Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46	2024-06-28 12:53	random.exe 97ddaf205149ee9833a9b79cbfa33e68 Gen1 EnigmaProtector Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download Vidar VirusTotal Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS crashed plugin	8 Keyword trend analysis Info http://85.28.47.4/69934896f997d5bb/freebl3.dll http://85.28.47.4/69934896f997d5bb/nss3.dll http://85.28.47.4/69934896f997d5bb/vcruntime140.dll http://85.28.47.4/69934896f997d5bb/mozglue.dll http://85.28.47.4/69934896f997d5bb/softokn3.dll http://85.28.47.4/920475a59bac849d.php - rule_id: 40635 http://85.28.47.4/69934896f997d5bb/msvcp140.dll http://85.28.47.4/69934896f997d5bb/sqlite3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	8.2	M	33	ZeroCERT

47	2024-06-28 12:50	alex5555555.exe a80a86c701801cbd77cf7406be6d11f0 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4	M	56	ZeroCERT

48	2024-06-28 12:48	alphazxv.scr e4979c53302e30f656edf76043b5944a LokiBot Generic Malware Malicious Library .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process malicious URLs AntiVM_Disk suspicious TLD WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	2	8 Info ET DNS Query to a .top domain - Likely Hostile ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET INFO HTTP Request to a .top domain ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1		16.0	M	49	ZeroCERT

49	2024-06-28 12:47	intalls555.exe 7e30a1a92f86e8e0a25154b1521d0588 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Telegram suspicious privilege MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces AntiVM_Disk VM Disk Size Check Tofsee Windows ComputerName DNS keylogger		2	4		4.8	M	59	ZeroCERT

50	2024-06-28 12:46	%E5%9B%BD%E5%BA%86%E5%BB%B6%E8... d0e72468c01cf13b48c0a5ee2a310cb2 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting DNS crashed		1			4.0	M	63	ZeroCERT

51	2024-06-28 12:44	chisel.exe 6ddee3e7fa0969931f9ec465e9c8965a Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware crashed					1.6		52	ZeroCERT

52	2024-06-27 10:11	vi.exe baa9e1a92bab85279dca0aed641f1fa9 Malicious Library Antivirus UPX PE File PE32 OS Processor Check VirusTotal Malware Malicious Traffic Tofsee crashed	1 Keyword trend analysis	4	1		3.4	M	52	ZeroCERT

53	2024-06-27 10:09	sc.exe e86471da9e0244d1d5e29b15fc9feb80 Generic Malware Malicious Library Downloader Antivirus UPX PE File PE64 OS Processor Check Browser Info Stealer VirusTotal Malware AutoRuns PDB Windows Browser					2.6	M	60	ZeroCERT

54	2024-06-26 10:36	av_downloader1.1.exe 759f5a6e3daa4972d43bd4a5edbdeb11 Generic Malware Malicious Library Malicious Packer UPX Antivirus AntiDebug AntiVM PE File PE32 MSOffice File PNG Format JPEG Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Disables Windows Security powershell.exe wrote suspicious process Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed		2	1		12.4	M	57	ZeroCERT

55	2024-06-26 10:19	csrss.exe 8afc7110cee6735ab8101a03907c5cf5 Malicious Library PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key crashed					2.4	M	49	ZeroCERT

56	2024-06-26 10:14	d63e9e90-db3d-42c6-a687-45470b... aaa77d6928d24c74d686805fba1929a7 Generic Malware Malicious Packer Malicious Library UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.4	M	61	ZeroCERT

57	2024-06-26 10:10	stl.exe 2d92c64d986c4640e4cb5bc41cb38821 RedLine stealer RedLine Stealer Malicious Library .NET framework(MSIL) ScreenShot PWS SMTP AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		9.4	M	54	ZeroCERT

58	2024-06-26 07:48	PO580.exe 0815923728c22dbce41267fcc92aa214 Malicious Library PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key crashed					2.6		40	ZeroCERT

59	2024-06-26 07:34	vidar2406.exe c64af626c4ed0784e010f5f2210e97f4 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself WriteConsoleW crashed					2.6	M	59	ZeroCERT

60	2024-06-26 07:32	meta2406.exe b60d8d01724703616e7cbbd320a9bd75 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself WriteConsoleW crashed					2.6		57	ZeroCERT