| 12301 |
2023-06-13 22:43
|
 Remc.exe 7b0951243f7919dfbbe6489a0218845e
Generic Malware UPX Malicious Library Downloader Malicious Packer OS Processor Check PE File PE32 JPEG Format Remcos VirusTotal Malware Malicious Traffic Check memory human activity check Windows DNS keylogger |
1
http://geoplugin.net/json.gp
|
4
geoplugin.net(178.237.33.50)
nov231122.con-ip.com(181.142.211.88)
178.237.33.50
181.142.211.88
|
2
ET INFO DNS Redirection Service Domain in DNS Lookup (con-ip .com)
ET JA3 Hash - Remcos 3.x TLS Connection
|
|
3.8 |
|
51 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12302 |
2023-06-13 22:42
|
 c15.exe 30ca9a69f43b4aa80f1496ec0b2fbc00
UPX PE File PE32 VirusTotal Malware RWX flags setting unpack itself crashed |
|
|
|
|
2.0 |
|
39 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12303 |
2023-06-13 14:48
|
File_pass1234.7z 9a6a7d29d7a28cdd312defc7ce231351
PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM RedLine Malware download Amadey Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealer Windows Trojan DNS |
16
http://45.9.74.6/2.exe - rule_id: 34108
http://hugersi.com/dl/6523.exe - rule_id: 32660
http://208.67.104.60/api/tracemap.php - rule_id: 28876
http://45.15.156.229/api/tracemap.php - rule_id: 33783
http://85.208.136.10/api/firegate.php - rule_id: 32663
http://www.maxmind.com/geoip/v2.1/city/me
http://45.9.74.80/0bjdn2Z/index.php - rule_id: 26790
http://194.169.175.124:3002/ - rule_id: 34039
http://ji.jahhaega2qq.com/m/p0aw25.exe - rule_id: 33779
http://85.208.136.10/api/tracemap.php - rule_id: 32662
https://sun6-20.userapi.com/c240331/u228185173/docs/d10/e396ce3949fe/WWW1.bmp?extra=ik8wXDtldqyZFlooG94LUVumVfvyzwP-q78mgg6FVvrv7LaUQeV90dC4c9pztUcMCVSQof5BhlgQDTtcUK9uCCidNeE6WCgo4Hp_Js5I9oxxwqqDxoxiuCLuqI5ULpmCAD7RktdxhTxGiP1o7Q
https://sun6-22.userapi.com/c237131/u228185173/docs/d24/e6b3e0a9c701/galaxzy.bmp?extra=KDCwzqwncrcV1BH6dguLarmHV2mgg2Iak9GxprFqClIqqEMjtWRfOsY_WX6oM21XfZeAQ-fisZkiSzMGbaI2mefo0To3ZlCSL1yuFHD4VHHPVXkASSpl0LIv9NWTpf9NFUBWwwZvuZzf2De1ow
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
https://db-ip.com/
https://sun6-23.userapi.com/c909228/u228185173/docs/d58/827ee8664654/brg.bmp?extra=s3hUquX2Car0tPBuebi4clD6xoJcL-_AGmwCo9E6yS4EJctcUpnympqQfGDPlsTgJrPaxxDtNl4uOkQ8bVGvFM4RQzQHg5bReYnpzp0UFAV6zm7yzWV4O8iRt8js7oEMEuUHpwNc4kn93V3oiQ
https://sun6-20.userapi.com/c909218/u228185173/docs/d11/6a74cadeac86/StealerClient.bmp?extra=liQyUnJRllQZW238NpGvlKIzuz3nG2Ie6k7RtYOQxdeXIIz5SVk0yvxb3j2_ZOPQVo5TCFEdPiH3_IMf6xxqzM0OHFh2_gfI8kQuf_wXJRgL1P_Rh0olJmwx8nfJJpYcsvIBlz-GIORAygaszA
|
43
db-ip.com(104.26.4.15)
iplis.ru(148.251.234.93) - mailcious
hugersi.com(91.215.85.147) - malware
ji.jahhaega2qq.com(104.21.18.146) - malware
iplogger.org(148.251.234.83) - mailcious
sun6-23.userapi.com(95.142.206.3)
ipinfo.io(34.117.59.81)
api.myip.com(172.67.75.163)
www.maxmind.com(104.17.214.67)
sun6-20.userapi.com(95.142.206.0) - mailcious
sun6-22.userapi.com(95.142.206.2)
vk.com(87.240.132.67) - mailcious
api.db-ip.com(172.67.75.166)
148.251.234.93 - mailcious
194.169.175.128 - mailcious
95.142.206.2
104.17.215.67
91.215.85.147 - malware
104.26.5.15
208.67.104.60 - mailcious
45.9.74.80 - malware
172.67.75.163
87.240.132.67 - mailcious
157.254.164.98 - mailcious
34.117.59.81
172.67.182.87 - malware
148.251.234.83
83.97.73.130 - malware
45.12.253.74 - malware
185.81.68.115 - mailcious
194.169.175.124 - mailcious
104.17.214.67
45.15.156.229 - mailcious
104.26.4.15
83.97.73.129 - mailcious
147.135.231.58 - mailcious
163.123.143.4 - mailcious
95.142.206.0 - mailcious
95.142.206.3
85.208.136.10 - mailcious
45.9.74.6 - malware
176.113.115.239 - malware
89.23.96.31
|
19
SURICATA Applayer Mismatch protocol both directions
ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Single char EXE direct download likely trojan (multiple families)
ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET DROP Spamhaus DROP Listed Traffic Inbound group 40
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET POLICY IP Check Domain (iplogger .org in DNS Lookup)
ET INFO TLS Handshake Failure
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET POLICY IP Check Domain (iplogger .org in TLS SNI)
ET INFO EXE - Served Attached HTTP
|
9
http://45.9.74.6/2.exe
http://hugersi.com/dl/6523.exe
http://208.67.104.60/api/tracemap.php
http://45.15.156.229/api/tracemap.php
http://85.208.136.10/api/firegate.php
http://45.9.74.80/0bjdn2Z/index.php
http://194.169.175.124:3002/
http://ji.jahhaega2qq.com/m/p0aw25.exe
http://85.208.136.10/api/tracemap.php
|
6.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12304 |
2023-06-13 14:21
|
G_768916.rar e9775d944eddde92787307f5e2523c2c
PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates executable files unpack itself |
|
|
|
|
2.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12305 |
2023-06-13 10:51
|
Tax-documents_pdf.jar 605c34aa279611cc01669887eee38a01
ZIP Format VirusTotal Malware AutoRuns Check memory Checks debugger RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process Windows DNS crashed |
|
2
162.159.133.233 - malware
185.196.220.62
|
|
|
4.6 |
|
20 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12306 |
2023-06-13 10:40
|
File_pass1234.7z f54d88f319d55d71e0a05be63f90f006
PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM RedLine Malware download Amadey Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check PrivateLoader Tofsee Stealer Windows Trojan DNS |
21
http://208.67.104.60/api/firegate.php
http://45.9.74.6/2.exe - rule_id: 34108
http://hugersi.com/dl/6523.exe - rule_id: 32660
http://208.67.104.60/api/tracemap.php - rule_id: 28876
http://45.15.156.229/api/tracemap.php - rule_id: 33783
http://94.142.138.131/api/tracemap.php - rule_id: 28311
http://www.maxmind.com/geoip/v2.1/city/me
http://45.9.74.80/0bjdn2Z/index.php - rule_id: 26790
http://194.169.175.124:3002/ - rule_id: 34039
http://ji.jahhaega2qq.com/m/p0aw25.exe - rule_id: 33779
https://sun6-20.userapi.com/c909218/u228185173/docs/d11/6a74cadeac86/StealerClient.bmp?extra=liQyUnJRllQZW238NpGvlKIzuz3nG2Ie6k7RtYOQxdeXIIz5SVk0yvxb3j2_ZOPQVo5TCFEdPiH3_IMf6xxqzM0OHFh2_gfI8kQuf_wXJRgL1P_RhUcvJmwx8nfJJpYcsqBQlWOCfuFGyQShxA
https://sun6-22.userapi.com/c237131/u228185173/docs/d24/e6b3e0a9c701/galaxzy.bmp?extra=KDCwzqwncrcV1BH6dguLarmHV2mgg2Iak9GxprFqClIqqEMjtWRfOsY_WX6oM21XfZeAQ-fisZkiSzMGbaI2mefo0To3ZlCSL1yuFHD4VHHPVXkASydv0LIv9NWTpf9NFRdZwgFtvpzY1jLl_Q
https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self
https://db-ip.com/
https://sun6-20.userapi.com/c240331/u228185173/docs/d10/e396ce3949fe/WWW1.bmp?extra=ik8wXDtldqyZFlooG94LUVumVfvyzwP-q78mgg6FVvrv7LaUQeV90dC4c9pztUcMCVSQof5BhlgQDTtcUK9uCCidNeE6WCgo4Hp_Js5I9oxxwqqDxIFouCLuqI5ULpmCAD_Rkokm0zhHiPRu5A
https://vk.com/doc228185173_661474995?hash=ngbrX548PNwmO62piUAzo3za7V0SLpwMeOYARFPg9vk&dl=GdO4pFVV2NMD12LImqluZ4Bi9ACF30Jro63eHRLZyCs&api=1&no_preview=1
https://sun6-23.userapi.com/c909228/u228185173/docs/d58/827ee8664654/brg.bmp?extra=s3hUquX2Car0tPBuebi4clD6xoJcL-_AGmwCo9E6yS4EJctcUpnympqQfGDPlsTgJrPaxxDtNl4uOkQ8bVGvFM4RQzQHg5bReYnpzp0UFAV6zm7yz2hyO8iRt8js7oEMErZV9gde4Ur8jQDt2A
https://sun6-22.userapi.com/c909328/u228185173/docs/d16/dd34800d54a3/PMmp.bmp?extra=hw38BfkIzaU2EGOnB4FO10z55jyEtznvWR1V6DQhnHY8OCBIXWpscC1AllTa6-t_Q7Ky4h2YDbaVlLtHWQ0mVbPt3dQqWUva_qxzzaNvfgXY4AMzOR8KCu789ZmGupRfNKskYkBHbjcoa4Py4g
https://vk.com/doc228185173_661422793?hash=BVGcDwqY12ZzCtEUO9I80cERYcanbZR06WN0fZZHISs&dl=WrKsQQs04r0aPXzqzqnVCuyU8fc783i3zx6DbJzgAb4&api=1&no_preview=1
https://vk.com/doc228185173_661370278?hash=WTDcb1YK5NnIvYroFodebWklmNOZDA4t4wzyM7YZ8G0&dl=Opv8Kz3cxkmZtk6x6eARTW2stAo0pDAlyAS3QYoyGZT&api=1&no_preview=1#rise_test
https://vk.com/doc228185173_661471267?hash=llFID7xvvX9nWQRuRaB5KmO6NlKTmbHhm3DT1DFxFBL&dl=ieprxEY5LMQxT0SljcfYTeWlxdkkoBXh5z8r6EbpoYD&api=1&no_preview=1#brg
|
45
watson.microsoft.com(104.208.16.93)
db-ip.com(104.26.5.15)
iplis.ru(148.251.234.93) - mailcious
hugersi.com(91.215.85.147) - malware
ji.jahhaega2qq.com(172.67.182.87) - malware
iplogger.org(148.251.234.83) - mailcious
sun6-23.userapi.com(95.142.206.3)
ipinfo.io(34.117.59.81)
api.myip.com(104.26.8.59)
www.maxmind.com(104.17.214.67)
sun6-20.userapi.com(95.142.206.0) - mailcious
sun6-22.userapi.com(95.142.206.2)
vk.com(87.240.132.78) - mailcious
api.db-ip.com(104.26.5.15)
148.251.234.93 - mailcious
194.169.175.128 - mailcious
95.142.206.2
104.17.215.67
91.215.85.147 - malware
104.26.5.15
208.67.104.60 - mailcious
194.169.175.124 - mailcious
172.67.75.166
45.9.74.80 - malware
87.240.132.67 - mailcious
157.254.164.98 - mailcious
34.117.59.81
172.67.182.87 - malware
148.251.234.83
83.97.73.130 - malware
45.12.253.74 - malware
94.142.138.131 - mailcious
185.81.68.115 - mailcious
104.208.16.93
45.15.156.229 - mailcious
104.26.9.59
104.26.4.15
83.97.73.129 - mailcious
147.135.231.58 - mailcious
163.123.143.4 - mailcious
95.142.206.0 - mailcious
95.142.206.3
45.9.74.6 - malware
176.113.115.239 - malware
89.23.96.31
|
20
ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Mismatch protocol both directions
ET DROP Spamhaus DROP Listed Traffic Inbound group 40
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
ET INFO Executable Download from dotted-quad Host
ET MALWARE Single char EXE direct download likely trojan (multiple families)
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
ET MALWARE Redline Stealer TCP CnC Activity
ET INFO EXE - Served Attached HTTP
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET POLICY IP Check Domain (iplogger .org in DNS Lookup)
ET POLICY IP Check Domain (iplogger .org in TLS SNI)
ET INFO TLS Handshake Failure
|
8
http://45.9.74.6/2.exe
http://hugersi.com/dl/6523.exe
http://208.67.104.60/api/tracemap.php
http://45.15.156.229/api/tracemap.php
http://94.142.138.131/api/tracemap.php
http://45.9.74.80/0bjdn2Z/index.php
http://194.169.175.124:3002/
http://ji.jahhaega2qq.com/m/p0aw25.exe
|
6.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12307 |
2023-06-13 10:11
|
 document.doc eabac2151828caacfa7c253d84a7b891
VBA_macro Generic Malware MSOffice File Malware download Kimsuky VirusTotal Malware Campaign wscript.exe payload download exploit crash unpack itself North Korea Exploit crashed |
2
http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php?query=1 - rule_id: 34250
http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php?query=1
|
2
miracle.designsoup.co.kr(121.78.88.79)
121.78.88.79 - mailcious
|
3
ET MALWARE Suspected Kimsuky Activity (GET)
ET MALWARE Kimsuky Related Script Activity (GET)
ET MALWARE Suspected DPRK APT Related Activity (GET)
|
1
http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php
|
6.2 |
|
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12308 |
2023-06-13 09:56
|
 smartoption.php.html 00cf40deab29bc4bdf812434e171c14c
Generic Malware Antivirus PowerShell Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
10
http://kentwater.cn/caches/caches_template/user/index.php?CAVOt6Npb=xjPDl6R&ydEJCl=MAErLBSCmOJG&4iGjK=4lSxO0qiNcfvm1H7&21Jn0lD=QBUjHXJTHgQjAggSS1UhRVEPJxEgXkwbKwADHxtUbl5QUQU9GWQnLQcaKiAvdQ&E9vtGu=ugi
http://kentwater.cn/caches/caches_template/user/index.php?MXsl7LC8D=N7X1SoIhvZV&uFzOMrnj=M8FeRUNq1nP&qUMSj=7FeDtQP8Hk1csmZI&74bdWNa=Qz8VIUkyP1UlCl8HVQkzO1IlES0bP21KLQhUCgUIfCBTezMBIgUGfAESfTUxKQ&XKAn=WEen6
http://kentwater.cn/caches/caches_template/user/index.php?VXRu=6kLbuY1aWeJmjO&LVfau=lH0D8E1OxtUGIkJR&RA6dcsU=GDFAIQUmXiIVFTsjbw8jIAkrRC1XKww9HRcwLj8ObDsIdWYBbhFnCzENGRELLw
http://kentwater.cn/caches/caches_template/user/index.php?SN6vlWX5=0szj7BZlSTNRF&l9L7t85E1=P9KV5iWFmfb&9il5=AQ3BbrwCUXu1&kzwDru=rp3yzGvbSNwQ&u8dw2=8uLpU5jDOHdsrPly&D4yaJKE=TAw8FWhWBSkiKQoXVDQFC10WOBk6W1c2KisBGgQ1ShBcSBo1A2E8AAYxKCUwFA&vRdFJALhu=bLMoFCsqn
http://kentwater.cn/caches/caches_template/user/index.php?lIc=1FOdISaB&9P71m=NqDdzlOor3fSQpIG&qPv7KDa=Ogg0AUcPIAIfUgg3dxQgNSsSMA0VAnIdF1ADOicVby4qTBIhLDgZKztKKgUTNA
http://kentwater.cn/caches/caches_template/user/index.php?6v=GUrbi7L&vtfW8=sYghU7IQo21ftAXj&9eDt13B=ByAXDWhUJjwCU18CUiUxGBY6EwE6WXQjClFUDwIkfgMXZDEtA2MfFSZLfTA2BQ&Mz4s=UO2J0&g4VEDh=HjdIpfc
http://kentwater.cn/caches/caches_template/user/index.php?DNhmTrg6B=RLgh7dp3c2rTt&h=wap8I5&inu2wpr5G=bKXDenjoQ&2JptK=y7gAKRvqBtib8mpu&F9umKUj=DU4XJHYxGRwvFQcGHgkZBxxUEygkPEsDJxcMC04IVhwdCjEEHQYgNQsNJTR6KQ&7=ugwN
http://kentwater.cn/caches/caches_template/user/index.php?TlMcD0Ao=25IilUCF6y&TU1JA34g=Tyzc7puEYRS1O3Q&hregZ=UO7DwbvfTCphWZzq&Pcm50x6=ITZHIUoBGQs5Ih4McT4TAzAsQy0YDEsUMSAVASE_XBgxcmEBITYgIh06PD4VHg&IHGKOC=4UESkm
http://kentwater.cn/caches/caches_template/user/index.php?z1sUfI=gi8u3&7Aq42=Gub3nUqdgYFKP8Bf&Xi7cSqs=MwwSVlM2HgkKOCgvdlwrFCIWFloBO0wWAjojIiZdZA8jSDR2OAEnIC4gCh0SfA&o43vz0Wd=DUdJK95
http://pumpmotor.net/editor/smartoption.php
|
2
kentwater.cn(43.242.131.134)
43.242.131.134
|
|
|
8.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12309 |
2023-06-13 09:50
|
 smartoption.php.html 00cf40deab29bc4bdf812434e171c14cunpack itself crashed |
|
|
|
|
0.6 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12310 |
2023-06-13 09:44
|
 readme.doc 332f3efeb2f7f9cc98e3cea2c069a3a5
VBA_macro Generic Malware MSOffice File Malware download Kimsuky VirusTotal Malware Campaign wscript.exe payload download exploit crash unpack itself North Korea Exploit crashed |
1
http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php?query=1
|
2
miracle.designsoup.co.kr(121.78.88.79)
121.78.88.79 - mailcious
|
3
ET MALWARE Suspected Kimsuky Activity (GET)
ET MALWARE Kimsuky Related Script Activity (GET)
ET MALWARE Suspected DPRK APT Related Activity (GET)
|
|
6.2 |
|
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12311 |
2023-06-13 09:27
|
 setup.exe 94a8cb37cf0aa2d1fedb893167f4dc67
Malicious Library PE File PE32 VirusTotal Malware PDB unpack itself |
|
|
|
|
2.0 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12312 |
2023-06-13 09:25
|
 toolspub2.exe 46a85f9fb354c4a5c4ea7a321ee9c3b9
Malicious Library AntiDebug AntiVM PE File PE32 VirusTotal Malware PDB Code Injection Checks debugger buffers extracted unpack itself |
|
|
|
|
7.0 |
M |
32 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12313 |
2023-06-13 09:22
|
ijijijijijijijijijijijijiji%23... 18de0cc6af559b80698181bce1ab907b
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted exploit crash Exploit crashed |
|
|
|
|
3.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12314 |
2023-06-13 09:13
|
ikikikikikikikikikiki%23%23%23... e8caac8d865f4a94f766c5935fcf669f
MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed |
1
http://103.57.130.167/ssh001/wininit.exe
|
1
|
1
ET INFO Executable Download from dotted-quad Host
|
|
4.6 |
M |
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12315 |
2023-06-13 08:40
|
 joy.exe 046ed750609f61a01f15f23d2f2ac351
Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
9.6 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|