Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48631	2024-10-05 09:32	payload.msi 9447b458d4be9714bb4b3e3d86755863 Generic Malware Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName DNS	1 Keyword trend analysis	1			4.4	M	23	ZeroCERT

48632	2024-10-05 11:33	956d73b7f041.exe#default15st 709f55abde1c2681c2f294f68ecf4857 Stealc Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Malicious Library UPX Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Malware c&c Code Injection Malicious Traffic Check memory buffers extracted unpack itself Stealc ComputerName DNS crashed	2 Keyword trend analysis	1	2	1	8.0	M		ZeroCERT

48633	2024-10-05 11:35	f2e7fcb20146.exe#sp_sl 6960d771032d4682cbdbd83b35772731 Stealc Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Malicious Library UPX Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar Email Client Info Stealer Malware c&c Code Injection Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin	9 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	12.6	M		ZeroCERT

48634	2024-10-05 11:35	7f3c2473d1e6.exe#sp_vid 91eca65924485e9d94794e4de8796d45 Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Malicious Library UPX Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download Vidar Malware c&c MachineGuid Code Injection Malicious Traffic Check memory buffers extracted WMI unpack itself Collect installed applications malicious URLs sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName crashed plugin	2 Keyword trend analysis	2	4 Info ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		11.4	M		ZeroCERT

48635	2024-10-05 11:38	9dd06d870941.exe#d15 7d729c310433884df470d36f612398f3 Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Malicious Library UPX Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Malware download Vidar Malware c&c MachineGuid Code Injection Malicious Traffic Check memory buffers extracted WMI unpack itself Collect installed applications malicious URLs sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName crashed plugin	2 Keyword trend analysis	2	4 Info ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		11.4	M		ZeroCERT

48636	2024-10-05 11:39	66fe13d56fd43_EdgeOUpdater.exe... cdb17e17bc4e4d51fde6a4620cec014c Malicious Library PE File .NET EXE PE32 Lnk Format GIF Format VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName					6.0	M	54	ZeroCERT

48637	2024-10-05 11:40	66fffb908255c_nnxin.exe 0c11d30a02ea3b4bde5fa33c18845928 Generic Malware Malicious Library UPX Antivirus PE File PE64 OS Processor Check PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					6.6		21	ZeroCERT

48638	2024-10-05 14:39	mime-attachment 2 40c95bb61c343cac4225b6aefc47c26f AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email					3.2			guest

48639	2024-10-05 17:11	66f8f23776c09_DisplayedScreens... 659535a3135886f39da6baf90e54ad98 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName					7.8	M	50	guest

48640	2024-10-05 23:50	SASCollectorLocal.plist 1032fae9c899f98d864062a4e411b0d8 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

48641	2024-10-06 00:03	__leanplum.sqlite 841873de7f6a9774e0d0ddaf2cf5e67e AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

48642	2024-10-06 00:07	eventlog.sqlite-wal 8dd99d9cb733f262f9f15a5e38e1bffb AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

48643	2024-10-06 00:10	Screenshot 2024-09-12 at 4.50.... 1ff464478b87a8993ec83a021e67a030 PDF Suspicious Link PDF								guest

48644	2024-10-06 00:12	Screenshot 2024-09-24 at 10.39... bab72e0cfa6ee351c92b6d0d7f8dc3f4 PDF unpack itself Windows utilities Windows					1.4			guest

48645	2024-10-06 00:39	Screenshot 2024-09-12 at 4.50.... 1ff464478b87a8993ec83a021e67a030 PDF Suspicious Link PDF								guest