Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48031	2024-09-13 17:11	lfndsa.exe 3b70f595f8cfd880ef64aff3d20a6bb2 Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					7.4		40	ZeroCERT

48032	2024-09-13 17:14	vfdnwe.exe 257eb69581fd80827932ed434d32470f Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	16.0	M	44	ZeroCERT

48033	2024-09-13 17:14	sgmfd.exe a991933b29e1203af5c3df1d62d0b247 Stealc Client SW User Data Stealer ftp Client info stealer Antivirus Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download Vidar VirusTotal Malware c&c PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	9 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	12.2	M	31	ZeroCERT

48034	2024-09-13 17:15	vdsn15.exe 53ec7e5668474c14f4288fe3f21de5d6 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	15.0	M	28	ZeroCERT

48035	2024-09-14 09:48	Setup.7z 4d9ad7c00699115a773f8ad0f2df7a17 Generic Malware Browser Info Stealer MachineGuid Code Injection Checks debugger exploit crash installed browsers check Exploit Browser crashed					3.2			guest

48036	2024-09-15 00:22	SearcherBar.lnk 9226ae2c94c666419fb8ec35ec248d08 Generic Malware AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware Code Injection Check memory Creates shortcut RWX flags setting unpack itself suspicious process					3.2		1	guest

48037	2024-09-16 00:30	com.apple.StreamingUnzipServic... d07742b02d523770d207b0bf47045b73 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

48038	2024-09-16 00:32	com.apple.StreamingUnzipServic... d07742b02d523770d207b0bf47045b73 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

48039	2024-09-16 18:52	epp64.exe ab71322204ed36a0791c3587b098f80e North Korea Malicious Library UPX PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself					1.8		10	ZeroCERT

48040	2024-09-16 18:52	epp32.exe 7440694cba7601b5c1cbf10e1a71bf5d North Korea Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					1.8		15	ZeroCERT

48041	2024-09-17 13:18	me.exe b691fc64d3750b2f7fd2041064f7cbc4 ASPack UPX PE File PE32 MZP Format VirusTotal Malware Check memory Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows					4.2		33	ZeroCERT

48042	2024-09-17 13:18	vfdns12.exe 95e56babf9f2cb4e5465bd164fd0e916 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	14.8	M	51	ZeroCERT

48043	2024-09-17 13:20	66e4638fb0392_otrrac.exe#kisot... a1b876e3a538a90e720d9b2ba7fbfd71 Malicious Library Http API ScreenShot PWS HTTP Internet API AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1			9.2		52	ZeroCERT

48044	2024-09-17 13:20	66e57196bb898_111.exe#111 b2a7b79dd7a9fe2786679a0ee2cddfa1 RedLine stealer RedLine Infostealer Generic Malware UltraVNC Malicious Library UPX Antivirus ScreenShot PWS AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		2	6 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET DROP Spamhaus DROP Listed Traffic Inbound group 37		15.6		54	ZeroCERT

48045	2024-09-17 13:22	payload.exe b11efd812f8fd94f3385b3ed5dc525b7 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself					3.4		64	ZeroCERT