7921 |
2023-10-08 10:45
|
trafico.exe e9c5b36d7d606477f23c1d7219469d71 Malicious Library PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
176.123.9.142 - mailcious
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response)
|
|
6.4 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7922 |
2023-10-08 10:43
|
htmlc.exe 90f56eefb533c21d5a62577184244aa9 Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
5
http://www.kimgj.com/sy22/?GFNl=3SPsA2Ss8I6lJqBAUfWjnvopZUchcaiATf/poqfUwjZ4JN2yY1pEd2m56Et1bCNhcUG3dZ4S&Rlj=YVFTx4dp http://www.qixservice.online/sy22/?GFNl=VBKd4i1TBAeTlYBnm9tWLCP4ww2vn+XVFOQPMnsW4AFxqlBX+KApyR5y0aXQ0sSyxSIvT0ne&Rlj=YVFTx4dp - rule_id: 35938 http://www.podplugca.com/sy22/?GFNl=1SbEEVOB0X5p51zw8Y9tIyj0s4wRGWDD/YTF5BQf3aGuyUlv8rzVEk4tRHrNdM/Dikld30uR&Rlj=YVFTx4dp - rule_id: 36546 http://www.kwamitikki.com/sy22/?GFNl=ayc0h3zWsM+s/UZ3LUjJJuwK+un3y5jAnwaTGnQTjoBH3sQruTiuCMTcn690zSCGQsaDZ/V1&Rlj=YVFTx4dp - rule_id: 36545 http://www.displayfridges.fun/sy22/?GFNl=aXg/rmbVwlFwwtnhCbViqZ1yX+MILNYt2xJKgyzLKbDp+5cOMXOnKyz8SWn7ESolc4/lQPeb&Rlj=YVFTx4dp
|
10
www.kimgj.com(99.83.196.71) www.displayfridges.fun(64.225.91.73) www.qixservice.online(81.88.57.70) - mailcious www.podplugca.com(198.49.23.144) - mailcious www.kwamitikki.com(195.216.243.33) - mailcious 75.2.85.42 - mailcious 64.225.91.73 - mailcious 195.216.243.33 - malware 198.185.159.145 - mailcious 81.88.57.70 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
3
http://www.qixservice.online/sy22/ http://www.podplugca.com/sy22/ http://www.kwamitikki.com/sy22/
|
4.2 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7923 |
2023-10-08 10:43
|
987123.exe a12f1418bce76730a72bb3fed956ecca Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
1.2 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7924 |
2023-10-07 16:23
|
build12345.exe 0bebf37eba1580ce4dc19a70f135572d RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
1
|
|
|
4.2 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7925 |
2023-10-07 16:21
|
cats.exe 6733a0b9f804367c450d7d650612f288 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET PE File PE32 .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
4
api.ip.sb(172.67.75.172) 104.26.12.31 185.196.9.65 195.85.201.36
|
3
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.0 |
|
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7926 |
2023-10-07 16:21
|
deluxe_crypted1234.exe b8303120c1bf50b01dbc9f8d6fea45d8 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
2.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7927 |
2023-10-07 16:19
|
Compiled.exe 19b2d98085a534439812011db7186839 Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 MZP Format OS Processor Check VirusTotal Malware AutoRuns unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS |
1
|
4
lan.persianremote.world(195.85.201.36) api.myip.com(172.67.75.163) 104.26.8.59 195.85.201.36
|
3
ET POLICY IP Check (myip .com) ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) ET INFO Observed DNS Query to .world TLD
|
|
5.4 |
|
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7928 |
2023-10-07 16:19
|
Stealer.exe 242c47b16c8755e72d7d1fdbc9ff0f17 .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7929 |
2023-10-07 16:17
|
build1111.exe 2823a053cb3512532ca475cc6eaec825 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET PE File PE32 .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
3
api.ip.sb(172.67.75.172) 185.196.9.65 172.67.75.172 - mailcious
|
3
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.4 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7930 |
2023-10-07 16:16
|
build2.0.exe da078231b647caf50cb1ca51ae69a3ef RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows Cryptographic key |
|
2
ec2-54-91-200-119.compute-1.amazonaws.com(54.91.200.119) 54.91.200.119
|
|
|
3.6 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7931 |
2023-10-07 16:14
|
setup294.exe a2058836ff17b81908237731b8258974 Malicious Library UPX PE File PE32 DLL OS Processor Check Check memory Checks debugger Creates executable files unpack itself AppData folder |
|
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7932 |
2023-10-07 16:14
|
sks3.exe 30e1bf37e853843f0437250b763fab89 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution |
|
|
|
|
1.8 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7933 |
2023-10-07 15:56
|
HtmlCent.vbs cafb6eb3bcfa78631ba6c20d8fa5b8e6 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://103.182.16.23/250/3/UXO.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 23.32.56.80
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7934 |
2023-10-07 15:56
|
HTMLcc.vbs 89cb6db34bd7438b02194d8363bfd41b Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://103.182.16.23/250/2/UFG.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 182.162.106.33 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7935 |
2023-10-07 15:33
|
a3d5715a81f2fbeb_memz.exe 19dbec50735b5f2a72d4199c4e184960 Malicious Library PE File PE32 VirusTotal Malware Check memory crashed |
|
|
|
|
1.6 |
M |
65 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|