Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6106	2024-09-02 13:52	GetSys.exe 87939a5b42854b08804a9a0ae605b260 Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware					1.0		21	ZeroCERT

6107	2024-09-02 13:52	Set-up.exe 06b767bf2a7deac9b9e524c5b6986bf7 Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 DLL Malware download VirusTotal Malware Malicious Traffic AppData folder CryptBot DNS	1 Keyword trend analysis	2	3	1	3.0	M	30	ZeroCERT

6108	2024-09-02 13:49	build.exe 05c1baaa01bd0aa0ccb5ec1c43a7d853 Emotet RedLine stealer Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware DNS		1			1.6	M	36	ZeroCERT

6109	2024-09-02 13:34	Amadeus.exe 36a627b26fae167e6009b4950ff15805 Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware					1.6		31	ZeroCERT

6110	2024-09-02 13:34	ProlongedPortable.dll f67e91ea39ec8ae219cbd761d17329b7 UPX PE File DLL PE32 .NET DLL OS Processor Check VirusTotal Malware					0.6		11	ZeroCERT

6111	2024-09-02 13:34	1.exe 17d51083ccb2b20074b1dc2cac5bea36 Malicious Library UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware unpack itself ComputerName crashed					3.0		35	ZeroCERT

6112	2024-09-02 12:54	66cf818156193_ldjfnsfd.exe e377dae8bdf40a95db250e59842d2915 Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					7.4	M	56	ZeroCERT

6113	2024-09-02 12:06	rkduajedzcrd.exe 0838e4e90814a48e6122f4b0a2b2fc5f Generic Malware PE File PE64 VirusTotal Malware DNS		2	1		1.4		59	guest

6114	2024-09-02 11:17	random.exe 82f430cb027d4089280c1a2a42335131 Stealc Amadey Lumma RedLine stealer Gen1 Emotet Generic Malware Admin Tool (Sysinternals etc ...) UPX Malicious Library Antivirus Malicious Packer .NET framework(MSIL) ScreenShot PWS AntiDebug Ant Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder suspicious TLD sandbox evasion VMware anti-virtualization IP Check installed browsers check Kelihos Stealc CryptBot Stealer Windows Browser Email ComputerName DNS Cryptographic key Software crashed plugin	32 Keyword trend analysis Info http://ddl.safone.dev/3850492/seidr_build.exe?hash=AgADjB http://185.215.113.17/f1ddeb6592c03206/freebl3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/freebl3.dll http://fivexv5vs.top/v1/upload.php http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll http://185.215.113.16/inc/crypteda.exe - rule_id: 41506 http://185.215.113.16/Jo89Ku7d/index.php - rule_id: 41502 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll http://ddl.safone.dev/3846244/1.exe?hash=AgADek http://185.215.113.16/inc/Amadeus.exe http://185.215.113.19/ProlongedPortable.dll http://ddl.safone.dev/3823166/crypted.exe?hash=AgADZl http://185.215.113.26/Nework.exe http://ddl.safone.dev/3846638/GetSys.exe?hash=AgADAh http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll http://sevxv17pt.top/v1/upload.php - rule_id: 42432 http://ddl.safone.dev/3846636/Set-up.exe?hash=AgADDB http://185.215.113.17/ - rule_id: 275 http://x1.i.lencr.org/ http://stagingbyvdveen.com/get/setup2.exe - rule_id: 42015 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll http://185.215.113.17/f1ddeb6592c03206/softokn3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/softokn3.dll http://185.215.113.17/f1ddeb6592c03206/nss3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll http://185.215.113.17/2fb6c2cc8dce150a.php - rule_id: 42279 http://ddl.safone.dev/3840509/build.exe?hash=AgADNB http://185.215.113.26/Dem7kTu/index.php - rule_id: 42445	19 Info stagingbyvdveen.com(147.45.60.44) - malware fivexv5vs.top(195.133.48.136) sevxv17pt.top(195.133.13.230) - mailcious ipinfo.io(34.117.59.81) x1.i.lencr.org(23.52.33.11) ddl.safone.dev(63.32.161.232) - malware 154.216.17.170 - malware 23.207.177.83 185.215.113.16 - mailcious 185.215.113.17 - malware 185.215.113.19 - malware 147.45.60.44 - malware 95.216.143.20 52.212.52.84 - malware 185.215.113.26 - mailcious 195.133.48.136 95.179.250.45 34.117.59.81 195.133.13.230 - mailcious	28 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE - Served Attached HTTP ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Packed Executable Download ET MALWARE Possible Kelihos.F EXE Download Common Structure ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 ET INFO HTTP Request to a .top domain ET DNS Query to a .top domain - Likely Hostile ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET POLICY External IP Lookup SSL Cert Observed (ipinfo .io)	14 Info http://185.215.113.17/ http://185.215.113.17/ http://185.215.113.16/inc/crypteda.exe http://185.215.113.16/Jo89Ku7d/index.php http://185.215.113.17/ http://185.215.113.17/ http://sevxv17pt.top/v1/upload.php http://185.215.113.17/ http://stagingbyvdveen.com/get/setup2.exe http://185.215.113.17/ http://185.215.113.17/ http://185.215.113.17/ http://185.215.113.17/2fb6c2cc8dce150a.php http://185.215.113.26/Dem7kTu/index.php	27.2	M	43	ZeroCERT

6115	2024-09-02 11:09	66d4d07501f6e_lsdfn.exe 1848bfbfb02bed98ca43832f3743dd79 Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					7.2	M	33	ZeroCERT

6116	2024-09-02 11:08	random.exe 457d9a15d305df62fe34c5076f3cad9d Amadey Stealc Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Anti_VM PE File PE32 OS Processor Check Browser Info Stealer Malware download Amadey VirusTotal Malware c&c AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check Stealc Windows Exploit Browser ComputerName DNS crashed	4 Keyword trend analysis	4	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET DROP Spamhaus DROP Listed Traffic Inbound group 2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	4	14.8	M	39	ZeroCERT

6117	2024-09-02 11:05	random.exe 5f608251065b3a8efb3d707df00ffede Stealc Admin Tool (Sysinternals etc ...) PE File PE32 Browser Info Stealer Malware download Vidar VirusTotal Malware c&c Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS crashed plugin	9 Keyword trend analysis Info http://185.215.113.100/0d60be0de163924d/nss3.dll http://185.215.113.100/0d60be0de163924d/freebl3.dll http://185.215.113.100/e2b1563c6670f193.php - rule_id: 41968 http://185.215.113.100/0d60be0de163924d/vcruntime140.dll http://185.215.113.100/0d60be0de163924d/sqlite3.dll http://185.215.113.100/ - rule_id: 41969 http://185.215.113.100/0d60be0de163924d/mozglue.dll http://185.215.113.100/0d60be0de163924d/softokn3.dll http://185.215.113.100/0d60be0de163924d/msvcp140.dll	1	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	11.4	M	30	ZeroCERT

6118	2024-09-02 11:03	66d4d0780772b_vnew.exe 24366096e1851e1ba5f3059095522f63 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download Vidar VirusTotal Malware c&c PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications malicious URLs sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	2 Keyword trend analysis	1	5 Info ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	1	13.6	M	31	ZeroCERT

6119	2024-09-02 11:02	random.exe fb5e045c6e6d9f559ae90490d139c2fe RedLine stealer Generic Malware Downloader Malicious Library Malicious Packer UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Internet API FTP KeyLogger P2P Anti_VM AntiDebug Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName crashed		2	1		12.4	M	31	ZeroCERT

6120	2024-09-02 11:01	random.exe 38f98be80e6670f46efc8544d762cfd4 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Malware Checks debugger exploit crash unpack itself installed browsers check Exploit Browser crashed					3.2	M	21	ZeroCERT