Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
45556	2024-06-25 02:50	http://l.instagram.com/?235901... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis Info http://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava https://business.instagram.com/micro_site/url/?event_type=click https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava	3	2	4.2			guest

45557	2024-06-25 03:22	f3162d6a1d08f609_{c13cc5e4-325... cb227212b1977c3bb7cb402ada0417ee AntiDebug AntiVM MSOffice File Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

45558	2024-06-25 05:18	41e3f69ecc09290e_httperrorpage... dea81ac0a7951fb7c6cae182e5b19524 AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email				3.2			guest

45559	2024-06-25 05:28	https://l.instagram.com/?23590... AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis Info https://business.instagram.com/micro_site/url/?event_type=click https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava	3	1	3.8			guest

45560	2024-06-25 05:29	https://business.instagram.com... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	2	2	4.8			guest

45561	2024-06-25 05:29	http://l.instagram.com/?235901... Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis Info http://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava https://business.instagram.com/micro_site/url/?event_type=click https://l.instagram.com/?23590132=virtaava23590132aafc0fa1466a40a290d168bebc935ce2&e=ATMTlv6QR7cLRPRi6BPCQnYyglYtbOn12xlUTzINqVw19qiSlaZJEDdkuuszqFrruIN-TZHW&s=1&u=https://business.instagram.com/micro_site/url/?event_type=click&site=igb&destination=https://www.facebook.com/ads/ig_redirect/?d=Ad8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE&a=1&hash=Ad_y5usHyEC86F8X%2323590132\|https://pbs.twimg.com/profile_images/1793260522952966144/qGnAVdxb_normal.jpg\|virtaava	3	2	4.2			guest

45562	2024-06-25 05:37	a8ae8647bbcca480_recoverystore... bc10f337c3a77c5f9d4bf6a20049e31e AntiDebug AntiVM MSOffice File Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

45563	2024-06-25 05:38	70f316a5492848bb_down[1] 555e83ce7f5d280d7454af334571fb25 AntiDebug AntiVM PNG Format Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email				3.2			guest

45564	2024-06-25 07:44	3.exe 62ae0796c580559b876ecd052ddf80c4 Malicious Library PE File PE32 VirusTotal Malware				1.4	M	31	ZeroCERT

45565	2024-06-25 07:44	ExtExport2.exe 901a623dbccaa22525373cd36195ee14 Suspicious_Script_Bin UPX PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces IP Check installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	8	8 Info ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE RedLine Stealer - CheckConnect Response ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SURICATA HTTP unable to match response to request	9.4	M	40	ZeroCERT

45566	2024-06-25 07:46	Videopro02.exe 7d91ac0d3852641715e5248d384d27c7 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				2.2		63	ZeroCERT

45567	2024-06-25 07:48	e0cbefcb1af40c7d4aff4aca26621a... 78a9e69486fa214a1af7dc245ab3ec06 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself				2.0		66	ZeroCERT

45568	2024-06-25 07:48	288c47bbc1871b439df19ff4df68f0... 4645adc87acf83b55edff3c5ce2fc28e Generic Malware Malicious Library UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder				3.6		58	ZeroCERT

45569	2024-06-25 07:52	num.exe 919db35f2bf4dad6dd23e16b68dbb205 Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName Firmware DNS Software crashed plugin	8 Keyword trend analysis Info http://85.28.47.4/69934896f997d5bb/freebl3.dll http://85.28.47.4/69934896f997d5bb/nss3.dll http://85.28.47.4/69934896f997d5bb/vcruntime140.dll http://85.28.47.4/69934896f997d5bb/mozglue.dll http://85.28.47.4/69934896f997d5bb/softokn3.dll http://85.28.47.4/920475a59bac849d.php http://85.28.47.4/69934896f997d5bb/msvcp140.dll http://85.28.47.4/69934896f997d5bb/sqlite3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	11.0	M	40	ZeroCERT

45570	2024-06-25 07:52	cap.exe 22e35bea6a2653c8393db13a83b0cf97 Malicious Library PE File PE64 VirusTotal Malware Buffer PE PDB MachineGuid Check memory Checks debugger buffers extracted unpack itself crashed				3.6	M	58	ZeroCERT