Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46066	2024-07-16 11:03	tpeinf.exe cfb7fbf1d4b077a0e74ed6e9aab650a8 Generic Malware Downloader Admin Tool (Sysinternals etc ...) UPX Malicious Library Malicious Packer PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Checks debugger Creates executable files ICMP traffic Disables Windows Security AppData folder Windows Update DNS	4 Keyword trend analysis	16	3	2	12.8	M	59	ZeroCERT

46067	2024-07-16 11:09	201.exe e0c387e6842dc4797be9380a8bde32f3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.0		35	ZeroCERT

46068	2024-07-16 14:00	clip64.dll 8cfd7419f24c7904d2a71b5ae6ea5daa Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	1			3.6	M	49	ZeroCERT

46069	2024-07-16 14:00	cred64.dll b9bccd35addce48384491a98e1b89eb5 Generic Malware Malicious Library UPX Antivirus PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1			9.8	M	52	ZeroCERT

46070	2024-07-16 14:11	mi.dll e6743e380f2418b616dca113dbbc93cb Generic Malware PE File DLL PE32 VirusTotal Malware Checks debugger unpack itself crashed					2.0		10	ZeroCERT

46071	2024-07-17 09:02	gdfvr.hta d38821792f768551b015a982c0ddd1d5 Generic Malware Downloader Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	4		11.6		21	ZeroCERT

46072	2024-07-17 09:03	x.exe eacd19fe747d17c6740b0a8a50de29ac Generic Malware Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key keylogger					7.4	M	58	ZeroCERT

46073	2024-07-17 09:04	tv2.exe 108f1fb53a61d46e8df4331ed0724c9d Metasploit Generic Malware PE File PE64 VirusTotal Malware DNS crashed		1			3.6	M	62	ZeroCERT

46074	2024-07-17 09:06	chart.exe 73aa6448467db3d1ac25f7e9d8cf1cd4 Stealc Gen1 Generic Malware Malicious Library UPX Malicious Packer AntiDebug AntiVM PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Code Injection Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin	8 Keyword trend analysis Info http://85.28.47.30/69934896f997d5bb/sqlite3.dll http://85.28.47.30/69934896f997d5bb/softokn3.dll http://85.28.47.30/69934896f997d5bb/vcruntime140.dll http://85.28.47.30/920475a59bac849d.php - rule_id: 40980 http://85.28.47.30/69934896f997d5bb/msvcp140.dll http://85.28.47.30/69934896f997d5bb/nss3.dll http://85.28.47.30/69934896f997d5bb/freebl3.dll http://85.28.47.30/69934896f997d5bb/mozglue.dll	2	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 9 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	12.0	M	39	ZeroCERT

46075	2024-07-17 09:07	client32.exe 9497aece91e1ccc495ca26ae284600b9 UPX PE File PE32 VirusTotal Malware					0.4		6	ZeroCERT

46076	2024-07-17 09:07	PCICL32.DLL ad51946b1659ed61b76ff4e599e36683 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Antivirus UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					1.6		11	ZeroCERT

46077	2024-07-17 09:09	remcmdstub.exe 35da3b727567fab0c7c8426f1261c7f5 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware WriteConsoleW					0.6		3	ZeroCERT

46078	2024-07-17 09:09	newstart.exe a20fc3377c07aa683a47397f9f5ff355 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		8.0	M	60	ZeroCERT

46079	2024-07-17 09:11	file1111.exe 7fc7b187ff95d6c0c6b080f887f20b30 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					2.6		57	ZeroCERT

46080	2024-07-17 09:11	winmod.exe e2e17ea8d5d471e58cbef7258dfec0e3 njRAT backdoor Generic Malware Malicious Library Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key		1			9.2	M	39	ZeroCERT