| 7996 |
2023-10-05 18:37
|
 LPG.txt.exe 19ec1b3fe77ac2bb9b4019ecf20cfc5b
UPX Malicious Packer .NET framework(MSIL) PE File PE32 .NET EXE Malware download NetWireRC VirusTotal Malware IP Check RAT |
1
|
4
usacupid.org(2.59.254.111) - mailcious
ip-api.com(208.95.112.1)
2.59.254.111 - mailcious
208.95.112.1
|
2
ET MALWARE Common RAT Connectivity Check Observed
ET POLICY External IP Lookup ip-api.com
|
|
2.0 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7997 |
2023-10-05 17:20
|
 Oni_Fortnite_Cheat.exe b6bc88989728f250b472d036a6b87a2a
Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check DLL ZIP Format ftp DllRegisterServer dll VirusTotal Malware Check memory Creates executable files Windows utilities Ransomware Windows crashed |
|
|
|
|
3.0 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7998 |
2023-10-05 17:16
|
 file.exe db271fe34507c6229439100abf5458f1
RedLine stealer Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
|
|
12.0 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7999 |
2023-10-05 17:14
|
 assistant.exe b7ae64240c4a5098002454038cdfbb73
UPX Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library Socket ScreenShot Steal credential DNS AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs AntiVM_Disk sandbox evasion anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Cryptographic key |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
5
ipinfo.io(34.117.59.81)
db-ip.com(104.26.5.15)
171.22.28.242
104.26.5.15
34.117.59.81
|
6
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)
|
|
14.8 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8000 |
2023-10-05 17:14
|
 server1.exe 2902f7ba556f9db5f304640552c51284
task schedule UPX Confuser .NET AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself |
|
|
|
|
7.0 |
M |
59 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8001 |
2023-10-05 17:04
|
 audiogse.exe fc22fadc862dd0a5b07210a9255025b0
NSIS Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed |
|
|
|
|
4.0 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8002 |
2023-10-05 17:02
|
 445.jpg 30000f8e4ee5bce90382de83814fb8c9
Generic Malware Antivirus Malicious Library UPX Malicious Packer Downloader PE File PE32 DLL PE64 OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process AppData folder Windows ComputerName Cryptographic key |
|
2
ssh.362-com.com(203.124.11.111)
203.124.11.111
|
|
|
8.4 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8003 |
2023-10-05 17:02
|
 222.exe 2efdda89d5ae8c0512fb0dfab4cff22a
RedLine stealer Malicious Library UPX ScreenShot PWS AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
|
|
10.8 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8004 |
2023-10-05 09:23
|
Wshp.vbs 8be364f89bc3f098890bf2c1a576d7a6
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
http://172.86.76.208/zh2/LPG.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware
182.162.106.32
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.6 |
|
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8005 |
2023-10-05 09:17
|
 xqnoOIWFbr2N.exe 19ec1b3fe77ac2bb9b4019ecf20cfc5b
UPX .NET framework(MSIL) Malicious Packer PE File PE32 .NET EXE Malware download NetWireRC VirusTotal Malware IP Check RAT |
1
|
4
usacupid.org(2.59.254.111)
ip-api.com(208.95.112.1)
2.59.254.111 - mailcious
208.95.112.1
|
2
ET MALWARE Common RAT Connectivity Check Observed
ET POLICY External IP Lookup ip-api.com
|
|
2.0 |
|
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8006 |
2023-10-05 08:00
|
 1.exe c5999a94094f1b68b36ecdb65e809730
RedLine stealer Malicious Library UPX ScreenShot PWS AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
|
|
10.8 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8007 |
2023-10-05 07:57
|
 ufGFFXjWy6vU4y9.exe dbf80d2ee0c7e4a7903479e3dadeac3d
PE File PE32 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself ComputerName DNS crashed |
|
1
|
|
|
3.2 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8008 |
2023-10-05 07:56
|
 server1.exe 4d8037262c4cfb2fee106c9ae7d36428
LokiBot task schedule UPX ScreenShot PWS DNS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Malware download NetWireRC VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself WriteConsoleW IP Check RAT ComputerName DNS DDNS |
1
|
6
fronpeatcam.publicvm.com(45.12.253.94)
qpurrybeatmecamtest.ddns.net(45.12.253.94)
ip-api.com(208.95.112.1)
182.162.106.32
45.12.253.94
208.95.112.1
|
4
ET MALWARE Common RAT Connectivity Check Observed
ET POLICY External IP Lookup ip-api.com
ET POLICY Observed DNS Query to DynDNS Domain (publicvm .com)
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
10.8 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8009 |
2023-10-05 07:54
|
 FPyuSqdES06O8vS.exe c3fdabfa7e016aa9b2cacbb5fc9860a8
Generic Malware UPX Malicious Packer Malicious Library .NET framework(MSIL) PE File PE32 .NET EXE JPEG Format OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces IP Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger |
2
http://checkip.dyndns.org/
https://rakishev.net/wp-cron.php
|
4
rakishev.net(104.21.88.34)
checkip.dyndns.org(193.122.130.0)
132.226.8.169
104.21.88.34
|
3
ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)
ET POLICY External IP Lookup - checkip.dyndns.org
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
12.6 |
M |
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 8010 |
2023-10-05 07:53
|
 HTML.exe 0c86e968796f80b0e5c091b3270ce88b
Admin Tool (Sysinternals etc ...) .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
2
api.ipify.org(64.185.227.156)
173.231.16.77
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
14.4 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|