Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48706	2024-10-08 21:59	f2e7fcb20146.exe#sp_sl 4f9ef89029c099ef1a16718087c1deab Stealc Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Malicious Library UPX Malicious Packer Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download Vidar Malware c&c Code Injection Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS crashed plugin	9 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	11.4	M		ZeroCERT

48707	2024-10-08 21:59	Journal-http.hta 439ba39a07845e334c3c4422a96bc72b PE File VirusTotal Malware Check memory Creates executable files RWX flags setting unpack itself					2.6	M	41	ZeroCERT

48708	2024-10-08 22:01	legendaryy.exe 99755e3ea5c87d187212ad38d5039d26 UPX PE File PE32 VirusTotal Malware					1.2	M	53	ZeroCERT

48709	2024-10-09 01:21	People Australia - 25 Beach Ba... e9e81bd826d0947a990d3c9936ceda56 PDF								guest

48710	2024-10-09 12:53	testt.exe a2ac6c5d603c263031f0230c6f3c6911 RedLine Infostealer RedLine stealer Malicious Library Confuser .NET .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	63	ZeroCERT

48711	2024-10-09 12:56	111_2023-04-07_08-22.exe b1c1243d05e33560bfbda42ce515db8f email stealer Downloader Malicious Library Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Code injection persistence KeyLogger AntiDebug AntiVM PE File PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS		1			9.4	M	59	ZeroCERT

48712	2024-10-09 12:58	Miles.exe 1a736481ee80955422945de5dd8589dd RedLine Infostealer RedLine stealer Malicious Library Confuser .NET .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.2	M	58	ZeroCERT

48713	2024-10-09 12:58	02.exe 39e7dc7f0cfa0ef6b646e794161d91a7 Browser Login Data Stealer UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Check memory unpack itself Ransomware Browser DNS Software		1			5.4	M	57	ZeroCERT

48714	2024-10-09 13:01	asdz2.png 61d3abff46a6bd2946925542c7d30397 PE File PE64 VirusTotal Cryptocurrency Miner Malware DNS CoinMiner		6	2		1.4	M	58	ZeroCERT

48715	2024-10-09 13:01	docii.exe 1590a3efb4a143305e7182fbd284a414 .NET framework(MSIL) UPX Anti_VM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself ComputerName					4.0	M	42	ZeroCERT

48716	2024-10-09 13:04	UpdateSSSS.exe 9bd3fecfb842b3d4d7f02500e78211b2 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.0	M	58	ZeroCERT

48717	2024-10-09 13:07	installs.exe ce9c1a7e9ed06f8a9024c92b707fd19a Generic Malware Malicious Library .NET framework(MSIL) UPX Antivirus PE File .NET EXE PE32 OS Processor Check AutoRuns suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key crashed					6.2	M		ZeroCERT

48718	2024-10-09 13:07	sdadsasad.png 9a9d216f95f0bbdd7efc41722cc81310 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.4	M	39	ZeroCERT

48719	2024-10-09 13:08	dheend.exe 93fd11cf69ac4f2b596f4e51a561b7b0 Downloader Malicious Library Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 Browser Info Stealer VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows Browser ComputerName DNS		1			9.2	M	53	ZeroCERT

48720	2024-10-10 09:33	naturegustgoodgreatthingstobew... f31ba8351265a427efdf3b2d24ec6fab MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware					1.4	M	36	ZeroCERT