Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5116	2024-09-22 17:26	ypqhgl.exe 990ddf57779c6d17b6885dab3f5c3494 UPX PE File PE32 VirusTotal Malware DNS		1			1.8	M	50	ZeroCERT

5117	2024-09-22 17:25	Traxx1.exe 937239c0053f3daec25ca7984676696a ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		10.0	M	55	ZeroCERT

5118	2024-09-22 17:24	66e579d0cbf2d_win.exe 049d2f0e9e03c057d906287c2003331b UPX PE File PE32 VirusTotal Malware AutoRuns Creates executable files Check virtual network interfaces Windows DNS		4			6.4	M	45	ZeroCERT

5119	2024-09-22 17:23	audiodg.exe 8b016746ea349838ed337927770248eb Formbook Gen1 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL FormBook Browser Info Stealer Malware download VirusTotal Malware Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Browser	8 Keyword trend analysis Info http://www.magmadokum.com/fo8o/?01Rq=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&G0g-=NkDPf - rule_id: 39856 http://www.magmadokum.com/fo8o/ - rule_id: 39856 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.3xfootball.com/fo8o/ - rule_id: 39852 http://www.goldenjade-travel.com/fo8o/?01Rq=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&G0g-=NkDPf - rule_id: 39854 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854 http://www.3xfootball.com/fo8o/?01Rq=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&G0g-=NkDPf - rule_id: 39852	9 Info www.magmadokum.com(85.159.66.93) - mailcious www.kasegitai.tokyo() - mailcious www.3xfootball.com(154.215.72.110) - mailcious www.goldenjade-travel.com(116.50.37.244) - mailcious www.antonio-vivaldi.mobi() - mailcious 45.33.6.223 85.159.66.93 - mailcious 116.50.37.244 - mailcious 154.215.72.110 - mailcious	1	6	6.4	M	47	ZeroCERT

5120	2024-09-22 17:23	66ecb454d2b4a_lgfdsjgds.exe 384a847ad2833788fa253433fd2eea8d Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS		1			8.6	M	48	ZeroCERT

5121	2024-09-22 17:21	66eef0d509347_vfdshg16.exe 4ae2d1685d2732cfcd128560424c53cc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	6	3		16.6	M	28	ZeroCERT

5122	2024-09-22 17:20	seethepicturetogetmebacktheupd... 8ba173734c1a8532e0b2ebcb3b6602ab MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.8	M	41	ZeroCERT

5123	2024-09-22 17:19	wecreatednewthingsinthisworldt... 16e108820a6288c25887dbc7f7dff60a Formbook MS_RTF_Obfuscation_Objects RTF File doc FormBook Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Windows Exploit DNS crashed	8 Keyword trend analysis Info http://www.magmadokum.com/fo8o/ - rule_id: 39856 http://www.goldenjade-travel.com/fo8o/?6tE9=LFKqyrcu7g1NCa8bIVnmntQ0zrEKrQSprIMLtaWgKJ9bBKQr4dsn0J7ZoYUgIJ+R6Sel8OhXEcHhC7LyM9bkgjIIu2U6i6kbe5asCJcEX28JEcHJIWfCjODnuc7OiogdzaMrHf8=&9p=CzyK2TzevP2p - rule_id: 39854 http://www.3xfootball.com/fo8o/ - rule_id: 39852 http://104.243.38.54/600/audiodg.exe http://www.goldenjade-travel.com/fo8o/ - rule_id: 39854 http://www.magmadokum.com/fo8o/?6tE9=qL3nKp+YSjoaTomnND+fiETGbzpIgkHGMW8DXsDTZ4AADrD7Wpn1kxM1jYW2/C2WhyBblBh5NUSWrO5bZjyCcVkJYbxxq5QITB2h2xAyEikjbcoqZSmDOCeIE8A+B7hyBKIW8mw=&9p=CzyK2TzevP2p - rule_id: 39856 http://www.3xfootball.com/fo8o/?6tE9=IhZyPQIGe6uK3zPwwQVGm4hCASyaX3xlW2eS79Xk6ut4afzj0LiRHBqZsEmyTx+18GfGhVOagMos+c9dx/PGjLGAfpOvJ7U3hUqpnKd0zHv/hQdGhX4G3JlCydyJ23yerjxn4r8=&9p=CzyK2TzevP2p - rule_id: 39852 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip	10 Info www.magmadokum.com(85.159.66.93) - mailcious www.kasegitai.tokyo() - mailcious www.3xfootball.com(154.215.72.110) - mailcious www.goldenjade-travel.com(116.50.37.244) - mailcious www.antonio-vivaldi.mobi() - mailcious 85.159.66.93 - mailcious 116.50.37.244 - mailcious 45.33.6.223 104.243.38.54 - mailcious 154.215.72.110 - mailcious	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE FormBook CnC Checkin (GET) M5	6	5.0	M	35	ZeroCERT

5124	2024-09-22 15:22	config.exe 1734e1fd7e4ca651b03421c5a75441e9 Emotet Generic Malware Malicious Library Malicious Packer ASPack UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory unpack itself RCE					2.0	M	11	ZeroCERT

5125	2024-09-22 15:19	game.exe 49a4df6234a85f29ff15b8d58dcb995b Generic Malware Malicious Library ASPack UPX Anti_VM PE File PE32 OS Processor Check VirusTotal Malware PDB DNS		1			1.8	M	11	ZeroCERT

5126	2024-09-22 15:17	svchost.exe d2b9d12a630cf96b6d4da31de2af0e35 Malicious Library UPX AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory ICMP traffic unpack itself Windows utilities suspicious process AppData folder Windows DNS		3			8.4		60	ZeroCERT

5127	2024-09-22 15:15	66eef0d7ec94e_vrewgh12.exe ebc0f29cf652faa6f21b72b4399d8274 Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3		15.8	M	32	ZeroCERT

5128	2024-09-22 15:14	66eef0cc8034a_sdgdfs.exe 9a29528b1463ae389bd3e03e4e686a56 Stealc Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Downloader Antivirus Malicious Library UPX Malicious Packer Http API PWS HTTP Code injection Internet API Create Service Socket DGA ScreenShot Escalate priviled Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	12 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://147.45.44.104/prog/66eef0ca0fb35_lfdsa.exe http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll https://steamcommunity.com/profiles/76561199780418869 http://147.45.44.104/prog/66eef0d27af21_vfdsgfd.exe	7	21 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Telegram Domain (t .me in TLS SNI) ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	19.0	M	34	ZeroCERT

5129	2024-09-22 15:13	qq-1950222243-x%e2%80%aexcod.e... 06a0c92c691e980875b3345ce72fe78b Generic Malware Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check PE64 MSOffice File VirusTotal Malware PDB MachineGuid Code Injection Check memory Creates executable files unpack itself RCE DNS crashed		1			8.2	M	53	ZeroCERT

5130	2024-09-22 15:13	nate.exe 697b27aac08e83e9e231721e7a03ae86 Amadey Themida Generic Malware UPX Antivirus PE File PE32 Browser Info Stealer Malware download Amadey Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself Checks Bios Detects VMWare suspicious process AppData folder VMware anti-virtualization installed browsers check Windows Exploit Browser ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	2	3	1	13.8	M		ZeroCERT