Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48556	2024-09-30 12:19	66f6faf1ac247_vnxsgnsd15.exe 427b61a21b5e6cce5a3427815efb41a4 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName					3.0	M	51	ZeroCERT

48557	2024-09-30 12:21	xin.exe a6b892d48afa9410bc8a485b504e136c PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName					3.0	M	45	ZeroCERT

48558	2024-09-30 17:14	FissionBabyV242.exe 884f0f7907c7a94130294f499bfc1775 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory RWX flags setting Remote Code Execution					3.2		41	ZeroCERT

48559	2024-09-30 17:16	num.exe 791fcee57312d4a20cc86ae1cea8dfc4 Stealc Generic Malware Malicious Library Antivirus UPX PE File PE32 OS Processor Check Browser Info Stealer Malware download Vidar VirusTotal Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	9 Keyword trend analysis Info http://185.215.113.37/0d60be0de163924d/vcruntime140.dll http://185.215.113.37/0d60be0de163924d/msvcp140.dll http://185.215.113.37/0d60be0de163924d/nss3.dll http://185.215.113.37/ - rule_id: 42691 http://185.215.113.37/0d60be0de163924d/softokn3.dll http://185.215.113.37/0d60be0de163924d/mozglue.dll http://185.215.113.37/0d60be0de163924d/freebl3.dll http://185.215.113.37/e2b1563c6670f193.php http://185.215.113.37/0d60be0de163924d/sqlite3.dll	1	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	7.2	M	41	ZeroCERT

48560	2024-10-01 16:39	dllhost.exe 450228d72f9f726b645c55bbbc6db905 NSIS Generic Malware Malicious Library UPX Antivirus PE File PE32 Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Ransomware Windows ComputerName Cryptographic key					7.6	M	40	ZeroCERT

48561	2024-10-01 16:40	regedit.exe 30ab541762f33f7078b472478350067e Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName keylogger					4.4		56	ZeroCERT

48562	2024-10-01 16:43	Bingus.exe 83a881587aaf48287dd220ae866ee4ee Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					2.8	M		ZeroCERT

48563	2024-10-01 16:44	test3.exe 88d33f7474baa14508fec1dde43fa417 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName keylogger					4.4	M	57	ZeroCERT

48564	2024-10-01 16:45	am.exe 7a1cee6327c5acf66e2aebb0d7bc25bc Stealc Gen1 Generic Malware Themida Malicious Library Malicious Packer UPX Socket Http API HTTP DNS Code injection Internet API AntiDebug AntiVM PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Exploit Browser Email ComputerName DNS Software crashed plugin	11 Keyword trend analysis Info http://185.215.113.43/Zu7JuNko/index.php http://185.215.113.103/well/random.exe - rule_id: 42761 http://185.215.113.37/0d60be0de163924d/msvcp140.dll http://185.215.113.37/0d60be0de163924d/nss3.dll http://185.215.113.37/0d60be0de163924d/vcruntime140.dll http://185.215.113.37/ - rule_id: 42691 http://185.215.113.37/0d60be0de163924d/softokn3.dll http://185.215.113.37/0d60be0de163924d/mozglue.dll http://185.215.113.37/0d60be0de163924d/freebl3.dll http://185.215.113.37/e2b1563c6670f193.php http://185.215.113.37/0d60be0de163924d/sqlite3.dll	3	19 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	20.2	M	60	ZeroCERT

48565	2024-10-01 16:45	66fad513a308f_SubstituteAgain.... 35bab7028aa376556c3236b773506a9b Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					6.0	M	16	ZeroCERT

48566	2024-10-01 16:47	66fad551bd8fd_edgeupdater.exe 205eba033c31a42d83971958eee8d0eb UPX PE File ftp PE64 VirusTotal Malware					1.6	M	22	ZeroCERT

48567	2024-10-01 16:48	66fa7e7373674_4.exe 245f52e7267ef7042583d20b32023967 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.6	M	44	ZeroCERT

48568	2024-10-01 16:49	66f95555bb57c_zKODjTqg.exe e9e4631f6d4869dd176e01d368e12ce1 Generic Malware Malicious Library UPX Antivirus PE File PE64 OS Processor Check PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					6.6	M	26	ZeroCERT

48569	2024-10-01 16:51	test4.exe 46f4e9e014b98c134115aea903685518 Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName keylogger					4.4	M	57	ZeroCERT

48570	2024-10-01 17:08	nicetoseeyouonehrewithentireli... e571a5e64f7f2eead04060b151bd373f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Exploit DNS crashed		1			4.8	M	39	ZeroCERT