Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5671	2024-09-17 13:36	66e705d09b33c_jack.exe abdbcc23bd8f767e671bac6d2ff60335 Generic Malware Malicious Library .NET framework(MSIL) UPX Socket ScreenShot PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS		1			10.6	M	48	ZeroCERT

5672	2024-09-17 13:36	66e404f0b4ec1_main.exe 44085b8a499d1affb7656982fd6ab47b Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.6	M	57	ZeroCERT

5673	2024-09-17 13:33	check2.exe d50d4c1c6ba5a9cc0522150dbf3c2f18 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	4	1		3.4	M	26	ZeroCERT

5674	2024-09-17 13:33	ZZ.exe aa4aca6b0973b169a4242718f04d9c54 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check ENERGETIC BEAR VirusTotal Malware Windows DNS DDNS keylogger		2	2		4.4	M	64	ZeroCERT

5675	2024-09-17 13:32	999.exe 290a51a1f510c3983bab387318311a00 Generic Malware Malicious Library Antivirus Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		8.2	M	45	ZeroCERT

5676	2024-09-17 13:31	s.exe 3eee1ec7c33c0101a5dcfe2656d26b3c UPX PE File PE32 VirusTotal Malware Check memory unpack itself					1.8	M	52	ZeroCERT

5677	2024-09-17 13:29	debug.dbg 000ccbf32b9b4c304bd076b2451d5994 AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					4.6	M	41	ZeroCERT

5678	2024-09-17 13:28	seed.exe c52e326b3e71b7930cf6b314d1fa1cff PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger ICMP traffic unpack itself Windows utilities suspicious process AppData folder Windows DNS		1			6.2	M	49	ZeroCERT

5679	2024-09-17 13:28	random.exe 8bc68fd89fc539a6f195fb11cafff7dd Stealc Gen1 Themida Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin	9 Keyword trend analysis Info http://185.215.113.103/0d60be0de163924d/msvcp140.dll http://185.215.113.103/ - rule_id: 42566 http://185.215.113.103/0d60be0de163924d/sqlite3.dll http://185.215.113.103/0d60be0de163924d/nss3.dll http://185.215.113.103/0d60be0de163924d/freebl3.dll http://185.215.113.103/0d60be0de163924d/mozglue.dll http://185.215.113.103/0d60be0de163924d/vcruntime140.dll http://185.215.113.103/e2b1563c6670f193.php http://185.215.113.103/0d60be0de163924d/softokn3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	12.6	M	40	ZeroCERT

5680	2024-09-17 13:26	66e464075714d_otr.exe#kisotrme... 39792b5d0b6a20c9216623181135f397 RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Stealer DNS		1	1		2.4	M	56	ZeroCERT

5681	2024-09-17 13:24	b99.exe d18738ee43bda16b6a6d309f2baeef4d UPX PE File PE32 VirusTotal Malware					1.2		58	ZeroCERT

5682	2024-09-17 13:24	PO.exe 644c70c76df47981aeac98d4f7a08971 ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		10.0		55	ZeroCERT

5683	2024-09-17 13:22	wywy8.exe 54d0f9cd7751a2dfa84f1faf3a901a1c UPX PE File PE32 VirusTotal Malware					1.2		58	ZeroCERT

5684	2024-09-17 13:22	payload.exe b11efd812f8fd94f3385b3ed5dc525b7 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself					3.4		64	ZeroCERT

5685	2024-09-17 13:20	66e57196bb898_111.exe#111 b2a7b79dd7a9fe2786679a0ee2cddfa1 RedLine stealer RedLine Infostealer Generic Malware UltraVNC Malicious Library UPX Antivirus ScreenShot PWS AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName RCE DNS Cryptographic key Software crashed		2	6 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET DROP Spamhaus DROP Listed Traffic Inbound group 37		15.6		54	ZeroCERT