| 10951 |
2023-08-07 09:05
|
 bullionzx.exe f94a7fb16fa08b8d1134b990a8676f51
RedLine stealer .NET framework(MSIL) PWS AntiDebug AntiVM BitCoin .NET EXE PE File PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key |
|
|
|
|
8.0 |
M |
48 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10952 |
2023-08-07 09:03
|
fridayyyOnline.vbs 7edb95cf9f76fb8ccbb3d2afd0a7c4bd
Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
2
http://apps.identrust.com/roots/dstrootcax3.p7c
https://uploaddeimagens.com.br/images/004/563/620/original/rump_img_png.jpeg?1690931808
|
3
uploaddeimagens.com.br(172.67.215.45) - malware
121.254.136.27
104.21.45.138 - malware
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.4 |
M |
7 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10953 |
2023-08-07 09:01
|
 ChromeSetup.exe 4a22e79ac77bae6154fc85555cc26460
Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
|
1
|
|
|
13.0 |
M |
49 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10954 |
2023-08-07 08:59
|
 re.exe 42ac2bba9af99081defe93ce797a3412
Generic Malware PE64 PE File Malware Malicious Traffic unpack itself Sliver DNS |
2
https://157.245.47.66/test.txt
https://157.245.47.66/funny_cat.gif
|
1
|
1
ET ATTACK_RESPONSE Havoc/Sliver Framework TLS Certificate Observed
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10955 |
2023-08-07 08:57
|
 owenzx.exe d1c67a8d11b99696527984f91ce9571f
Formbook AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
3
http://www.zqgf529.com/ge83/?uTuD=xP2bwfOv2vpCt0xlFavLXdTEag9kTo/lay+lErW/aYJe6onvGjWkrhTcHwah5PuetW529ZI1&Kj6ly=ATPddxOp02iTrlL0
http://www.tommybcarpentry.com/ge83/?uTuD=4l1dgt6EqJfDtjFFl8HEiOm9OdrxJ3x3R23fkyRuAcDEYyPOkg50wBw+bbg4lJJkpPSBxSQs&Kj6ly=ATPddxOp02iTrlL0
http://www.fxphones.com/ge83/?uTuD=dutfo2jPxvj1WOO8lT3X46PXeruLDGk4GIPLTA+1FdBceEacxR+vVx+tnRg7elNjWLO8USK4&Kj6ly=ATPddxOp02iTrlL0
|
6
www.fxphones.com(13.248.169.48)
www.zqgf529.com(172.67.176.126)
www.tommybcarpentry.com(34.102.136.180)
104.21.31.119 - mailcious
34.102.136.180 - mailcious
76.223.54.146
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
7.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10956 |
2023-08-07 08:57
|
qasx.vbs 99152c5481595c0c23bb3b97211c7870
Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
|
1
|
|
|
5.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10957 |
2023-08-07 08:54
|
 demon.exe 6fc6eb3ed2366b85dca354e44e956a11
Generic Malware PE64 PE File Malware Malicious Traffic unpack itself Sliver DNS |
2
https://157.245.47.66/test.txt
https://157.245.47.66/funny_cat.gif
|
1
|
1
ET ATTACK_RESPONSE Havoc/Sliver Framework TLS Certificate Observed
|
|
2.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10958 |
2023-08-07 08:54
|
 940000000q0q0q0q0q0q00q0000000... ea79aedcc19392bd744e17914373363e
MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed |
1
http://23.94.148.61/940/ChromeSetup.exe
|
3
api.ipify.org(64.185.227.156)
173.231.16.76
23.94.148.61 - malware
|
7
ET INFO Executable Download from dotted-quad Host
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
3.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10959 |
2023-08-07 08:52
|
HSS.vbs b63beb44f618c764181abf3ebe260a72
Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
|
1
95.143.190.57 - mailcious
|
|
|
5.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10960 |
2023-08-07 08:52
|
 crypted.exe 1ccbff84cc57f3c7afaa21e68306d4c2
.NET framework(MSIL) .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself ComputerName |
|
|
|
|
1.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10961 |
2023-08-07 08:50
|
 Documents-EnemyFrauz.exe a490f1848b792df4dc37c9e1b200578d
UPX Malicious Library Socket Http API ScreenShot Code injection Internet API AntiDebug AntiVM OS Processor Check PE64 PE File Browser Info Stealer Malware download Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Code Injection Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic Windows utilities Detects VirtualBox suspicious process IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Windows Browser Email ComputerName Trojan Banking DNS |
|
3
api.ipify.org(64.185.227.156)
173.231.16.76
89.208.103.63
|
4
ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
SURICATA Applayer Protocol detection skipped
|
|
17.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10962 |
2023-08-07 08:50
|
 ChromeSetup.exe 4268288fb3dbf0b63cf0836a4201135d
Malicious Library PE File PE32 PDB Remote Code Execution |
|
|
|
|
1.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10963 |
2023-08-07 08:45
|
 key.exe 8d3c4b58a9943431b824df429088f51e
Suspicious_Script_Bin UPX OS Processor Check .NET EXE PE File PE32 suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName |
|
|
|
|
2.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10964 |
2023-08-07 08:45
|
 RunPEx64.exe d9242e75177504019e7c8a78b0f705f2
UPX Malicious Library OS Processor Check PE File PE32 PDB Tofsee Discord DNS |
1
https://cdn.discordapp.com/attachments/1129151671843426358/1133375078348882013/Roblox.exe
|
2
cdn.discordapp.com(162.159.135.233) - malware
162.159.134.233 - malware
|
3
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
0.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10965 |
2023-08-07 08:43
|
 ChromeSetup.exe 934834b62d84d90afd7bb755aa12ad81
LokiBot Socket PWS DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software |
1
http://194.55.224.9/fresh1/five/fre.php
|
1
|
7
ET MALWARE LokiBot User-Agent (Charon/Inferno)
ET MALWARE LokiBot Checkin
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
ET MALWARE LokiBot Request for C2 Commands Detected M1
ET MALWARE LokiBot Request for C2 Commands Detected M2
ET MALWARE LokiBot Fake 404 Response
|
|
13.8 |
M |
47 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|