| 7681 |
2024-07-17 09:11
|
 file1111.exe 7fc7b187ff95d6c0c6b080f887f20b30
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
2.6 |
|
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7682 |
2024-07-17 09:09
|
 newstart.exe a20fc3377c07aa683a47397f9f5ff355
RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
https://bitbucket.org/tons1/evotopro/downloads/Zaddikim.exe
|
3
bitbucket.org(104.192.141.1) - malware
185.166.140.8
185.215.113.67 - mailcious
|
7
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.0 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7683 |
2024-07-17 09:09
|
 remcmdstub.exe 35da3b727567fab0c7c8426f1261c7f5
Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware WriteConsoleW |
|
|
|
|
0.6 |
|
3 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7684 |
2024-07-17 09:07
|
 PCICL32.DLL ad51946b1659ed61b76ff4e599e36683
Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Antivirus UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
1.6 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7685 |
2024-07-17 09:07
|
 client32.exe 9497aece91e1ccc495ca26ae284600b9
UPX PE File PE32 VirusTotal Malware |
|
|
|
|
0.4 |
|
6 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7686 |
2024-07-17 09:06
|
 chart.exe 73aa6448467db3d1ac25f7e9d8cf1cd4
Stealc Gen1 Generic Malware Malicious Library UPX Malicious Packer AntiDebug AntiVM PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Code Injection Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin |
8
http://85.28.47.30/69934896f997d5bb/sqlite3.dll
http://85.28.47.30/69934896f997d5bb/softokn3.dll
http://85.28.47.30/69934896f997d5bb/vcruntime140.dll
http://85.28.47.30/920475a59bac849d.php - rule_id: 40980
http://85.28.47.30/69934896f997d5bb/msvcp140.dll
http://85.28.47.30/69934896f997d5bb/nss3.dll
http://85.28.47.30/69934896f997d5bb/freebl3.dll
http://85.28.47.30/69934896f997d5bb/mozglue.dll
|
2
77.91.77.81 - mailcious
85.28.47.30 - mailcious
|
16
ET DROP Spamhaus DROP Listed Traffic Inbound group 9
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in
ET MALWARE Win32/Stealc Requesting browsers Config from C2
ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1
ET MALWARE Win32/Stealc Requesting plugins Config from C2
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1
ET MALWARE Win32/Stealc Submitting System Information to C2
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
1
http://85.28.47.30/920475a59bac849d.php
|
12.0 |
M |
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7687 |
2024-07-17 09:04
|
 tv2.exe 108f1fb53a61d46e8df4331ed0724c9d
Metasploit Generic Malware PE File PE64 VirusTotal Malware DNS crashed |
|
1
191.232.181.180 - malware
|
|
|
3.6 |
M |
62 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7688 |
2024-07-17 09:03
|
 x.exe eacd19fe747d17c6740b0a8a50de29ac
Generic Malware Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key keylogger |
|
|
|
|
7.4 |
M |
58 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7689 |
2024-07-17 09:02
|
 gdfvr.hta d38821792f768551b015a982c0ddd1d5
Generic Malware Downloader Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key |
1
http://107.173.143.46/M1507T/csrss.exe
|
1
|
4
ET INFO Executable Download from dotted-quad Host
ET HUNTING Suspicious csrss.exe in URI
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
11.6 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7690 |
2024-07-16 14:11
|
 mi.dll e6743e380f2418b616dca113dbbc93cb
Generic Malware PE File DLL PE32 VirusTotal Malware Checks debugger unpack itself crashed |
|
|
|
|
2.0 |
|
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7691 |
2024-07-16 14:00
|
 cred64.dll b9bccd35addce48384491a98e1b89eb5
Generic Malware Malicious Library UPX Antivirus PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software |
1
http://185.196.8.126/h9fmdW7/index.php
|
1
|
|
|
9.8 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7692 |
2024-07-16 14:00
|
 clip64.dll 8cfd7419f24c7904d2a71b5ae6ea5daa
Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS |
1
http://185.196.8.126/h9fmdW7/index.php
|
1
|
|
|
3.6 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7693 |
2024-07-16 11:09
|
 201.exe e0c387e6842dc4797be9380a8bde32f3
Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed |
|
|
|
|
2.0 |
|
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7694 |
2024-07-16 11:03
|
 tpeinf.exe cfb7fbf1d4b077a0e74ed6e9aab650a8
Generic Malware Downloader Admin Tool (Sysinternals etc ...) UPX Malicious Library Malicious Packer PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Checks debugger Creates executable files ICMP traffic Disables Windows Security AppData folder Windows Update DNS |
4
http://twizt.net/newtpp.exe
http://185.215.113.66/2 - rule_id: 26695
http://twizt.net/peinstall.php
http://185.215.113.66/1 - rule_id: 26694
|
16
twizt.net(185.215.113.66) - malware
www.update.microsoft.com(20.72.235.82)
41.101.188.28
151.232.191.74
5.232.85.255
2.182.90.75
2.181.30.194
77.95.2.142
188.213.178.116
20.109.209.108
190.202.1.132
89.218.44.218
151.232.168.137
178.130.83.254
95.59.118.94
185.215.113.66 - malware
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC
ET POLICY PE EXE or DLL Windows file download HTTP
|
2
http://185.215.113.66/2
http://185.215.113.66/1
|
12.8 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7695 |
2024-07-16 11:01
|
 pei.exe 8d8e6c7952a9dc7c0c73911c4dbc5518
Generic Malware Downloader Admin Tool (Sysinternals etc ...) UPX Malicious Library Malicious Packer PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Checks debugger Creates executable files ICMP traffic Disables Windows Security AppData folder Windows Update DNS |
5
http://twizt.net/newtpp.exe
http://185.215.113.66/3 - rule_id: 26696
http://185.215.113.66/2 - rule_id: 26695
http://twizt.net/peinstall.php
http://185.215.113.66/1 - rule_id: 26694
|
16
twizt.net(185.215.113.66) - malware
www.update.microsoft.com(20.72.235.82)
188.240.99.47
46.167.131.62
2.183.107.200
78.39.225.27
31.25.131.226
20.72.235.82
178.90.117.247
151.233.182.0
188.212.185.135
5.104.215.231
151.243.192.202
5.200.174.76
43.246.243.120
185.215.113.66 - malware
|
3
ET DROP Spamhaus DROP Listed Traffic Inbound group 33
ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC
ET POLICY PE EXE or DLL Windows file download HTTP
|
3
http://185.215.113.66/3
http://185.215.113.66/2
http://185.215.113.66/1
|
12.4 |
M |
57 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|