215.85.209 - mailcious 45.129.14.83 - malware 104.21.12.138 185.82.216.111 204.79.197.219 23.40.45.69 185.173.38.57 194.49.94.41 - mailcious 172.67.193.43 212.113.122.87 - malware 85.209.11.85 - mailcious 194.49.94.48 - malware 34.117.59.81 158.160.73.47 176.113.115.84 - mailcious 148.251.234.83 172.67.147.32 194.33.191.60 194.169.175.118 - mailcious 23.33.32.64 91.92.243.151 - mailcious 185.172.128.69 - malware 104.21.57.237 - mailcious 172.253.117.127 14.33.209.147 20.150.38.228 121.254.136.9 194.49.94.97 - malware 23.67.53.17 104.26.9.59 104.26.4.15 104.21.87.5 95.142.206.2 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 45.15.156.229 - mailcious 104.21.23.184 - malware 213.180.204.24 104.26.13.31 193.106.175.190 - malware 80.66.75.77 - mailcious 104.76.78.101 - mailcious 94.142.138.131 - mailcious
|
57
ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Mismatch protocol both directions ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET DROP Spamhaus DROP Listed Traffic Inbound group 19 ET DNS Query to a *.top domain - Likely Hostile ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Possible EXE Download From Suspicious TLD ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET HUNTING Suspicious services.exe in URI ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO TLS Handshake Failure ET INFO EXE - Served Attached HTTP ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO Observed Telegram Domain (t .me in TLS SNI) ET MALWARE Redline Stealer Activity (Response) ET INFO Dotted Quad Host ZIP Request ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with plugins Config ET MALWARE Win32/Stealc Submitting System Information to C2 ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
|
10
http://zexeq.com/test2/get.php http://45.15.156.229/api/tracemap.php http://45.129.14.83/ch.exe http://45.15.156.229/api/firegate.php http://94.142.138.131/api/firegate.php http://91.92.243.151/api/tracemap.php http://94.142.138.131/api/firecom.php http://94.142.138.131/api/tracemap.php http://176.113.115.84:8080/4.php https://fdjbgkhjrpfvsdf.online/setup294.exe
|
7.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7213 |
2023-11-07 10:13
|
bRoC.exe 07807c652283c997837c931b41c45f24 PE File PE32 .NET EXE VirusTotal Malware Tofsee |
1
http://apps.identrust.com/roots/dstrootcax3.p7c
|
3
pt.textbin.net(148.72.177.212) 148.72.177.212 - mailcious 121.254.136.18
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.6 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7214 |
2023-11-07 10:12
|
aww.exe 3d74ec695d023d5a66cb239354445734 Malicious Library Malicious Packer PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)
|
|
6.4 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7215 |
2023-11-07 10:12
|
Runtime.exe bcbbef1fa9490ce2337f1bd74480e428 PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
|
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|