Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
47386	2024-08-21 13:39	66c4c6ec7d961_crypto.exe#kiscr 2bd4145da31909b2dc0d423a626224a7 Stealc Client SW User Data Stealer ftp Client info stealer Malicious Library Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware c&c PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Stealc ComputerName DNS	2 Keyword trend analysis	1	1	2	10.2	M	14	ZeroCERT

47387	2024-08-21 13:41	shost.exe 10a826203139ab5be148ca3ff88b8acc Malicious Packer PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1		2.6	M	43	ZeroCERT

47388	2024-08-21 13:42	66bb584acc7f2_stealc_default.v... 769696b4d235e0184c2c8099e39b2394 Stealc Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	9 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll	3	17 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	15.2	M	61	ZeroCERT

47389	2024-08-21 13:43	66b9d0b4a2cab_stealc.exe 0bdfd2ac36beee175c70cce6e11ed893 Client SW User Data Stealer ftp Client info stealer Generic Malware Malicious Library UPX Http API PWS AntiDebug AntiVM PE File ftp .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE PDB Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			10.4	M	56	ZeroCERT

47390	2024-08-21 13:46	Setup2.exe 37263ede84012177cab167dc23457074 Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 VirusTotal Malware Check memory unpack itself suspicious TLD DNS		1	1		2.6	M	43	ZeroCERT

47391	2024-08-21 13:47	klds.exe 06f3cde26cf65abbf65884e0ea52a40c XWorm Generic Malware WebCam Malicious Library Antivirus UPX KeyLogger AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware powershell Telegram Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Remote Code Execution DNS Cryptographic key keylogger		2	4		12.6	M	5	ZeroCERT

47392	2024-08-21 13:47	66bf6d1018bb1_deskman.exe 9b3fcb53cc12bc68eb44db3e55ad4731 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll MSOffice File OS Processor Check VirusTotal Malware					1.0	M	37	ZeroCERT

47393	2024-08-21 13:48	meta.exe 3aace51d76b16a60e94636150bd1137e RedLine stealer Malicious Library Malicious Packer Antivirus UPX PWS AntiDebug AntiVM PE File PE64 OS Processor Check RedLine Malware download VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory buffers extracted Stealer Remote Code Execution DNS		1	3		7.0	M	41	ZeroCERT

47394	2024-08-21 13:48	66bdc869b864d_stealc_cry.exe 175e665a8d0021510549eb8557b01bbf Stealc Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX PE File PE32 Malware download VirusTotal Malware c&c Malicious Traffic Check memory unpack itself Stealc ComputerName DNS	2 Keyword trend analysis	1	1	2	3.8	M	65	ZeroCERT

47395	2024-08-21 13:50	66bb9d818245b_MoonDescribing.e... 310e5c68c94e313befd538b9e999360a Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName					6.2	M	31	ZeroCERT

47396	2024-08-21 13:52	66be35a2807ef_crypted.exe e93bf642b8564c006f501145b32ec1f6 RedLine stealer ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		13.2	M	56	ZeroCERT

47397	2024-08-21 13:53	66c0f6e668215_stealc_test.exe 9dcd1be11b36b327ced51156db4f63be Stealc Client SW User Data Stealer ftp Client info stealer Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download Vidar VirusTotal Malware c&c PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	9 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll	1	15 Info ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	12.4	M	57	ZeroCERT

47398	2024-08-21 13:54	Dtrade_v1.3.6.exe 1f6c6f36d126cd027ded1915e321c693 Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware					1.0	M	6	ZeroCERT

47399	2024-08-21 13:55	66bd012162049_crypted.exe 2b503d87bce8e2b33a70533884bd0e6d RedLine stealer Malicious Library .NET framework(MSIL) ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		13.2	M	59	ZeroCERT

47400	2024-08-21 13:57	66c4c6a2204b0_crypted.exe#1 5cbad7345107123b9aa522533a0978d2 Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.4	M	29	ZeroCERT