Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
47506	2024-08-24 19:08	66c8bcf897a73_xin.exe 5ed5be6e0b1f72f6e5c7e2b6d9a470da RedLine stealer Antivirus PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			8.6	M	50	ZeroCERT

47507	2024-08-24 19:08	sne2ugn.exe 44576f75042e6400196662c9ed6e0152 Stealc Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Downloader Antivirus Malicious Library UPX Malicious Packer Http API PWS Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	12 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://147.45.44.104/prog/66c8f1817d261_valef.exe http://147.45.44.104/prog/66c8f1851766d_lename.exe http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll https://steamcommunity.com/profiles/76561199761128941 - rule_id: 42293	7	21 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	3	17.8	M	54	ZeroCERT

47508	2024-08-24 19:09	66c71ea568b23_LingerieMarshall... 63787e6df0b85a10bd1132dfd3afe6c7 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName					6.8	M	26	ZeroCERT

47509	2024-08-24 19:10	setup2.exe d78d85135f584e455f692923d9feb804 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.2	M	43	ZeroCERT

47510	2024-08-24 19:11	script.exe dc37d19933e5689c25bc6cce8c15d58c NSIS Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Cryptocurrency Miner Malware AutoRuns Check memory Checks debugger WMI Creates executable files WriteConsoleW Windows ComputerName DNS CoinMiner	1 Keyword trend analysis	1	1		4.0	M	11	ZeroCERT

47511	2024-08-24 19:12	nicemengivinglotofsweetbutters... a9413df0cfdac99cdba5f57e62e5af76 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.8	M	40	ZeroCERT

47512	2024-08-24 19:13	payload_x86.ps1 194d1495881b3eb9703f20e7d48eaefd Generic Malware Antivirus VirusTotal Malware Check memory unpack itself DNS		2			3.6	M	39	ZeroCERT

47513	2024-08-24 19:15	install.exe cb4e8358a58de5cd176e3c4bbe264043 Emotet Gen1 Malicious Library UPX PE File PE32 MZP Format PE64 DLL OS Processor Check VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder					3.2	M	36	ZeroCERT

47514	2024-08-25 18:39	a.exe 06acac40f95b938cc52dd263fd39f631 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting DNS crashed		1			4.0	M	60	ZeroCERT

47515	2024-08-25 18:39	66c9dc4089598_update.exe#upus 857d79717817a2a9831add6dccf79305 Malicious Library Malicious Packer UPX PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName Remote Code Execution					3.2		42	ZeroCERT

47516	2024-08-25 18:41	microsoft-system-repair.msi 56130894f8bfb3a0f4b33cd2f9d765b4 Generic Malware Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					2.4	M	14	ZeroCERT

47517	2024-08-25 18:42	LummaC22222.exe 40e9f5e6b35423ed5af9a791fc6b8740 UPX PE File PE32 VirusTotal Malware					1.2	M	61	ZeroCERT

47518	2024-08-25 18:44	nc.exe 5cae15c12e26d4ac8f32cd7026a5cb7a ZIP Format VirusTotal Malware					1.0	M	35	ZeroCERT

47519	2024-08-25 18:45	stealc_default2.exe 7a02aa17200aeac25a375f290a4b4c95 Stealc Gen1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	16 Keyword trend analysis Info http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll http://185.215.113.17/2fb6c2cc8dce150a.php - rule_id: 42279 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll http://185.215.113.17/f1ddeb6592c03206/softokn3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/softokn3.dll http://185.215.113.17/ - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll http://185.215.113.17/f1ddeb6592c03206/freebl3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/freebl3.dll	1	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Dotted Quad Host DLL Request ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	9	8.4	M	66	ZeroCERT

47520	2024-08-25 18:46	securityscan.exe 11e16989e5df2577e5ebf712e4f639cc Antivirus UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	45	ZeroCERT