Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
47041	2024-08-12 09:32	Extension.exe 42710df7d572082524e742e5e4f3cab0 Malicious Library Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	66	ZeroCERT

47042	2024-08-12 09:34	Z3.dll a70ec65ba18179d49c25a4b7e1203f93 Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Checks debugger unpack itself Firmware					2.2	M	20	ZeroCERT

47043	2024-08-12 09:34	tc10two.bat 021c1a85ce1ddf7303bfa9b0a222e719 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			8.2	M	31	ZeroCERT

47044	2024-08-12 09:36	cudo.exe 3bcf37b4d029d825d91a9295a1365eab Formbook Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder					2.8	M	54	ZeroCERT

47045	2024-08-12 09:36	tc10.exe dac7ffcb0844646ba715b3df810c70e2 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	68	ZeroCERT

47046	2024-08-12 09:38	file000.exe bec54fbde0ce9e70a29f1c7ba1c65891 Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX PE File .NET EXE PE32 suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces Windows Cryptographic key					2.2	M		ZeroCERT

47047	2024-08-12 09:40	pimer_bbbcontents7.exe abb5797dd47bf453358359acf2453551 Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check DLL Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Buffer PE PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	9 Keyword trend analysis Info http://213.109.147.66/af82968233105576/vcruntime140.dll http://213.109.147.66/af82968233105576/msvcp140.dll http://213.109.147.66/af82968233105576/nss3.dll http://213.109.147.66/af82968233105576/softokn3.dll http://213.109.147.66/ http://213.109.147.66/73de3362ad1122cd.php http://213.109.147.66/af82968233105576/freebl3.dll http://213.109.147.66/af82968233105576/mozglue.dll http://213.109.147.66/af82968233105576/sqlite3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity		14.2	M	12	ZeroCERT

47048	2024-08-12 09:40	Mailer.exe 07924a75dd7d92d04c18063bea0d0b61 UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			4.2	M	60	ZeroCERT

47049	2024-08-12 09:40	300.exe 4e87a872b6a964e93f3250b027fe7452 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4	M	54	ZeroCERT

47050	2024-08-12 09:43	343dsxs.exe 7b0a50d5495209fa15500df08a56428f Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4	M	56	ZeroCERT

47051	2024-08-12 09:43	Cleanup.bat 3002871f035bd89f0fd267e644140371 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			8.2	M	30	ZeroCERT

47052	2024-08-12 09:44	Accounts.vbs 5206af4c1898d8b2ec74bafd8b2b6077 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			8.4		32	ZeroCERT

47053	2024-08-12 09:45	66b5d9d3adbaa_defaultr.exe 45c0d8bedd6bff145cbe1c3064f2cf56 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Generic Malware Malicious Library .NET framework(MSIL) UPX ASPack Socket Http API PWS HTTP DNS Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	17.6	M	46	ZeroCERT

47054	2024-08-12 09:45	66b0ee142cf8f_PhotosExifEditor... 677ad736788d93b76ca77717706a8176 Generic Malware Malicious Library Malicious Packer UPX DllRegisterServer dll PE File PE64 OS Processor Check VirusTotal Malware					1.2	M	44	ZeroCERT

47055	2024-08-12 09:46	Blogger-http.bat 760e4992b9a2f60c53b67becaf62f157 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			7.2		30	ZeroCERT