886 |
2024-08-19 15:08
|
uuvipfix.exe 46be1d2a2de1c43b0169874d14503098 CoinMiner AutoIt Generic Malware UPX PE File PE32 VirusTotal Malware Check memory Checks debugger |
|
|
|
|
2.6 |
M |
60 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
887 |
2024-08-19 15:06
|
98.exe 0c29f5f793bd9427f43f3e2a3ef38dcc UPX PE File PE32 VirusTotal Malware |
|
|
|
|
1.2 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
888 |
2024-08-19 15:06
|
POS_C079.exe e0172234f8bfbf6caab3256f36999589 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed |
|
|
|
|
1.8 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
889 |
2024-08-19 15:05
|
66bf353c38733_Grids.exe efd6377cf1f3e1efd885db9343a9a686 Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed |
|
|
|
|
1.4 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
890 |
2024-08-19 15:03
|
76.exe 82f852580cbfab46cd01190bb37587f5 Generic Malware ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS |
1
http://147.45.44.131/files/98.exe
|
1
|
7
ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/Nemucod.M.gen downloading EXE payload ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
10.0 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
891 |
2024-08-19 15:02
|
watersmoothbutterburnsweetandh... 38f791dbf6e64dd4ec64edcf5c1965df MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed |
1
http://192.3.101.150/24/swwiamagoodchocolatebuoyssee.tIF
|
3
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware
192.3.101.150 - mailcious
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
892 |
2024-08-19 15:01
|
fixHosts.exe 754c738f12caa66eae85d417a235908e CoinMiner AutoIt Generic Malware UPX PE File PE32 Malware download VirusTotal Malware Check memory Checks debugger Windows Downloader |
2
http://wieie.cn:8765//hosts/plugs/ow.exe http://wieie.cn:8765//hosts/plugs/
|
2
wieie.cn(58.23.215.23) - malware 58.23.215.23 - malware
|
4
ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO AutoIt User Agent Executable Request ET POLICY PE EXE or DLL Windows file download HTTP
|
|
2.6 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
893 |
2024-08-19 15:00
|
CFGG.exe d042c41a79787fb48e3bdf6ededd7a9a Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory |
|
|
|
|
1.4 |
M |
34 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
894 |
2024-08-19 14:59
|
66bf1a73a318a_otraba.exe#kisot... 36ea75b21cfb54d45e752c4f634ef88f Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Malware c&c PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser ComputerName DNS Software plugin |
10
http://193.176.190.41/9e7fbd3f0393ef32/nss3.dll http://193.176.190.41/9e7fbd3f0393ef32/freebl3.dll http://193.176.190.41/9e7fbd3f0393ef32/msvcp140.dll http://193.176.190.41/9e7fbd3f0393ef32/softokn3.dll http://193.176.190.41/9e7fbd3f0393ef32/sqlite3.dll http://193.176.190.41/ http://193.176.190.41/2fa883eebd632382.php http://x1.i.lencr.org/ http://193.176.190.41/9e7fbd3f0393ef32/vcruntime140.dll http://193.176.190.41/9e7fbd3f0393ef32/mozglue.dll
|
5
aldiablo.cl(186.64.114.115) - malware x1.i.lencr.org(23.207.177.83) 193.176.190.41 23.41.113.9 186.64.114.115 - malware
|
16
ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
|
16.0 |
M |
52 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
895 |
2024-08-19 14:59
|
random.exe 3e361ace127f05f087344f33d05b37da PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
2.4 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
896 |
2024-08-19 14:57
|
wxupup.exe 5fb6829b52847d878a98f9069e5c5fa4 CoinMiner AutoIt Generic Malware UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
3.0 |
M |
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
897 |
2024-08-19 14:57
|
rama.exe 304eb6432c7696e15f48eda1ffd469aa Stealc RedLine stealer Gen1 Generic Malware Downloader Malicious Library UPX Admin Tool (Sysinternals etc ...) Antivirus Malicious Packer Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff A Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Tofsee Ransomware Stealc Stealer Windows Exploit Browser Email ComputerName DNS Software crashed plugin |
10
http://185.215.113.100/0d60be0de163924d/sqlite3.dll http://185.215.113.100/0d60be0de163924d/nss3.dll http://185.215.113.100/0d60be0de163924d/freebl3.dll http://185.215.113.100/0d60be0de163924d/vcruntime140.dll http://31.41.244.10/Dem7kTu/index.php http://185.215.113.100/0d60be0de163924d/msvcp140.dll http://185.215.113.100/ - rule_id: 41969 http://185.215.113.100/0d60be0de163924d/mozglue.dll http://185.215.113.100/0d60be0de163924d/softokn3.dll http://185.215.113.100/e2b1563c6670f193.php - rule_id: 41968
|
5
crash-reports.mozilla.com(34.49.45.138) 34.49.45.138 31.41.244.10 - malware 185.215.113.100 - mailcious 31.41.244.11 - mailcious
|
21
ET DROP Spamhaus DROP Listed Traffic Inbound group 2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
|
2
http://185.215.113.100/ http://185.215.113.100/e2b1563c6670f193.php
|
23.8 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
898 |
2024-08-19 14:56
|
POS_C081.exe 1ccf158942cdc89a6b0a2889b8448497 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware Check memory unpack itself |
|
|
|
|
2.0 |
M |
10 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
899 |
2024-08-19 14:54
|
TestikBro.exe 7c0a5c2cde620549b93d8372960b63c1 Generic Malware Malicious Library Downloader UPX PE File PE64 OS Processor Check VirusTotal Malware Checks debugger Creates executable files Tofsee |
1
https://bitbucket.org/fcsdcvscvc/mainprojectf/downloads/rock.exe
|
2
bitbucket.org(104.192.140.24) - malware 104.192.140.24
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
1.4 |
M |
18 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
900 |
2024-08-19 14:54
|
MPDW-constraints.vbs a688b4bdbe8491ab01ed19eaec5ed363 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
1
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
|
2
ia803104.us.archive.org(207.241.232.154) - malware 207.241.232.154 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
M |
4 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|