Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
47761	2024-09-02 11:17	random.exe 82f430cb027d4089280c1a2a42335131 Stealc Amadey Lumma RedLine stealer Gen1 Emotet Generic Malware Admin Tool (Sysinternals etc ...) UPX Malicious Library Antivirus Malicious Packer .NET framework(MSIL) ScreenShot PWS AntiDebug Ant Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder suspicious TLD sandbox evasion VMware anti-virtualization IP Check installed browsers check Kelihos Stealc CryptBot Stealer Windows Browser Email ComputerName DNS Cryptographic key Software crashed plugin	32 Keyword trend analysis Info http://ddl.safone.dev/3850492/seidr_build.exe?hash=AgADjB http://185.215.113.17/f1ddeb6592c03206/freebl3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/freebl3.dll http://fivexv5vs.top/v1/upload.php http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll http://185.215.113.16/inc/crypteda.exe - rule_id: 41506 http://185.215.113.16/Jo89Ku7d/index.php - rule_id: 41502 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll http://ddl.safone.dev/3846244/1.exe?hash=AgADek http://185.215.113.16/inc/Amadeus.exe http://185.215.113.19/ProlongedPortable.dll http://ddl.safone.dev/3823166/crypted.exe?hash=AgADZl http://185.215.113.26/Nework.exe http://ddl.safone.dev/3846638/GetSys.exe?hash=AgADAh http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll http://sevxv17pt.top/v1/upload.php - rule_id: 42432 http://ddl.safone.dev/3846636/Set-up.exe?hash=AgADDB http://185.215.113.17/ - rule_id: 275 http://x1.i.lencr.org/ http://stagingbyvdveen.com/get/setup2.exe - rule_id: 42015 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll http://185.215.113.17/f1ddeb6592c03206/softokn3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/softokn3.dll http://185.215.113.17/f1ddeb6592c03206/nss3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll http://185.215.113.17/2fb6c2cc8dce150a.php - rule_id: 42279 http://ddl.safone.dev/3840509/build.exe?hash=AgADNB http://185.215.113.26/Dem7kTu/index.php - rule_id: 42445	19 Info stagingbyvdveen.com(147.45.60.44) - malware fivexv5vs.top(195.133.48.136) sevxv17pt.top(195.133.13.230) - mailcious ipinfo.io(34.117.59.81) x1.i.lencr.org(23.52.33.11) ddl.safone.dev(63.32.161.232) - malware 154.216.17.170 - malware 23.207.177.83 185.215.113.16 - mailcious 185.215.113.17 - malware 185.215.113.19 - malware 147.45.60.44 - malware 95.216.143.20 52.212.52.84 - malware 185.215.113.26 - mailcious 195.133.48.136 95.179.250.45 34.117.59.81 195.133.13.230 - mailcious	28 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Packed Executable Download ET MALWARE Possible Kelihos.F EXE Download Common Structure ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 ET INFO HTTP Request to a .top domain ET DNS Query to a .top domain - Likely Hostile ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io)	14 Info http://185.215.113.17/ http://185.215.113.17/ http://185.215.113.16/inc/crypteda.exe http://185.215.113.16/Jo89Ku7d/index.php http://185.215.113.17/ http://185.215.113.17/ http://sevxv17pt.top/v1/upload.php http://185.215.113.17/ http://stagingbyvdveen.com/get/setup2.exe http://185.215.113.17/ http://185.215.113.17/ http://185.215.113.17/ http://185.215.113.17/2fb6c2cc8dce150a.php http://185.215.113.26/Dem7kTu/index.php	27.2	M	43	ZeroCERT

47762	2024-09-02 12:06	rkduajedzcrd.exe 0838e4e90814a48e6122f4b0a2b2fc5f Generic Malware PE File PE64 VirusTotal Malware DNS		2	1		1.4		59	guest

47763	2024-09-02 12:54	66cf818156193_ldjfnsfd.exe e377dae8bdf40a95db250e59842d2915 Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					7.4	M	56	ZeroCERT

47764	2024-09-02 13:34	1.exe 17d51083ccb2b20074b1dc2cac5bea36 Malicious Library UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware unpack itself ComputerName crashed					3.0		35	ZeroCERT

47765	2024-09-02 13:34	ProlongedPortable.dll f67e91ea39ec8ae219cbd761d17329b7 UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware					0.6		11	ZeroCERT

47766	2024-09-02 13:34	Amadeus.exe 36a627b26fae167e6009b4950ff15805 Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware					1.6		31	ZeroCERT

47767	2024-09-02 13:49	build.exe 05c1baaa01bd0aa0ccb5ec1c43a7d853 Emotet RedLine stealer Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware DNS		1			1.6	M	36	ZeroCERT

47768	2024-09-02 13:52	Set-up.exe 06b767bf2a7deac9b9e524c5b6986bf7 Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 DLL Malware download VirusTotal Malware Malicious Traffic AppData folder CryptBot DNS	1 Keyword trend analysis	2	3	1	3.0	M	30	ZeroCERT

47769	2024-09-02 13:52	GetSys.exe 87939a5b42854b08804a9a0ae605b260 Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware					1.0		21	ZeroCERT

47770	2024-09-02 17:47	도양기업 20240610 송장 갑지.bmp.lnk... 09b1213c8a336541a4849d65b937293f Antivirus AntiDebug AntiVM Lnk Format GIF Format wget VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis				7.0		30	ZeroCERT

47771	2024-09-02 19:09	89dd2cc4-7e59-1dd1-c77c-04ad0c... 36840d6d68314f0453c37097fac4c8d3 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

47772	2024-09-02 19:29	SCPSL_NicknameChanger.exe 4da72dc49c901dc8e3f05ad298a9c85d Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB					0.6		1	guest

47773	2024-09-03 08:46	dw.exe ce4c0b76c5f987153e922371109f666a UPX PE File PE32 Check memory Checks debugger unpack itself					1.0			ZeroCERT

47774	2024-09-03 08:50	1.exe 2978ce3b334332c2bf8e6c45652c599c Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check AutoRuns Code Injection Check memory RWX flags setting Windows utilities suspicious process AppData folder Windows Remote Code Execution DNS		1			6.2	M		ZeroCERT

47775	2024-09-03 08:55	smartscreen.exe 7e1fa0f93773dc8861a92279b7db03c6 Gen1 Generic Malware Malicious Library Malicious Packer UPX PE File ftp PE64 OS Processor Check PDB					0.8			ZeroCERT