Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2024-09-10 09:51	66dd9bbd1c1b9_w2.exe#ww2metaki... 8643394f91138d207dda09b2c98ed18e RedLine stealer Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2		45	ZeroCERT

2	2024-09-04 10:25	66d753141beb4_default.exe#kiso... 5bded0f41fa96aeed99d6b9b8eb34aa4 Client SW User Data Stealer ftp Client info stealer Malicious Library .NET framework(MSIL) UPX Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Malware c&c PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS Software crashed plugin	9 Keyword trend analysis Info http://45.152.113.10/15a25e53742510fe/nss3.dll http://45.152.113.10/15a25e53742510fe/vcruntime140.dll http://45.152.113.10/15a25e53742510fe/mozglue.dll http://45.152.113.10/15a25e53742510fe/softokn3.dll http://45.152.113.10/ http://45.152.113.10/15a25e53742510fe/freebl3.dll http://45.152.113.10/15a25e53742510fe/sqlite3.dll http://45.152.113.10/15a25e53742510fe/msvcp140.dll http://45.152.113.10/92335b4816f77e90.php	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity		13.2	M	14	ZeroCERT

3	2024-08-21 14:16	66c4c71a033c6_otr.exe#kisotr 993f5fdf3bd55f35661293167e39649a Stealc Client SW User Data Stealer ftp Client info stealer Malicious Library Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware c&c PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Stealc ComputerName DNS	2 Keyword trend analysis	1	1	2	8.8	M	15	ZeroCERT

First
1
Last
Total : 3cnts