Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
2161	2024-07-17 20:50	d3l.ps1 d4668b957d53463c68684d6cab89c2b2 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.2		26	ZeroCERT

2162	2024-07-17 09:15	se.exe a907d2e6edda829467a10bc8a87cb76f PE File PE64 VirusTotal Malware unpack itself Remote Code Execution					2.0	M	37	ZeroCERT

2163	2024-07-17 09:13	x.exe e61141a7ae1bbdd5fb0434f2c946b566 Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					4.0	M	60	ZeroCERT

2164	2024-07-17 09:11	winmod.exe e2e17ea8d5d471e58cbef7258dfec0e3 njRAT backdoor Generic Malware Malicious Library Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key		1			9.2	M	39	ZeroCERT

2165	2024-07-17 09:11	file1111.exe 7fc7b187ff95d6c0c6b080f887f20b30 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					2.6		57	ZeroCERT

2166	2024-07-17 09:09	newstart.exe a20fc3377c07aa683a47397f9f5ff355 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		8.0	M	60	ZeroCERT

2167	2024-07-17 09:09	remcmdstub.exe 35da3b727567fab0c7c8426f1261c7f5 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware WriteConsoleW					0.6		3	ZeroCERT

2168	2024-07-17 09:07	PCICL32.DLL ad51946b1659ed61b76ff4e599e36683 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Antivirus UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					1.6		11	ZeroCERT

2169	2024-07-17 09:07	client32.exe 9497aece91e1ccc495ca26ae284600b9 UPX PE File PE32 VirusTotal Malware					0.4		6	ZeroCERT

2170	2024-07-17 09:06	chart.exe 73aa6448467db3d1ac25f7e9d8cf1cd4 Stealc Gen1 Generic Malware Malicious Library UPX Malicious Packer AntiDebug AntiVM PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Code Injection Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin	8 Keyword trend analysis Info http://85.28.47.30/69934896f997d5bb/sqlite3.dll http://85.28.47.30/69934896f997d5bb/softokn3.dll http://85.28.47.30/69934896f997d5bb/vcruntime140.dll http://85.28.47.30/920475a59bac849d.php - rule_id: 40980 http://85.28.47.30/69934896f997d5bb/msvcp140.dll http://85.28.47.30/69934896f997d5bb/nss3.dll http://85.28.47.30/69934896f997d5bb/freebl3.dll http://85.28.47.30/69934896f997d5bb/mozglue.dll	2	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 9 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	12.0	M	39	ZeroCERT

2171	2024-07-17 09:04	tv2.exe 108f1fb53a61d46e8df4331ed0724c9d Metasploit Generic Malware PE File PE64 VirusTotal Malware DNS crashed		1			3.6	M	62	ZeroCERT

2172	2024-07-17 09:03	x.exe eacd19fe747d17c6740b0a8a50de29ac Generic Malware Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key keylogger					7.4	M	58	ZeroCERT

2173	2024-07-17 09:02	gdfvr.hta d38821792f768551b015a982c0ddd1d5 Generic Malware Downloader Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	4		11.6		21	ZeroCERT

2174	2024-07-16 14:11	mi.dll e6743e380f2418b616dca113dbbc93cb Generic Malware PE File DLL PE32 VirusTotal Malware Checks debugger unpack itself crashed					2.0		10	ZeroCERT

2175	2024-07-16 14:00	cred64.dll b9bccd35addce48384491a98e1b89eb5 Generic Malware Malicious Library UPX Antivirus PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1			9.8	M	52	ZeroCERT