Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46831	2024-08-09 07:53	buildz.exe b7cb7f2b5cd9bd047710650295dc88f7 Suspicious_Script_Bin Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Malware Microsoft AutoRuns Code Injection malicious URLs Tofsee Windows ComputerName DNS	2 Keyword trend analysis	4	6 Info ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET POLICY External IP Address Lookup DNS Query (2ip .ua)	1	4.8	M		ZeroCERT

46832	2024-08-09 07:54	DivxBra.exe 4ee6fb632595268ef97aacf18a0bffb8 Suspicious_Script_Bin Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P An suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Ransomware Windows ComputerName					7.0	M		ZeroCERT

46833	2024-08-09 07:56	bsso_launcher_v1.exe 6a60f6fbd451bfb11d0c943706ceda0a Malicious Library UPX PE File PE64 ftp OS Processor Check Check memory Checks debugger Creates executable files RWX flags setting unpack itself Check virtual network interfaces Tor DNS crashed		5	6 Info ET TOR Known Tor Exit Node Traffic group 70 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 70 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 258 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 194 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 788 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 170		5.2	M		ZeroCERT

46834	2024-08-09 07:56	stealc_default.exe e78239a5b0223499bed12a752b893cad Stealc Gen1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	9 Keyword trend analysis Info http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll - rule_id: 275 http://185.215.113.17/2fb6c2cc8dce150a.php - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/softokn3.dll - rule_id: 275 http://185.215.113.17/ - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/freebl3.dll - rule_id: 275	1	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	9	7.2	M		ZeroCERT

46835	2024-08-09 07:57	GOLD.exe e71c0c5d72455dde6510ba23552d7d2f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB unpack itself crashed					1.2	M		ZeroCERT

46836	2024-08-09 09:25	file3333.exe 978623ad6b4d9385c047d9315423c754 PE File PE64 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2	M	46	ZeroCERT

46837	2024-08-09 09:27	S%D0%B5tup1.exe ea4d0c345eec97f8ec7174b210798a56 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself					2.6	M	37	ZeroCERT

46838	2024-08-09 09:27	file234.exe def6f274c14351d9cf0f49798b5a833d Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 VirusTotal Malware AutoRuns PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs suspicious TLD Tofsee Windows Discord Remote Code Execution DNS	6 Keyword trend analysis Info http://194.58.114.223/d/385121 https://pastebin.com/raw/xYhKBupz - rule_id: 36780 https://yip.su/RNWPd.exe - rule_id: 37623 https://iplogger.com/1uNwK4 https://cdn.discordapp.com/attachments/1271038807315185718/1271141520195715093/setup.exe?ex=66b6424b&is=66b4f0cb&hm=de560db8ff6dd3fa9ac31172f1bd3d348b35190c8d570ea98c882ca3b5c00fdd& https://github.com/evan9908/Setup/raw/main/Filemy.exe	15 Info yip.su(104.21.79.77) - mailcious github.com(20.200.245.247) - mailcious pastebin.com(172.67.19.24) - mailcious iplogger.com(172.67.188.178) - mailcious cdn.discordapp.com(162.159.135.233) - malware raw.githubusercontent.com(185.199.110.133) - malware ironmanrecycling.com(147.45.60.44) - malware 104.20.3.235 - malware 147.45.60.44 - malware 162.159.133.233 - malware 185.199.111.133 - mailcious 104.21.76.57 104.21.79.77 - phishing 194.58.114.223 - mailcious 20.200.245.247 - malware	10 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET HUNTING Redirect to Discord Attachment Download	2	12.0	M	49	ZeroCERT

46839	2024-08-09 09:30	file200h.exe 5325fec9552fa277891e782b77a475ee Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder malicious URLs Tofsee Windows Discord Remote Code Execution DNS	6 Keyword trend analysis Info http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://194.58.114.223/d/385104 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://github.com/evan9908/Setup/raw/main/Umar.exe https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e&	15 Info raw.githubusercontent.com(185.199.108.133) - malware github.com(20.200.245.247) - mailcious pastebin.com(104.20.4.235) - mailcious yip.su(172.67.169.89) - mailcious cdn.discordapp.com(162.159.130.233) - malware cacerts.digicert.com(152.195.38.76) ironmanrecycling.com(147.45.60.44) - malware 104.20.3.235 - malware 185.199.111.133 - mailcious 147.45.60.44 - malware 152.195.38.76 162.159.135.233 - malware 194.58.114.223 - mailcious 172.67.169.89 20.200.245.247 - malware	8 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET HUNTING Redirect to Discord Attachment Download ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	2	12.0	M	55	ZeroCERT

46840	2024-08-09 09:32	setup2.exe 098621a8fa13fdfd4ce2d9c3dc010092 Malicious Library Malicious Packer Antivirus UPX AntiDebug AntiVM PE File PE64 OS Processor Check PE32 VirusTotal Malware AutoRuns PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces malicious URLs Tofsee Windows Discord Remote Code Execution DNS	7 Keyword trend analysis Info http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://194.58.114.223/d/385104 https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://yip.su/RNWPd.exe - rule_id: 37623 https://github.com/evan9908/Setup/raw/main/Umar.exe https://cdn.discordapp.com/attachments/1271038807315185718/1271141416722235504/setup.exe?ex=66b64232&is=66b4f0b2&hm=54ce8f39d23ca603ff6f30c94a6a47d0c4b423d21c32cc49cdd2dfd3da22283e& https://iplogger.com/1lyxz	17 Info cacerts.digicert.com(152.195.38.76) iplogger.com(104.21.76.57) - mailcious github.com(20.200.245.247) - mailcious pastebin.com(172.67.19.24) - mailcious yip.su(104.21.79.77) - mailcious cdn.discordapp.com(162.159.129.233) - malware raw.githubusercontent.com(185.199.111.133) - malware ironmanrecycling.com(147.45.60.44) - malware 104.20.3.235 - malware 162.159.134.233 - malware 147.45.60.44 - malware 152.195.38.76 172.67.188.178 - mailcious 185.199.110.133 - malware 194.58.114.223 - mailcious 172.67.169.89 20.200.245.247 - malware	10 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Redirect to Discord Attachment Download ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Packed Executable Download ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	2	12.2	M	54	ZeroCERT

46841	2024-08-09 10:06	file3333.exe 978623ad6b4d9385c047d9315423c754 Vidar PE File PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.4	M	46	r0d

46842	2024-08-09 10:47	89.hta f904e8a5141b08f3f8e2121459f539fe Generic Malware Downloader Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	3		11.4	M	18	ZeroCERT

46843	2024-08-09 10:48	envifa.vbs 23cef0c9c3e02cc2bdc8516b889d1191 Generic Malware Antivirus Hide_URL PowerShell Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		10.0			ZeroCERT

46844	2024-08-09 10:48	sostener.vbs 23cef0c9c3e02cc2bdc8516b889d1191 Generic Malware Antivirus Hide_URL PowerShell Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		10.0			ZeroCERT

46845	2024-08-09 10:49	Run112.exe 85a9287c26148788deff9c77bab244b3 Emotet Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows		2	1		3.6	M	41	ZeroCERT