MalwareHunterTeam CryptoInsane Cerberus authors created custom "Injector Generator" Because of that they/clients could create injections for any financial service faster and easier

#Nikki stealer C2 (probably) at: 149.202.154.]164/p/login.php Also #Azorult panel on same IP: http://149.202.154.]164/azo/index.php

Half newly #IcedID configs, mostly by names aginia and telected with those TlD - .tel .net .nl .one .org .xyz .top .eu .in MD5 fa099766c51bf614a82b6b9f01cce169 also downloading #TrickBot from 192.3.247.]119 with usual .exe and .png (which i saw on @P3pperP0tts tweet a week ago)

#opendir at mac-mmanuel.]com with some .exe, lots of #phishing on banks and mail services, #KeyBase malware panel(bit broken) and other stuff. 🤠🧐

Some nice sample of #IcedID at 192.236.210.]142/winservices.mnt which i found on AnyRun app.any.run/tasks/02afc617… (someone also uploaded the infection to AnyRun but it doesn't run well) Obfu$Cat P3n_B3st3r Knudsen Baio Jake | JCyberSec_ James @P3pperP0tts

Some nice interesting #Ursnif sample targeting Poland app.any.run/tasks/80de095a… MD5 of DLL file - 75a86f64c1ab7d8a56532b793a8547b7

#Ginp sample targeting Spain IoC: MD5 - 2362e5a4f9ad47cc49a986e52616e18e cheleseafc82.]info/api882/ pamidor714.]info/api882/ putinka872.]info/api1/ getFile_b0bffe7506764da001745457d16fe6e8.php

#OpenDir with #IcedID samples at: gohoga.]org/ MD5 for example - 5418904a04b0ceefff4af90326fdd56a Seems like new configs to me from last tow days. Also, there are probably some new banks that added to the "client list" of IcedID.

#Cerberus mobile #Banker X2 playmarketonline.]com & androidplayonline.]pro both with gate.php file, hosted on the same IP and targeting Turkish banks 🇹🇷. APKs MD5 - deb28408775513d118ccaa19a4bfbdae d13f21c155043068ef34d378879566f4

"Proyecto RAT" campaña 01/2020 dirigida a usuarios de Latinoamérica y Colombia 🇨🇴 principalmente. "spoolktj.exe" ed3af74d64ca5bea98f2d4fc60de0a1b900390b009001fdfaeaafddc35a229d0 C2: ledis.linkpc[.]net 128.90.105[.]193 Relacionado: blog.la.trendmicro.com/proyecto-rat-u… cc: COLCERT

MSI installer loading #MeKotio/#MetaMorfo targeting Chilean banks 🇨🇱 app.any.run/tasks/eff495cc… IoC chmsc.]edu.]ph/library/modules/down/op57.lts dropping zip file then run the autoit C&C: escapuliu.]com/happynewyear/EYHS2BZM31D225Q.php Obfu$Cat P3n_B3st3r \_(ʘ_ʘ)_/ Germán Fernández

If u want to play app.any.run/tasks/12516759… pps file contain mega loader with many steps, ending with couple of EXEs - #Zusy, #Azorult 3.2 & more IoC pastebin.com/nhnbuaHK MD5 1c0d1af30fc12cb964335c0a20ffeedd d9cdaa157655d8434b73ebfb7e6c8c1c QakBG P3n_B3st3r Obfu$Cat

app.any.run/tasks/c484208d… #Vidar stealer with regular bunch of DLL on the C2. I see those more often lately...

#opendir IP contain 2 differnet malware C2 191.232.233.]32 /man/ is C2 of #MetaMorfo/#MeKotio app.any.run/tasks/ac14c63b… /Android/ folder is C2 of #BasBanke/#CoyBot Android malware(as the folder name suggests..) virustotal.com/gui/file/21fe3… Both targeting Brazilian banks.🇧🇷