8566 |
2023-09-18 07:46
|
M.ps1 75ce07f2d1aa6a5802c6795babcf714c Generic Malware Antivirus PE File .NET DLL DLL PE32 Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed |
3
http://44.203.122.41/mini.ps1 http://44.203.122.41/Magic_Stage.ps1 https://paste.ee/r/AqqN6/0
|
3
paste.ee(104.21.84.67) - mailcious 172.67.187.200 - mailcious 44.203.122.41 - mailcious
|
3
ET INFO PS1 Powershell File Request ET POLICY Pastebin-style Service (paste .ee) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
10.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8567 |
2023-09-18 07:45
|
build1234dolla.exe 3d3801f8399c6bfdb21aa43fa13858b2 RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
1
|
|
|
3.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8568 |
2023-09-18 07:43
|
Archevod_XWorm.exe 87243804ebf481b95392b3ec64774297 PE File PE32 .NET EXE suspicious privilege Checks debugger WMI unpack itself Detects VMWare AntiVM_Disk sandbox evasion VMware VM Disk Size Check Windows ComputerName Cryptographic key crashed |
|
|
|
|
6.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8569 |
2023-09-18 07:39
|
AnyDesk.exe eafba56f876c04229c33c88a0bd964fa Generic Malware UPX Malicious Library Malicious Packer Antivirus PE File PE64 OS Processor Check PDB Check memory unpack itself Remote Code Execution |
|
|
|
|
2.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8570 |
2023-09-18 07:39
|
1.exe ee629be336cb1394d8902ad966703722 UPX Malicious Library PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response)
|
|
5.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8571 |
2023-09-17 16:25
|
ss41.exe 6f75fdd73946160a17cac7e098a00032 Generic Malware UPX Malicious Packer PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution |
1
https://z.nnnaajjjgc.com/sts/imagd.jpg
|
2
z.nnnaajjjgc.com(156.236.72.121) - malware 156.236.72.121 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.6 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8572 |
2023-09-17 16:24
|
173.exe a7be047e27cfe019ade71a4b347efb00 Gen1 UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS crashed plugin |
8
http://85.209.11.51/5db65a39eefecd5d/softokn3.dll http://85.209.11.51/5db65a39eefecd5d/mozglue.dll http://85.209.11.51/5db65a39eefecd5d/freebl3.dll http://85.209.11.51/5db65a39eefecd5d/nss3.dll http://85.209.11.51/fefb4a458e1dc58b.php http://85.209.11.51/5db65a39eefecd5d/sqlite3.dll http://85.209.11.51/5db65a39eefecd5d/msvcp140.dll http://85.209.11.51/5db65a39eefecd5d/vcruntime140.dll
|
1
|
15
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with plugins Config ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
|
8.4 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8573 |
2023-09-17 16:23
|
igccu.exe c6b88ed4d6660ddc052fd29605e2c041 UPX PE File PE32 .NET EXE OS Processor Check Check memory Checks debugger unpack itself Check virtual network interfaces |
|
|
|
|
1.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8574 |
2023-09-17 09:47
|
Setup.exe 379a74d6449d77be437b78c8ec875022 Generic Malware UPX Http API ScreenShot Internet API AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed |
|
|
|
|
8.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8575 |
2023-09-17 09:44
|
Loader.exe 4ff01cbc0d241becc42c762c7aba5f43 UPX Downloader PE File PE64 OS Processor Check VirusTotal Malware PDB |
|
|
|
|
1.2 |
M |
33 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8576 |
2023-09-17 09:43
|
HNL.vbs f060032506e839fea3e5d51db24f53bc Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://94.156.161.167/tl/hs87353.txt
|
3
uploaddeimagens.com.br(172.67.215.45) - malware 182.162.106.32
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8577 |
2023-09-17 09:42
|
fridayyyyFile.vbs 20ed8a8e329f220221aba615fa5de616 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/597/236/original/rump_privada.jpg?1693847070
http://193.42.33.63/apama2aktivossssbas364444.txt
|
4
uploaddeimagens.com.br(104.21.45.138) - malware 156.236.72.121 - mailcious
182.162.106.33 - malware
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.0 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8578 |
2023-09-17 09:41
|
afk.vbs 3de68367509febdc3036d1fccfeb0719 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
http://79.110.48.52/afrique.txt
|
3
uploaddeimagens.com.br(104.21.45.138) - malware 182.162.106.32
172.67.215.45 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
|
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8579 |
2023-09-17 09:41
|
172.exe 3082e7832f7a31397990d4d3ae4c75c9 UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key |
|
2
www.logpasta.com(188.166.57.133) 188.166.57.133
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
2.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8580 |
2023-09-17 09:40
|
mar2.exe 3bffffda1e470fede020d005d03929da Malicious Library UPX Malicious Packer PE File PE32 PE64 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Tofsee |
1
https://z.nnnaajjjgc.com/sts/imagd.jpg
|
2
z.nnnaajjjgc.com(156.236.72.121) - malware 156.236.72.121 - mailcious
|
2
ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
3.4 |
M |
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|