Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1726	2024-08-01 10:54	xxx.doc 498755df4e7db2b5ccc26cf792c66b98 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1			4.8	M	41	ZeroCERT

1727	2024-08-01 10:48	ppcsnap.dll 9b62352851c9f82157d1d7fcafeb49d3 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware					1.2		56	ZeroCERT

1728	2024-08-01 10:38	ppcsnap.dll 9b62352851c9f82157d1d7fcafeb49d3 Generic Malware Malicious Library UPX PE File DLL PE64 OS Processor Check VirusTotal Malware					1.2		56	ZeroCERT

1729	2024-08-01 10:32	hacrvidth vibev (2).exe d6b38a2272876d039d48b46aa874e7b9 Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6		50	ZeroCERT

1730	2024-08-01 10:30	hacrvidth vibev.exe 7a18b1bf9b07726327ba50e549764731 Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.8		50	ZeroCERT

1731	2024-08-01 10:29	vhcrvdh iobv.exe da2331ac3e073164d54bcc5323cf0250 Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.4		48	ZeroCERT

1732	2024-08-01 10:13	886535bbe925890a01f49f49f49fee... 886535bbe925890a01f49f49f49fee40 Generic Malware HWP PS PostScript Antivirus AntiDebug AntiVM MSOffice File Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key		2	2		7.8		27	ZeroCERT

1733	2024-08-01 08:51	schuste.exe 115988cec15bcf0adc3b6a4f100b1b24 Gen1 Generic Malware Malicious Library ASPack UPX Anti_VM PE File PE64 OS Processor Check DLL ZIP Format Check memory Creates executable files					1.0			ZeroCERT

1734	2024-08-01 08:50	NO.exe 8f307a5db76ea7573f1824d852178c0c Gen1 Generic Malware Malicious Library WinRAR UPX Malicious Packer PE File PE64 OS Processor Check DLL PDB Creates executable files unpack itself Remote Code Execution					3.0			ZeroCERT

1735	2024-08-01 08:47	winiti.exe 002c833ff6ecaac50c4ef23b36189bbc Formbook Generic Malware Malicious Library .NET framework(MSIL) UPX ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS crashed	3 Keyword trend analysis Info http://www.c7v88.top/v6ba/?Zd5pyH=nJtV0xxVonYleLmyEDIGF1GRtIwzCkYblW7ymF81wwUwIwWLid3Lr9yJw2X9YaLdXd5m2mo1Ok9Zsjhn2cbjbjbKzyMWkQ/uC8atz3xgP0khh14CmXxCw976WGM8OA3qn6b9QMQ=&jlGu=6K607I9hIh - rule_id: 41536 http://www.c7v88.top/v6ba/ - rule_id: 41536 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip	3	3	2	9.4	M		ZeroCERT

1736	2024-08-01 08:47	PwHnaA.exe 19f436930646f3e8f283fa71f2a4cbcb Generic Malware Malicious Library Malicious Packer .NET framework(MSIL) UPX Anti_VM PE File .NET EXE PE32 OS Processor Check JPEG Format Malware Telegram Malicious Traffic Windows utilities IP Check Tofsee Windows DNS	2 Keyword trend analysis	6	7 Info ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Telegram API Domain in DNS Lookup ET INFO External IP Lookup Domain in DNS Lookup (icanhazip .com) ET POLICY IP Check Domain (icanhazip. com in HTTP Host) ET POLICY Observed Wifi Geolocation Domain (api .mylnikov .org in TLS SNI)		1.6			ZeroCERT

1737	2024-08-01 08:45	stealc_valenciga.exe cb24cc9c184d8416a66b78d9af3c06a2 Gen1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	9 Keyword trend analysis Info http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll - rule_id: 275 http://185.215.113.17/2fb6c2cc8dce150a.php - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/softokn3.dll - rule_id: 275 http://185.215.113.17/ - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/freebl3.dll - rule_id: 275	1	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	9	7.2	M		ZeroCERT

1738	2024-08-01 08:41	random.exe ad1dde8691f26ca55a64c3a8d1adaa7f RedLine stealer EnigmaProtector Generic Malware UPX Code injection Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself malicious URLs installed browsers check Tofsee Ransomware Exploit Browser ComputerName crashed		2	1		9.2	M		ZeroCERT

1739	2024-08-01 08:39	1.exe be951641ba5b2620a2d4e9b9e9568e76 Generic Malware Malicious Library ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		8.8			ZeroCERT

1740	2024-08-01 08:37	1.exe d94cf1913f3dbee17014f7a765c09d4e Generic Malware Themida Packer Malicious Library WinRAR UPX Admin Tool (Sysinternals etc ...) PE File PE32 OS Processor Check .NET EXE PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Checks Bios Detects VMWare AppData folder AntiVM_Disk VMware anti-virtualization VM Disk Size Check Windows ComputerName Remote Code Execution Firmware crashed					6.8			ZeroCERT