Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48421	2024-09-26 10:32	ISbNwOPLmmBZ.exe 2e2e31266b24dc4bc6b0544072c84dba Formbook Generic Malware Malicious Library .NET framework(MSIL) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 FormBook Malware download Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	3 Keyword trend analysis Info http://www.3829752.cfd/bopi/?UTdDKJW=1n/mJy6ksDjD1SFo6tgU/Wr3viufzKz1zGPKoIZ/eT2C0XRqhpMPr268WDPCq90ugD8pXNLi&mL08lN=WZOxq0HpO2iTW http://www.qe2i7cghzpebk.buzz/bopi/?UTdDKJW=RLa7ILqG4DqD2QWAJ5sdOLYMTU4dZMJmeqDFyse7ghEGCiaotSRU8zg4aIvjGBOLKNss/XyU&mL08lN=WZOxq0HpO2iTW http://www.destekbirimi.xyz/bopi/?UTdDKJW=9OIArt/8XXMuOuiAXmWQOXk3C62UqizBLfIIJUoXr9mFGY36FaazwV+NPSHlUIcw8LgUWBtQ&mL08lN=WZOxq0HpO2iTW	7	3		9.8	M		ZeroCERT

48422	2024-09-26 10:36	rana.exe ef4d942f44362d48b109c8a182ba537d Stealc Gen1 Themida Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download Vidar VirusTotal Malware c&c Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS crashed plugin	9 Keyword trend analysis Info http://185.215.113.37/0d60be0de163924d/vcruntime140.dll http://185.215.113.37/0d60be0de163924d/msvcp140.dll http://185.215.113.37/0d60be0de163924d/nss3.dll http://185.215.113.37/ - rule_id: 42691 http://185.215.113.37/0d60be0de163924d/softokn3.dll http://185.215.113.37/0d60be0de163924d/mozglue.dll http://185.215.113.37/0d60be0de163924d/freebl3.dll http://185.215.113.37/e2b1563c6670f193.php http://185.215.113.37/0d60be0de163924d/sqlite3.dll	1	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	11.0	M	24	ZeroCERT

48423	2024-09-26 10:38	66f42472a1351_vfdsgfsda.exe c7f95fc671d7bf1bec293e9500577bcf PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName					2.8	M	30	ZeroCERT

48424	2024-09-26 10:39	8P3FpI01oCTrPOw.exe 784be353b28eca476e11e4d12fe1a9b4 Generic Malware Malicious Library Antivirus UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL FormBook Browser Info Stealer Malware download VirusTotal Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder suspicious TLD WriteConsoleW Windows Browser ComputerName DNS Cryptographic key		18 Info www.d22dg.top(154.23.184.194) www.moritynomxd.xyz(172.81.61.224) www.d97fw.top(206.119.82.172) www.billingserv.online(185.68.16.50) www.allsolar.xyz(51.195.62.41) www.bonusgame2024.online() www.multileveltravel.world(15.197.148.33) www.wcq24.top(154.23.184.240) www.newdaydawning.net(44.213.25.70) 45.33.6.223 15.197.148.33 - mailcious 154.23.184.194 185.68.16.50 - malware 206.119.82.172 44.213.25.70 154.23.184.240 172.81.61.224 - malware 51.195.62.41	6		12.8	M	46	ZeroCERT

48425	2024-09-26 10:40	66f4248154c67_sgdfgs.exe 93d82638ef554a5117ce5b0d23449d01 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName DNS		1			3.2	M	28	ZeroCERT

48426	2024-09-26 12:08	66f410504b945_2.exe#1 d792f4925d8e515a2aa89f5c9c157f2d Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.0	M	31	ZeroCERT

48427	2024-09-26 12:08	SoftShipment.exe 88f2f4df57c115ab7062c7a2a23e454a Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					6.6	M	47	ZeroCERT

48428	2024-09-26 12:09	vuex.exe 63af41d74c38b6c1b1a5f08ff328ed1f Generic Malware Malicious Library Malicious Packer UPX PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware					0.8	M	28	ZeroCERT

48429	2024-09-26 12:10	66f4173e61b59_12.exe#1 b9685047e27fbb94ab3bd20943b85349 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.8	M	27	ZeroCERT

48430	2024-09-26 12:11	tpgl053.exe 6fee6bf0dec81ae4155a73298b0fccbb Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself					2.2	M	33	ZeroCERT

48431	2024-09-26 12:11	ArchitectureTvs.exe 0f57f5b88b9a03374586de8eb21201b8 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check ftp VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					7.0	M	43	ZeroCERT

48432	2024-09-26 12:13	Video.scr 63b8a15b94e66b800882f5ab3d7d826e PE File PE32 VirusTotal Malware					0.6	M	4	ZeroCERT

48433	2024-09-26 12:13	hna.exe efeaaeb1be566969f1ee9333cf828c9d RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1	1		5.4	M	55	ZeroCERT

48434	2024-09-26 12:14	66f3de8e8f1c5_lyla334.exe#lyla 51636e7775782f91df225f511b297f96 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.2	M	44	ZeroCERT

48435	2024-09-26 17:10	Lab03-01R.exe 194c7354336c69313426c066719727a4 Generic Malware Downloader Malicious Library UPX Socket ScreenShot AntiDebug AntiVM PE File PE32 Lnk Format GIF Format MSOffice File DarkComet VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself AppData folder Windows ComputerName DNS keylogger		1			12.8		60	guest