| 9766 |
2023-10-08 18:31
|
 MILAHAJOBFFO2308200014BLONEYSH... 1def66d61d9e9ef7d54fd2ff792d7f76
.NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
2
api.ipify.org(64.185.227.156)
104.237.62.212
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
13.4 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9767 |
2023-10-08 12:04
|
 cafiii.jpg eb52f4c919c1466d334996cbc02f64ab
ZIP Format VirusTotal Malware DNS |
|
1
156.236.72.121 - mailcious
|
|
|
2.4 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9768 |
2023-10-08 12:04
|
 ReklamX.ps1 199882d42a35596fdc6ae9c8098d8368
Generic Malware Antivirus VirusTotal Malware Check memory unpack itself Windows Cryptographic key |
|
|
|
|
1.4 |
|
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9769 |
2023-10-08 12:04
|
 ReklamX.ps1 17ca355294ec4a7f4d58438aa2d5689a
Generic Malware Antivirus VirusTotal Malware Check memory unpack itself Windows Cryptographic key |
|
|
|
|
1.6 |
|
21 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9770 |
2023-10-08 12:02
|
 ss47.exe 6e45986a505bed78232a8867b5860ea6
Generic Malware UPX Malicious Packer PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution |
1
https://z.nnnaajjjgc.com/sts/imagd.jpg
|
2
z.nnnaajjjgc.com(156.236.72.121) - malware
156.236.72.121 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
2.0 |
|
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9771 |
2023-10-08 10:49
|
 zoeg4a5.exe 637dbce64106ecb582f119403822e138
Malicious Library UPX Malicious Packer PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution |
1
https://z.nnnaajjjgc.com/sts/imagd.jpg
|
2
z.nnnaajjjgc.com(156.236.72.121) - malware
156.236.72.121 - mailcious
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
2.0 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9772 |
2023-10-08 10:47
|
 x_loader.exe 28008ae8515c137603e3cb0a14c38795
UPX PE File PE64 OS Processor Check VirusTotal Malware |
|
|
|
|
1.0 |
M |
25 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9773 |
2023-10-08 10:47
|
 two0710.exe f646c097913ec9dc3897ec3b5e452919
Malicious Library PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
176.123.9.142 - mailcious
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound)
ET MALWARE Redline Stealer Activity (Response)
|
|
7.8 |
M |
43 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9774 |
2023-10-08 10:45
|
 Lopbf.exe 5399d7a2060eca17c4c1648fd6b09505
UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Buffer PE Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key |
2
http://23.95.106.3/102/process.exe
http://23.95.106.3/200/Adoaqyamhks.wav
|
1
|
1
ET INFO Executable Download from dotted-quad Host
|
|
6.4 |
|
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9775 |
2023-10-08 10:45
|
 trafico.exe e9c5b36d7d606477f23c1d7219469d71
Malicious Library PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
176.123.9.142 - mailcious
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound)
ET MALWARE Redline Stealer Activity (Response)
|
|
6.4 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9776 |
2023-10-08 10:43
|
 htmlc.exe 90f56eefb533c21d5a62577184244aa9
Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself |
5
http://www.kimgj.com/sy22/?GFNl=3SPsA2Ss8I6lJqBAUfWjnvopZUchcaiATf/poqfUwjZ4JN2yY1pEd2m56Et1bCNhcUG3dZ4S&Rlj=YVFTx4dp
http://www.qixservice.online/sy22/?GFNl=VBKd4i1TBAeTlYBnm9tWLCP4ww2vn+XVFOQPMnsW4AFxqlBX+KApyR5y0aXQ0sSyxSIvT0ne&Rlj=YVFTx4dp - rule_id: 35938
http://www.podplugca.com/sy22/?GFNl=1SbEEVOB0X5p51zw8Y9tIyj0s4wRGWDD/YTF5BQf3aGuyUlv8rzVEk4tRHrNdM/Dikld30uR&Rlj=YVFTx4dp - rule_id: 36546
http://www.kwamitikki.com/sy22/?GFNl=ayc0h3zWsM+s/UZ3LUjJJuwK+un3y5jAnwaTGnQTjoBH3sQruTiuCMTcn690zSCGQsaDZ/V1&Rlj=YVFTx4dp - rule_id: 36545
http://www.displayfridges.fun/sy22/?GFNl=aXg/rmbVwlFwwtnhCbViqZ1yX+MILNYt2xJKgyzLKbDp+5cOMXOnKyz8SWn7ESolc4/lQPeb&Rlj=YVFTx4dp
|
10
www.kimgj.com(99.83.196.71)
www.displayfridges.fun(64.225.91.73)
www.qixservice.online(81.88.57.70) - mailcious
www.podplugca.com(198.49.23.144) - mailcious
www.kwamitikki.com(195.216.243.33) - mailcious
75.2.85.42 - mailcious
64.225.91.73 - mailcious
195.216.243.33 - malware
198.185.159.145 - mailcious
81.88.57.70 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
3
http://www.qixservice.online/sy22/
http://www.podplugca.com/sy22/
http://www.kwamitikki.com/sy22/
|
4.2 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9777 |
2023-10-08 10:43
|
 987123.exe a12f1418bce76730a72bb3fed956ecca
Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself |
|
|
|
|
1.2 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9778 |
2023-10-07 16:23
|
 build12345.exe 0bebf37eba1580ce4dc19a70f135572d
RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key |
|
1
|
|
|
4.2 |
M |
63 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9779 |
2023-10-07 16:21
|
 cats.exe 6733a0b9f804367c450d7d650612f288
RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET PE File PE32 .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
1
|
4
api.ip.sb(172.67.75.172)
104.26.12.31
185.196.9.65
195.85.201.36
|
3
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.0 |
|
55 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9780 |
2023-10-07 16:21
|
 deluxe_crypted1234.exe b8303120c1bf50b01dbc9f8d6fea45d8
Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed |
|
|
|
|
2.4 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|