Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
226	2024-09-11 10:16	sgfds.exe 5409b0fc8b14c5b24f5db3ede8cef555 Stealc Client SW User Data Stealer ftp Client info stealer Antivirus UPX Malicious Library Malicious Packer Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer Malware download Vidar VirusTotal Malware c&c PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	6 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll	1	12 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity	2	12.2	M	36	ZeroCERT

227	2024-09-11 10:15	svchost.dll 758efd58932dd3199c315a51c4b103a7 PE File DLL PE64 VirusTotal Malware Malicious Traffic Checks debugger RWX flags setting unpack itself suspicious process ComputerName DNS	1 Keyword trend analysis	1			4.4	M	23	ZeroCERT

228	2024-09-11 10:13	66e08d1814f75_BrickAaron.exe#1 5673f47783f3a8e794f6863f1a7c3c7d Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					5.6		21	ZeroCERT

229	2024-09-11 10:12	rkcms.exe 06077fd4b5e75f2d730ca61e2bf0f4e7 UPX PE File PE64 VirusTotal Malware					0.4		7	ZeroCERT

230	2024-09-11 10:12	scan_documet_027839.vbs a5a98320f9ac5232423dbde020b8af40 VirusTotal Malware ComputerName					1.0		28	ZeroCERT

231	2024-09-11 10:11	2b4pI1hCJx7p.exe 2d7e2eb114ceca66531637b4988a586c Emotet Gen1 Generic Malware Malicious Library Malicious Packer ASPack UPX PE File DllRegisterServer dll PE32 OS Processor Check DLL VirusTotal Malware Check memory unpack itself AppData folder Remote Code Execution					3.0		49	ZeroCERT

232	2024-09-11 10:11	32.exe.txt 33c05328038a99ed239df21e508182e6 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			2.6		68	ZeroCERT

233	2024-09-11 10:01	off.exe 8584c1ffa2cdeed2d4f4c3ae4d3661ca Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 MZP Format DLL OS Processor Check PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder ComputerName crashed					3.4		34	ZeroCERT

234	2024-09-11 09:58	66e095f996804_111.exe 84696a854747864cc51653cb5d843a2a RedLine Infostealer Generic Malware UltraVNC Suspicious_Script_Bin Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API per Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		13.0		35	ZeroCERT

235	2024-09-11 09:58	svchost.exe f8f78f7b3bd5595e858889fa483ae272 PE File PE64 Malware Malicious Traffic unpack itself DNS crashed	1 Keyword trend analysis	1			2.0			ZeroCERT

236	2024-09-11 09:56	66e06cea88f93_BlueSapphire.exe... 0feebe85e6413561e738588cad1076a3 Malicious Library .NET framework(MSIL) UPX ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					8.2	M	32	ZeroCERT

237	2024-09-11 09:55	66df1689df956_l.exe e318c6ab13d30b93d2d43bf5d2c31fe5 Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					7.4		42	ZeroCERT

238	2024-09-10 10:34	AvosLocker.exe 8da384b2427b8397a5934182c159c257 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PowerShell VirusTotal Malware suspicious privilege Creates executable files Windows utilities suspicious process sandbox evasion WriteConsoleW Ransom Message Turn off Windows Error Recovery notification window Windows					7.2	M	64	ZeroCERT

239	2024-09-10 10:33	l.exe 1c67f687230addd2815b74bc892a047f Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					8.2	M	39	ZeroCERT

240	2024-09-10 10:32	s.exe 45fb3cd11b294fe8a05691cdab474786 Client SW User Data Stealer ftp Client info stealer Antivirus Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName					7.6		40	ZeroCERT