Description
Simple but powerful infostealer which was very active in 2019.
C7304FF0966068D305DA031F9DA60C5B0EBE32AC43533.exe
4MB
211204-wlwhjsbdfj
d13d7a330bd2b99acb5c445bb14ab499
0a598d94482ab95fe1ecd2a0741eb39b7d7defb2
c7304ff0966068d305da031f9da60c5b0ebe32ac43533d27f50190f1ba549347
9c754fb692a95daeb895cfd4acbb09b84c80b217b5b7dfb27ae75bc9ae9560e8a8e09e49424fcffaba0e2f365b79fb51fc4a69f5b580f0ddb1308c896d33d82c
Family | socelars |
C2 |
http://www.iyiqian.com/ http://www.hbgents.top/ http://www.rsnzhy.com/ http://www.efxety.top/ |
Family | raccoon |
Botnet | 2f2ad1a1aa093c5a9d17040c8efd5650a99640b5 |
Attributes |
url4cnc http://telegatt.top/oh12manymarty http://telegka.top/oh12manymarty http://telegin.top/oh12manymarty https://t.me/oh12manymarty |
rc4.plain |
|
rc4.plain |
|
Family | redline |
Botnet | Chris |
C2 |
194.104.136.5:46013 |
Family | smokeloader |
Version | 2020 |
C2 |
http://directorycart.com/upload/ http://tierzahnarzt.at/upload/ http://streetofcards.com/upload/ http://ycdfzd.com/upload/ http://successcoachceo.com/upload/ http://uhvu.cn/upload/ http://japanarticle.com/upload/ |
rc4.i32 |
|
rc4.i32 |
|
Family | redline |
Botnet | media18 |
C2 |
91.121.67.60:2151 |
Family | redline |
Botnet | fucker2 |
C2 |
135.181.129.119:4805 |
C7304FF0966068D305DA031F9DA60C5B0EBE32AC43533.exe
d13d7a330bd2b99acb5c445bb14ab499
4MB
0a598d94482ab95fe1ecd2a0741eb39b7d7defb2
c7304ff0966068d305da031f9da60c5b0ebe32ac43533d27f50190f1ba549347
9c754fb692a95daeb895cfd4acbb09b84c80b217b5b7dfb27ae75bc9ae9560e8a8e09e49424fcffaba0e2f365b79fb51fc4a69f5b580f0ddb1308c896d33d82c
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Socelars is an infostealer targeting browser cookies and credit card credentials.
suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
suricata: ET MALWARE Suspicious Download Setup_ exe
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
Detects executables packed with ASPack v2.12-2.42
Uses a legitimate IP lookup service to find the infected system's external IP.
Uses a legitimate geolocation service to find the infected system's geolocation info.