Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46711	2024-08-06 09:36	public.dll 1e6e7fe9584055fc71294dc35a55241c Generic Malware Malicious Packer UPX PE File DLL PE64 OS Processor Check VirusTotal Malware PDB					0.8	M	5	ZeroCERT

46712	2024-08-06 09:37	1.exe c94b912d6522020372342c328fab4bc9 Generic Malware Malicious Library VMProtect UPX Malicious Packer PE File PE32 DLL OS Processor Check DllRegisterServer dll VirusTotal Malware Check memory buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS		1	1		5.6	M	28	ZeroCERT

46713	2024-08-06 09:39	skx111.exe cc0358385ac6807479ab8f5770569bce Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					7.6			ZeroCERT

46714	2024-08-06 09:40	%2477redline.exe bcbcb79606c1833ccef6ca77a7535936 RedLine Infostealer RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows Cryptographic key		1			3.0	M	64	ZeroCERT

46715	2024-08-06 09:41	l.exe 5075f994390f9738e8e69f4de09debe6 Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check DLL ftp ZIP Format VirusTotal Malware Check memory Creates executable files					2.4		47	ZeroCERT

46716	2024-08-06 09:43	MD5.exe f38bcacf41070de40c329f6792460338 PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1	1		8.0	M	55	ZeroCERT

46717	2024-08-06 09:44	NamzScript.exe be87988d10070a2a95aa02f5cdab0aab Generic Malware Malicious Library UPX .NET framework(MSIL) AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE VirusTotal Malware PDB Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder Remote Code Execution					6.2	M	29	ZeroCERT

46718	2024-08-06 09:45	sg3.exe 5f3dd0514c98bab7172a4ccb2f7a152d Malicious Library Malicious Packer PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	60	ZeroCERT

46719	2024-08-06 09:46	herso.exe 54dda3a0f0895906ba57a691a4655415 Amadey Stealc RedLine stealer Gen1 Generic Malware EnigmaProtector Malicious Library UPX Admin Tool (Sysinternals etc ...) Antivirus Malicious Packer Code injection Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder malicious URLs sandbox evasion VMware anti-virtualization installed browsers check Tofsee Ransomware Stealc Stealer Windows Exploit Browser Email ComputerName DNS Software crashed plugin	13 Keyword trend analysis Info http://185.215.113.24/0d60be0de163924d/vcruntime140.dll http://185.215.113.16/steam/random.exe - rule_id: 41792 http://185.215.113.19/Vi9leo/index.php - rule_id: 41489 http://185.215.113.24/0d60be0de163924d/msvcp140.dll http://185.215.113.24/0d60be0de163924d/nss3.dll http://185.215.113.24/0d60be0de163924d/freebl3.dll http://185.215.113.24/ - rule_id: 41729 http://185.215.113.24/0d60be0de163924d/softokn3.dll http://185.215.113.24/0d60be0de163924d/mozglue.dll http://185.215.113.16/well/random.exe - rule_id: 41492 http://185.215.113.24/0d60be0de163924d/sqlite3.dll http://185.215.113.24/e2b1563c6670f193.php - rule_id: 41793 http://185.215.113.16/num/random.exe	5	21 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	5	22.8	M	37	ZeroCERT

46720	2024-08-06 09:47	3544436.exe 1de4c3cc42232c1e3d7c09404f57b450 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder					3.2	M	45	ZeroCERT

46721	2024-08-06 10:05	ts.exe 6672b19a9ed11eb242c3b50aa23ccbf8 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key					2.8		28	ZeroCERT

46722	2024-08-06 10:11	ChromeSetup.exe e963c6226c89fbe3d8617658681fb54d Emotet Gen1 Generic Malware PhysicalDrive NSIS NMap Malicious Library UPX Malicious Packer Downloader Admin Tool (Sysinternals etc ...) Antivirus .NET framework(MSIL) ASPack Anti_VM Javascript_Blob PE File PE32 MZP Format OS Processor Check DLL DllRegiste Browser Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder sandbox evasion installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS	1 Keyword trend analysis	1	1		10.8	M	71	ZeroCERT

46723	2024-08-06 10:15	Smart.exe 52be738bee9464fbca63c454cc942ecc ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself					5.6			ZeroCERT

46724	2024-08-06 10:16	HxD.exe dbf56776aebe6a46a4098a24250aec57 task schedule PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Tofsee DNS	1 Keyword trend analysis	3	2		10.4	M	52	ZeroCERT

46725	2024-08-06 10:17	Baza.ps1 6fc27174eeb4be04079f4f3390041ac1 Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Windows Executable WriteProcessMemory		5.4	M		ZeroCERT