Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
3826	2024-06-25 07:52	num.exe 919db35f2bf4dad6dd23e16b68dbb205 Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName Firmware DNS Software crashed plugin	8 Keyword trend analysis Info http://85.28.47.4/69934896f997d5bb/freebl3.dll http://85.28.47.4/69934896f997d5bb/nss3.dll http://85.28.47.4/69934896f997d5bb/vcruntime140.dll http://85.28.47.4/69934896f997d5bb/mozglue.dll http://85.28.47.4/69934896f997d5bb/softokn3.dll http://85.28.47.4/920475a59bac849d.php http://85.28.47.4/69934896f997d5bb/msvcp140.dll http://85.28.47.4/69934896f997d5bb/sqlite3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	11.0	M	40	ZeroCERT

3827	2024-06-25 07:48	288c47bbc1871b439df19ff4df68f0... 4645adc87acf83b55edff3c5ce2fc28e Generic Malware Malicious Library UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder				3.6		58	ZeroCERT

3828	2024-06-25 07:48	e0cbefcb1af40c7d4aff4aca26621a... 78a9e69486fa214a1af7dc245ab3ec06 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself				2.0		66	ZeroCERT

3829	2024-06-25 07:46	Videopro02.exe 7d91ac0d3852641715e5248d384d27c7 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				2.2		63	ZeroCERT

3830	2024-06-25 07:44	ExtExport2.exe 901a623dbccaa22525373cd36195ee14 Suspicious_Script_Bin UPX PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces IP Check installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	8	8 Info ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE RedLine Stealer - CheckConnect Response ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SURICATA HTTP unable to match response to request	9.4	M	40	ZeroCERT

3831	2024-06-25 07:44	3.exe 62ae0796c580559b876ecd052ddf80c4 Malicious Library PE File PE32 VirusTotal Malware				1.4	M	31	ZeroCERT

3832	2024-06-25 05:38	70f316a5492848bb_down[1] 555e83ce7f5d280d7454af334571fb25 AntiDebug AntiVM PNG Format Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email				3.2			guest

3833	2024-06-25 05:37	a8ae8647bbcca480_recoverystore... bc10f337c3a77c5f9d4bf6a20049e31e AntiDebug AntiVM MSOffice File Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

3834	2024-06-25 05:29	http://l.instagram.com/?235901... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis Info http://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava https://business.instagram.com/micro_site/url/?event_type=click https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava	3	2	4.2			guest

3835	2024-06-25 05:29	https://business.instagram.com... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	2	4.8			guest

3836	2024-06-25 05:28	https://l.instagram.com/?23590... AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis Info https://business.instagram.com/micro_site/url/?event_type=click https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava	3	1	3.8			guest

3837	2024-06-25 05:18	41e3f69ecc09290e_httperrorpage... dea81ac0a7951fb7c6cae182e5b19524 AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email				3.2			guest

3838	2024-06-25 03:22	f3162d6a1d08f609_{c13cc5e4-325... cb227212b1977c3bb7cb402ada0417ee AntiDebug AntiVM MSOffice File Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

3839	2024-06-25 02:50	http://l.instagram.com/?235901... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis Info http://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava https://business.instagram.com/micro_site/url/?event_type=click https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava	3	2	4.2			guest

3840	2024-06-24 15:51	pumairld.txt.ps1 19a7f5e2e7fd8e14d8129dcdf6c8b992 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Discord ComputerName DNS Cryptographic key		2	3	8.4		17	ZeroCERT