Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5236	2024-09-19 09:55	66e98ff1d44e2_crypted.exe a0c6989730b44ee30722feccd86d946b RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 37 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		13.8	M	49	ZeroCERT

5237	2024-09-19 09:53	vfasmd.exe 9d0327bd2962fd98512fb4ad5fc9ad19 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	16.6	M	53	ZeroCERT

5238	2024-09-19 09:53	API.msi b1c0657b678a8e3f320476ef4ba6dfd2 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer ASPack UPX AntiDebug AntiVM MSOffice File CAB OS Processor Check PE File DLL PE64 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates executable files unpack itself AntiVM_Disk VM Disk Size Check ComputerName crashed					5.4	M	13	ZeroCERT

5239	2024-09-19 09:52	smdsg.exe 272b330726dec4add609e0d8025d71b7 Stealc Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Antivirus Malicious Library UPX Malicious Packer Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	9 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll	3	17 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity	2	15.2	M	48	ZeroCERT

5240	2024-09-19 09:52	sgnsd.exe 082c8a659fa07a63f6078b1cbd00ae2a Stealc Client SW User Data Stealer ftp Client info stealer Antivirus Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin	9 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll	1	15 Info ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	14.4	M	52	ZeroCERT

5241	2024-09-19 09:48	66e9359d801ce_sbgfds.exe de6101b925ca754f1ea8c8ab216a38f6 Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName					3.0	M	55	ZeroCERT

5242	2024-09-19 09:48	66e9c0921c144_111.exe#111 837bbda2bbdf75c019f3581afb0fc9d4 RedLine stealer RedLine Infostealer Generic Malware UltraVNC Malicious Library UPX Antivirus ScreenShot PWS AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName RCE DNS Cryptographic key Software crashed		2	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 37 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		15.0		54	ZeroCERT

5243	2024-09-19 09:47	ScreenUpdateSync.exe 95c4cd6903e8db5123f6941486a2af23 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself RCE					2.6	M	44	ZeroCERT

5244	2024-09-19 09:45	Enquiry.vbs e7311cae7836880d52f11c91b3783da2 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.8	M	12	ZeroCERT

5245	2024-09-19 09:45	66e8771a651d2_voewgngr.exe ac7314c596e766b8f4f368579e2e0f8f Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	16.0	M	55	ZeroCERT

5246	2024-09-19 09:43	ord.exe c9de515a559b9423bf8bcc7e4449afb5 Malicious Library PE File PE32 VirusTotal Malware unpack itself					2.0	M	59	ZeroCERT

5247	2024-09-19 09:42	seethegreatthingsonherewithmef... 0edaacfdd31f608fd4fb9e440a2d9d7f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1			4.6	M	38	ZeroCERT

5248	2024-09-19 09:41	trueburner.exe 1f51751ae5a114af8b47a3f6ee663bec Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware					1.4	M	44	ZeroCERT

5249	2024-09-19 09:41	DEMONCODER.dll 7d9c5df6d1a2f85004890dc0c3d287a3 Malicious Packer PE File DLL PE32 .NET DLL VirusTotal Malware PDB					1.4	M	48	ZeroCERT

5250	2024-09-19 09:40	main.exe 2cd03a08efea2cffdd6ba16757a8800a Malicious Library PE File PE64 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS		1			5.2	M	61	ZeroCERT