Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6046	2024-09-04 11:00	66d5ddc254656_lfem.exe 24b1ff1f8ba8c5e20613a652b7ddcafb Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					8.4	M	49	ZeroCERT

6047	2024-09-04 10:58	66d5ddcbb9f86_vyre.exe 9d1e5520a634731ed9747be9e9af7c5d Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	17.0	M	52	ZeroCERT

6048	2024-09-04 10:43	tmk.scr f257d37c05d29e725071a900ef49f1c9 Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2		56	guest

6049	2024-09-04 10:34	BitLockerToGo.exe 0c349af12bacc3cda19ae8a9a4acb428 Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware					1.4	M	41	ZeroCERT

6050	2024-09-04 10:32	prompt.exe 26ea34638c9aab0fb5411b9944f50404 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware crashed					1.6	M	65	ZeroCERT

6051	2024-09-04 10:30	66d753b13350c_cry.exe#kiscrypt... 7935a87d35721d1697e50bebcbec125b Client SW User Data Stealer ftp Client info stealer Malicious Library .NET framework(MSIL) UPX Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Malware download VirusTotal Malware c&c PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Stealc ComputerName DNS	2 Keyword trend analysis	1	1		9.8	M	34	ZeroCERT

6052	2024-09-04 10:27	66d72df86b9f3_crypted.exe#1 6b19e5c100db0812ffb7813a1503c05d RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		14.2	M	49	ZeroCERT

6053	2024-09-04 10:27	66d70775c548d_v.exe#space 6f99968cc27d2d6a07a921ab703a5d5d Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download Vidar VirusTotal Malware c&c PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications malicious URLs sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	2 Keyword trend analysis	1	5 Info ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	1	13.6	M	43	ZeroCERT

6054	2024-09-04 10:26	66d70e8640404_trics.exe b5887a19fe50bfa32b524aaad0a453bc Malicious Library .NET framework(MSIL) UPX Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format Malware download VirusTotal Malware AutoRuns PDB Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW Windows RisePro ComputerName RCE DNS		1	3		12.4	M	44	ZeroCERT

6055	2024-09-04 10:25	66d5ec0530891_crypted.exe#1 8e0ae87939388dfd7d6470bdd397b309 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		13.2	M	51	ZeroCERT

6056	2024-09-04 10:25	66d753141beb4_default.exe#kiso... 5bded0f41fa96aeed99d6b9b8eb34aa4 Client SW User Data Stealer ftp Client info stealer Malicious Library .NET framework(MSIL) UPX Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Malware c&c PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS Software crashed plugin	9 Keyword trend analysis Info http://45.152.113.10/15a25e53742510fe/nss3.dll http://45.152.113.10/15a25e53742510fe/vcruntime140.dll http://45.152.113.10/15a25e53742510fe/mozglue.dll http://45.152.113.10/15a25e53742510fe/softokn3.dll http://45.152.113.10/ http://45.152.113.10/15a25e53742510fe/freebl3.dll http://45.152.113.10/15a25e53742510fe/sqlite3.dll http://45.152.113.10/15a25e53742510fe/msvcp140.dll http://45.152.113.10/92335b4816f77e90.php	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity		13.2	M	14	ZeroCERT

6057	2024-09-04 10:22	Co.exe 50968bf1892077705f9182f7028c8ef2 UPX PE File PE32 VirusTotal Malware					1.2	M	54	ZeroCERT

6058	2024-09-04 10:22	66d5df681876c_file010924.exe#f... 7972b08246e568495d9d116fc2d0b159 Suspicious_Script_Bin Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download VirusTotal Malware Microsoft AutoRuns Code Injection Checks debugger buffers extracted unpack itself malicious URLs Tofsee Windows ComputerName RCE DNS	2 Keyword trend analysis	4	6 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download	1	9.4	M	58	ZeroCERT

6059	2024-09-04 10:20	66d5e40f57b39_def_202409021912... ade16b249de80c5d8a459baaac67201c Client SW User Data Stealer ftp Client info stealer Antivirus Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware c&c PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Stealc ComputerName DNS	2 Keyword trend analysis	1	2		9.4	M	48	ZeroCERT

6060	2024-09-04 10:19	66d5edf357fbf_BitcoinCore.exe 26dc83cd26d56041c731e497b96a8a73 Malicious Library UPX PE File PE64 MZP Format OS Processor Check VirusTotal Malware unpack itself					2.2	M	23	ZeroCERT