Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
47431	2024-08-22 15:04	jhi_service.exe 858cf3afd18d69880a07793ad273c232 Suspicious_Script_Bin Malicious Library UPX PE File PE32 DLL Lnk Format GIF Format VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware					6.0	M	45	ZeroCERT

47432	2024-08-22 15:06	lOpkseAloegPhxxAcv.doc 77d04e68c46c843c399d83b858b9b46a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1	1		4.6	M	33	ZeroCERT

47433	2024-08-22 15:06	yummycakewithbutterbunwhichver... 85485a1e88e7a07db924b5e3ac587c52 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.6	M	34	ZeroCERT

47434	2024-08-22 15:09	pp.exe 3b767e28d61198d14a3ef101f0c7006a UPX PE File PE32 VirusTotal Malware					1.2	M	40	ZeroCERT

47435	2024-08-22 15:09	lOpkseAloegPhxxAcv.exe 8457be7f4b6910dc68805dacb8009200 Generic Malware Malicious Library Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	6	9 Info ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI ET INFO 404/Snake/Matiex Keylogger Style External IP Check SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET HUNTING Telegram API Domain in DNS Lookup		15.2	M	52	ZeroCERT

47436	2024-08-22 15:10	creambutterbunwhichtastyandyum... 7d9390f8ceb53bcf05fe13ad7c3f9c8f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.8	M	40	ZeroCERT

47437	2024-08-22 15:11	yummybuttercakeaddedchocolatew... ce3b08f58d579862f5b03bb1f563f9f9 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed					3.2	M	33	ZeroCERT

47438	2024-08-22 15:12	421.exe 25c75c74ec87ede8338e514ed520126d UPX PE File PE32 VirusTotal Malware					1.2	M	48	ZeroCERT

47439	2024-08-22 15:13	098.exe d62734be89eafc36d0f9fc8f3d3f0b60 ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		9.8	M	36	ZeroCERT

47440	2024-08-22 15:25	critalixfree1.exe dac84ff02014b5a5302123b09ca992a4 UPX PE File PE64 OS Processor Check VirusTotal Malware PDB					1.2	M	34	ZeroCERT

47441	2024-08-22 15:25	8.exe 7ff76b5beb86b5301239bba18f72e18c Malicious Packer UPX PE File PE32 VirusTotal Malware MachineGuid Check memory WMI Check virtual network interfaces AntiVM_Disk VM Disk Size Check Windows ComputerName					4.0	M	25	ZeroCERT

47442	2024-08-22 15:26	fc.exe 36c1f4bde9faa23abacb87a2d090ce77 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Check memory buffers extracted Creates shortcut unpack itself Collect installed applications sandbox evasion IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Browser Email ComputerName Trojan Banking DNS		4	8 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped		12.4	M	30	ZeroCERT

47443	2024-08-22 15:28	random.exe 2793052c06a09759b35d30e329294b6a Generic Malware Downloader Malicious Library Malicious Packer UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Checks debugger Creates executable files exploit crash Windows utilities suspicious process malicious URLs installed browsers check Windows Exploit Browser crashed					10.2	M	33	ZeroCERT

47444	2024-08-22 15:29	random.exe a2914123bfcdb29e06dc8283ffb24aef Stealc Gen1 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin	9 Keyword trend analysis Info http://185.215.113.100/0d60be0de163924d/mozglue.dll http://185.215.113.100/0d60be0de163924d/nss3.dll http://185.215.113.100/0d60be0de163924d/freebl3.dll http://185.215.113.100/0d60be0de163924d/vcruntime140.dll http://185.215.113.100/0d60be0de163924d/sqlite3.dll http://185.215.113.100/ - rule_id: 41969 http://185.215.113.100/e2b1563c6670f193.php - rule_id: 41968 http://185.215.113.100/0d60be0de163924d/softokn3.dll http://185.215.113.100/0d60be0de163924d/msvcp140.dll	1	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	12.2	M	29	ZeroCERT

47445	2024-08-22 15:48	ioqjWeKazzLuiTHfd.doc 16ddde7b45c040f9fb63e73863134f5c MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1	1		4.6	M	36	ZeroCERT