Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6196	2024-08-26 09:38	winn.exe 5e7c5bff52e54cb9843c7324a574334b Malicious Library PE File PE64 VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted unpack itself					3.4		40	ZeroCERT

6197	2024-08-26 09:37	surfex.exe 1f4b0637137572a1fb34aaa033149506 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		12.8	M	26	ZeroCERT

6198	2024-08-26 09:35	Identification-1.exe c7cd553e6da67a35d029070a475da837 Emotet Malicious Library UPX PE File PE64 MZP Format OS Processor Check VirusTotal Malware unpack itself					2.6	M	46	ZeroCERT

6199	2024-08-26 09:34	PURLOG.exe 457c9342db5fc82febdcf8a348123a0e Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	21	ZeroCERT

6200	2024-08-26 09:33	BaddStore.exe 26d737343527707f7e4fbad11ef723ad Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder DNS crashed		1			4.0	M	45	ZeroCERT

6201	2024-08-26 09:32	Mswgoudnv.exe de64bb0f39113e48a8499d3401461cf8 .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted unpack itself ComputerName					3.6	M	53	ZeroCERT

6202	2024-08-26 09:30	win.exe 48dfda3eff897f0a62f71bbac51ff237 UPX PE File PE32 VirusTotal Malware AutoRuns Creates executable files Check virtual network interfaces Windows DNS	1 Keyword trend analysis	2	1		6.4	M	44	ZeroCERT

6203	2024-08-26 09:30	ven_protected.exe d0dd63b98bf3d7e52600b304cdf3c174 Generic Malware UPX Anti_VM PE File .NET EXE PE32 VirusTotal Malware DNS		1			3.6		28	ZeroCERT

6204	2024-08-26 09:28	66cba4c974f15_swej.exe#space 05554101e30ffaf2f05439200060852f Stealc Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Downloader Antivirus Malicious Library UPX Malicious Packer ScreenShot Http API PWS Create Service Socket DGA Escalate priviledges Steal credential Sniff Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	12 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://147.45.44.104/prog/66cba4cc1c754_lawd.exe http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://147.45.44.104/prog/66cba4c565f5f_vief.exe http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll https://steamcommunity.com/profiles/76561199761128941 - rule_id: 42293	7	21 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	3	18.4	M	26	ZeroCERT

6205	2024-08-26 09:27	9009.exe 644a43fda332b29e94af26722ee4a836 UPX PE File PE32 VirusTotal Malware					1.0	M	38	ZeroCERT

6206	2024-08-26 09:25	66cb4f5c496b9_doz.exe 4f43057798a7498e61de57cdc627d87c Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library .NET framework(MSIL) Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	15.2	M	18	ZeroCERT

6207	2024-08-26 09:23	66cba4c565f5f_vief.exe#space 75d0097acc881bb6bc4332bda07f16f1 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	15.8	M	26	ZeroCERT

6208	2024-08-26 09:23	도양기업 20240610 송장 갑지.bmp.lnk... 09b1213c8a336541a4849d65b937293f Antivirus AntiDebug AntiVM Lnk Format GIF Format wget VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis				6.8		28	ZeroCERT

6209	2024-08-26 09:22	66cb3e08e7e87_install.exe#upus 7586d565812943ae038f1a3957e14a65 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.0	M	21	ZeroCERT

6210	2024-08-26 09:20	66cb89fccdd00_crypted.exe#1 92605ba136b126db1d3734ffab2f1700 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		12.8		26	ZeroCERT