7291 |
2023-11-03 18:18
|
jujoptics2.1.exe 0c57a7aae080fd2eac42a31fa5b7f051 NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself DNS |
2
http://www.xpermate.com/ju29/?8pwDZZSX=YSdUgFSDvDomRrfxRTc82IB8KvEz5Cudp7FBenL6bBiUULPv2hucH8VGw3UW6gX6WzIP7l0c&mvHpx=Y4C4ZlYp7ZstcN7 http://www.sextapevidhot.com/ju29/?8pwDZZSX=GMwV4/acGCaMlZi4K+MQ3vTvNv8+0oL4+WFE2ysoGOt3m0Xi0X0oVpaGXeUG3ymsAqEbf+Ht&mvHpx=Y4C4ZlYp7ZstcN7
|
8
www.sextapevidhot.com(103.224.212.211) www.ascorpii.com() www.xpermate.com(77.245.157.73) www.lineyours.com() 185.196.8.176 - malware 103.224.212.211 77.245.157.73 104.76.78.101 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
4.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7292 |
2023-11-03 18:16
|
IGCC.exe 3e00f6658bc36989fe775244acce3cd0 LokiBot PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed |
|
2
api.ipify.org(104.237.62.212) 104.237.62.212
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7293 |
2023-11-03 18:16
|
latestrock.exe 0bddfbdc76418c7fc877a5a11013dfee Generic Malware NSIS Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM AntiDebug AntiVM PE File PE32 .NET EXE PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check Tofsee Ransomware DNS |
|
2
iplogger.com(148.251.234.93) - mailcious 148.251.234.93 - mailcious
|
4
ET INFO TLS Handshake Failure ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)
|
|
11.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7294 |
2023-11-03 18:13
|
nelfbinzx.exe 64e25a4134d33448d33c5d0d250394d6 PE File PE32 .NET EXE PDB Check memory Checks debugger unpack itself |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7295 |
2023-11-03 18:12
|
sistem32.jpg 06cbe7e4119ca545f6420e7b4100e3d2 Admin Tool (Sysinternals etc ...) Malicious Library UPX AntiDebug AntiVM PE File PE32 .NET EXE DLL OS Processor Check PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Windows ComputerName DNS Cryptographic key DDNS crashed |
|
2
marcelotatuape.ddns.net(177.52.83.224) - mailcious 177.52.83.224
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
9.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7296 |
2023-11-03 18:11
|
cuzineeeeVBS_FILE.vbs 6e50413706aceea089f8a8c4f2d44ec6 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
4
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/bkhV4
https://uploaddeimagens.com.br/images/004/652/514/original/new_image.jpg?1698762134
http://94.156.64.195/cuzinebase64bxjhgvhsj.txt
|
5
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(104.21.45.138) - malware 61.111.58.34 - malware
172.67.187.200 - mailcious
172.67.215.45 - malware
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
|
|
8.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7297 |
2023-11-03 18:06
|
new_image.jpg.exe 6dab97885e747392758ea655733f6c35 Generic Malware Antivirus .NET DLL PE File DLL PE32 PDB |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7298 |
2023-11-03 17:44
|
0j.ps1 034c1dc569ea0a5b13330c759a10df8d Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key |
1
http://82.115.209.180/serjo.vb
|
|
|
|
0.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7299 |
2023-11-03 17:38
|
setup.rar d7b36686b22ecf8da8c34bf6d55ad331 Escalate priviledges PWS KeyLogger AntiDebug AntiVM Malware download Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself PrivateLoader Tofsee DNS |
2
http://apps.identrust.com/roots/dstrootcax3.p7c http://91.92.243.151/api/tracemap.php - rule_id: 37889
|
7
ironhost.io(172.67.193.129) 61.111.58.34 - malware 172.67.193.129 91.92.243.151 - mailcious 94.142.138.131 - mailcious 94.142.138.113 - mailcious 208.67.104.60 - mailcious
|
2
ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
1
http://91.92.243.151/api/tracemap.php
|
4.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7300 |
2023-11-03 15:54
|
1.exe 1819332f150048eed72a2d891390dad1 Emotet Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL PE64 DllRegisterServer dll MSOffice File CAB Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself Windows utilities Check virtual network interfaces sandbox evasion Tofsee Ransomware Windows Google ComputerName Remote Code Execution DNS |
4
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwcdm4bj7lx4xbm2ireywxlhvca_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3 http://edgedl.me.gvt1.com/edgedl/release2/chrome/czao2hrvpk5wgqrkz4kks5r734_109.0.5414.120/109.0.5414.120_chrome_installer.exe https://update.googleapis.com/service/update2?cup2key=12:fiH-rpFmRD_9K6RrmjLJh__4TUMN6H9j0EsLvPpPbKw&cup2hreq=d0876e1be58e78f6be4d5e4f2cb7dd29f25148548a5a47d58e905d10712788fc https://update.googleapis.com/service/update2
|
27
edgedl.me.gvt1.com(34.104.35.123) dns.google(8.8.4.4) www.google.com(142.250.76.132) www.gstatic.com(142.250.206.227) r1---sn-3u-bh2ss.gvt1.com(211.114.64.12) clients2.googleusercontent.com(142.250.206.225) accounts.google.com(142.250.206.205) _googlecast._tcp.local() apis.google.com(142.250.206.238) clientservices.googleapis.com(142.251.42.195) 142.250.207.65 216.58.203.78 211.114.64.12 172.217.175.227 142.250.204.131 142.250.206.225 - mailcious 142.250.204.110 142.250.199.68 142.250.66.99 34.104.35.123 216.58.200.227 142.250.76.138 - phishing 142.250.76.142 - mailcious 172.217.161.202 - malware 142.250.199.77 142.250.199.67 172.217.25.174 - mailcious
|
4
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO EXE - Served Attached HTTP ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI)
|
|
8.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7301 |
2023-11-03 12:33
|
JEQnFjDSDMbRhl.vbs 3acbcc1e0e59f0fa67e43c7e33a413c0wscript.exe payload download Tofsee crashed |
|
2
diamond9x.getmyip.com(103.73.65.129) 103.73.65.129
|
3
ET INFO DYNAMIC_DNS Query to a *.getmyip .com Domain ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7302 |
2023-11-03 12:33
|
gRjYtXOvXOp.vbs f11a5ac557578737ef391c0b6ad4b333wscript.exe payload download Tofsee crashed |
|
2
diamond9x.getmyip.com(103.73.65.129) 103.73.65.129
|
3
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO DYNAMIC_DNS Query to a *.getmyip .com Domain
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7303 |
2023-11-03 12:23
|
lom30.exe 701ea7974b3f98830d636e93f836cfce Amadey RedLine stealer Gen1 Emotet SmokeLoader Generic Malware Malicious Library UPX Antivirus Malicious Packer .NET framework(MSIL) Confuser .NET Admin Tool (Sysinternals etc ...) PWS ScreenShot Javascript_Blob AntiDebug AntiVM PE File PE32 Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Email Client Info Stealer Malware powershell Microsoft AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security Collect installed applications powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Stealc Stealer Windows Update Exploit Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader |
99
http://77.91.124.1/theme/Plugins/clip64.dll - rule_id: 37036 http://193.233.255.73/loghub/master - rule_id: 37500 http://77.91.68.249/fuza/2.ps1 - rule_id: 37524 http://77.91.68.249/fuza/foto1661.exe - rule_id: 37636 http://77.91.68.249/fuza/tus.exe - rule_id: 37637 http://77.91.124.1/theme/Plugins/cred64.dll - rule_id: 37037 http://77.91.124.1/theme/index.php - rule_id: 37040 https://static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/V9SMX8ENNXW.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/shared/css/login.css?v=0H1th98etnSV&l=english&_cdn=cloudflare https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxxWA0Ljh5xWLEvAJ6NevMd7QB5iL9TprwZYNP8u-n9zXo51MmtGRn25Gjf78sQZ4KzK1Dc https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&_cdn=cloudflare&load=effects,controls,slider,dragdrop https://accounts.google.com/generate_204?NO7qPw https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyyT4td1m_8jmCTuLflf4CGZrqIHYxNvv-75kjvDivr6JChBm-48E_vH0foop83wQC67d99m https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015 https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxVW6rLt9tLaC8ykc1nwAIgbdXX5n-L35f5sE1jqHcfiXjLMhDRqy2-fP8xGUFUaaXcJSrITA&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-570376988%3A1698980725508326 https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png https://www.facebook.com/login https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015 https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyyidh94t-7_letWPwvjNQfl6I8TMheIR3px7R79ys-v-C3n_ey4IpHEeEFVPcsdPA92mVFQPw https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=8BlFIKwdZV37&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=E78TCC6Eu4d1&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=english&_cdn=cloudflare https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/EhJ0QrY2FBP.js?_nc_x=Ij3Wp8lg5Kz https://accounts.google.com/generate_204?phWHLQ https://accounts.google.com/generate_204?FM9MMw https://www.epicgames.com/id/login https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&l=english&_cdn=cloudflare https://www.youtube.com/img/desktop/supported_browsers/opera.png https://community.cloudflare.steamstatic.com/public/shared/images/header/btn_header_installsteam_download.png?v=1 https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=3Pb1f2YLp788&l=english&_cdn=cloudflare https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyz4A49MvhLj_r5ov_AJY5BYrTyapUBFfv7BWCcUgyCaE1ee8Ou4w4nAiEXlupUrsDguPr4bQw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S856045394%3A1698980708442226 https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Fd2aj_zaBVQV&l=english&_cdn=cloudflare https://accounts.google.com/ https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/eoEHQM4veKY.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&_cdn=cloudflare https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxHmAuJ7cTrlJwP83uTJIwZEOmrXGcYW_i0uz5KMlDH1JsRYBc2MmUHjR6ye20L2fYuNPufuw&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S537282805%3A1698980634624638 https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxa6sAB10RaHTDUTJBO3-eoyqwGJOMg6fq-JIxFpsnqcBSN8g6aim1IDWZ3iP__yBBnia-T&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S1879541505%3A1698980644017236 https://static-assets-prod.unrealengine.com/account-portal/static/static/js/3.520a7eda.chunk.js https://fbcdn.net/security/hsts-pixel.gif?c=2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/gC0mb5XShS_.js?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=F9Ougyu-CyG3&l=english&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015 https://community.cloudflare.steamstatic.com/public/css/skin_1/home.css?v=-6qQi3rZclGf&l=english&_cdn=cloudflare https://static.xx.fbcdn.net/rsrc.php/v3/yD/l/0,cross/OeVbDlggYtT.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015 https://www.facebook.com/favicon.ico https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F https://accounts.google.com/_/bscframe https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyy7hCYNnf-0YByYNzHXr3uFjshUMd78hOZpACYJ4Y7BQwyeDu8hhNuK6JppcoPONOvNupzDtw https://accounts.google.com/generate_204?kjEEiA https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&_cdn=cloudflare https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png https://fonts.googleapis.com/css?family=Roboto:400,500 https://fbsbx.com/security/hsts-pixel.gif?c=5 https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/1jo5ZChBkzZ.js?_nc_x=Ij3Wp8lg5Kz https://static-assets-prod.unrealengine.com/account-portal/static/static/js/main.10a25667.chunk.js https://connect.facebook.net/security/hsts-pixel.gif https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=RL7hpFRFPE4A&l=english&_cdn=cloudflare https://fonts.googleapis.com/css?family=YouTube+Sans:500 https://www.youtube.com/img/desktop/supported_browsers/chrome.png https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015 https://www.youtube.com/img/desktop/supported_browsers/firefox.png https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=uR_4hRD_HUln&l=english&_cdn=cloudflare https://static.xx.fbcdn.net/rsrc.php/v3/yh/l/0,cross/RvHDSigkA0R.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=eYJYuhv32ILn&l=english&_cdn=cloudflare https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare https://facebook.com/security/hsts-pixel.gif?c=3.2.5 https://www.youtube.com/img/desktop/supported_browsers/edgium.png https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeywosNhdGsuZdVCndGpS2K_jZJeHBslOkGyM_5Abhb0zccwpk0a_EpRThKNdW8KNTJvRtoAJFA https://fonts.gstatic.com/s/youtubesans/v22/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/M8A8jLevlDW.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/zSmMZJhuRfw.css?_nc_x=Ij3Wp8lg5Kz https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyGAuzn9a3z76ZcjJ_86wbJSidIfjfS9TcjHJMFLojLQH0IkqpoTM2fbcuLmlU3nQm3iQjlHg&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1190693834%3A1698980664313585 https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeywa7Mm0Zk8Gm5Hb9kGiEkDrs_pgduAfwvBWsacz3D950CTr9Khe11ewNMaKJf4MaAiHmWs_ https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/7O04Eyj-1fg.css?_nc_x=Ij3Wp8lg5Kz https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxVtPgesztclkUEaiZDNru1Lk12ZQXjId8z3gxpZ4pOLgUmGhg-fxuwVplGdjkIvsmeJrFYuA&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-871854372%3A1698980704315173 https://community.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=Vbm1kuHoXmMB&l=english&_cdn=cloudflare https://accounts.google.com/generate_204?Mxmnvw https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc-.woff https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 https://steamcommunity.com/openid/loginform/ https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015 https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 https://static-assets-prod.unrealengine.com/account-portal/static/epic-favicon-96x96.png https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=tSnvragsq7Tn&l=english&_cdn=cloudflare https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare
|
43
ssl.gstatic.com(142.250.207.99) www.facebook.com(157.240.215.35) fbsbx.com(157.240.215.35) community.cloudflare.steamstatic.com(172.64.145.151) www.paypal.com(151.101.193.21) store.steampowered.com(23.40.44.77) www.youtube.com(172.217.31.142) - mailcious static.xx.fbcdn.net(157.240.215.14) steamcommunity.com(104.76.78.101) - mailcious static-assets-prod.unrealengine.com(18.64.8.66) fbcdn.net(157.240.215.35) connect.facebook.net(157.240.215.14) twitter.com(104.244.42.1) accounts.google.com(142.250.206.205) fonts.gstatic.com(142.250.207.99) facebook.com(157.240.215.35) www.google.com(142.250.76.132) fonts.googleapis.com(142.250.207.106) www.epicgames.com(52.204.190.22) 142.251.130.3 23.40.44.77 18.64.8.109 77.91.124.1 - malware 193.233.255.73 - mailcious 146.75.49.21 104.244.42.129 - suspicious 104.94.217.48 142.250.204.46 172.217.31.3 142.251.220.78 172.64.145.151 77.91.124.86 104.75.41.21 - mailcious 142.250.66.45 157.240.215.35 77.91.68.249 - malware 52.45.237.32 157.240.215.14 104.76.78.101 - mailcious 216.58.200.228 54.175.89.124 18.64.8.127 142.250.66.42
|
19
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO PS1 Powershell File Request ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
|
27.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7304 |
2023-11-03 12:10
|
IGCC.exe 2558474300fbc1c4e924d1cb077696ad Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
3
http://www.vandistreet.com/sy22/?GVW8=ebYri2VV/sCK3b5rVJ3RboTDPGX+2LyTyMxHYnpzeShqSQ1cgB3Zd9ZvGXgE+e2ljlV5J+6Q&uldX=kjFPdVD0hnWHFJ - rule_id: 37797 http://www.rollesgraciejiujitsu.com/sy22/?GVW8=wNOPQ9lPL0LlPifzaFD7oS/J4vOv5L9Eq5jAtNxi81+z9IaaPyU3XhbcbjJzUPxyEBlmVqqy&uldX=kjFPdVD0hnWHFJ http://www.docomo-mobileconsulting.com/sy22/?GVW8=lVM1xi/uUQcXVrGb3v1MnIj4JTU8QNZxAwtnBLuxN6GTboe8PABHdOr2nABXcw5/boXeCr4R&uldX=kjFPdVD0hnWHFJ - rule_id: 35906
|
8
www.displayfridges.fun() - mailcious www.rollesgraciejiujitsu.com(3.67.141.185) www.vandistreet.com(23.227.38.74) - mailcious www.docomo-mobileconsulting.com(64.190.63.111) - mailcious www.flowersinspace.tech() 23.227.38.74 - mailcious 3.127.73.216 - mailcious 64.190.63.111 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
2
http://www.vandistreet.com/sy22/ http://www.docomo-mobileconsulting.com/sy22/
|
3.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7305 |
2023-11-03 12:08
|
yandexzx.exe 92221d94e74c8903e418ad51caaa12ba PE File PE32 .NET EXE PDB Check memory Checks debugger unpack itself |
|
|
|
|
1.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|