Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6346	2024-08-21 13:37	channel.exe 51dd8d9912686daa950d583dad0aa631 Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 VirusTotal Malware Check memory suspicious TLD DNS		1	1		2.2	M	46	ZeroCERT

6347	2024-08-21 13:36	66bf19d6c5d07_crypto.exe 154fd6d5fd624c6568c2d0fd9958c4ea Stealc Client SW User Data Stealer ftp Client info stealer Malicious Library .NET framework(MSIL) Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Malware c&c PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS Software crashed plugin	9 Keyword trend analysis Info http://193.176.190.41/9e7fbd3f0393ef32/nss3.dll http://193.176.190.41/9e7fbd3f0393ef32/freebl3.dll http://193.176.190.41/ - rule_id: 42195 http://193.176.190.41/9e7fbd3f0393ef32/msvcp140.dll http://193.176.190.41/9e7fbd3f0393ef32/softokn3.dll http://193.176.190.41/9e7fbd3f0393ef32/sqlite3.dll http://193.176.190.41/2fa883eebd632382.php - rule_id: 42194 http://193.176.190.41/9e7fbd3f0393ef32/vcruntime140.dll http://193.176.190.41/9e7fbd3f0393ef32/mozglue.dll	1	15 Info ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	15.2	M	53	ZeroCERT

6348	2024-08-21 13:36	66bb989993888_crypted.exe a62c9cdf5e2ae4abf97dcf5dc6e4bd7d RedLine stealer Malicious Library .NET framework(MSIL) AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1		10.4	M	59	ZeroCERT

6349	2024-08-21 13:35	createdbutterbunwithnewyummybu... a175c53485e3d9d87b47bb3b44fb3088 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.6	M	4	ZeroCERT

6350	2024-08-21 13:31	66bb9a6db079b_Install.exe 9fa963a49ddd929dce9ca2afe761845a Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.4	M	42	ZeroCERT

6351	2024-08-21 13:31	Vn70wVxW.exe 2d340fd6abb83c75fb8d07b8290a66d5 Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.4	M	28	ZeroCERT

6352	2024-08-21 13:30	coreplugin.exe 9954f7ed32d9a20cda8545c526036143 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					6.2	M	33	ZeroCERT

6353	2024-08-21 13:29	clcs.exe 0f9281146d61bc606140a1ab69feb60d Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 Browser Info Stealer Malware download VirusTotal Malware Malicious Traffic Check memory buffers extracted Collect installed applications suspicious TLD anti-virtualization installed browsers check CryptBot Browser ComputerName DNS crashed	1 Keyword trend analysis	2	3		6.0	M	27	ZeroCERT

6354	2024-08-21 13:29	DiskUtility.exe 11f656a0e8ab8563f91028a3c95802e5 Malicious Packer PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1		2.6	M	50	ZeroCERT

6355	2024-08-21 13:28	Identification.exe 2ecb08bc874649148c0b23e832f522f7 Emotet Malicious Library UPX PE File PE64 MZP Format OS Processor Check VirusTotal Malware unpack itself					1.8		6	ZeroCERT

6356	2024-08-20 17:59	2.hta 7e5d584176b92f73bc82886c9945efc9 Client SW User Data Stealer browser info stealer Hide_EXE Suspicious_Script_Bin Generic Malware Google Chrome User Data Downloader Malicious Library UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Browser Info Stealer VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger buffers extracted Creates executable files exploit crash unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Windows Exploit Browser ComputerName crashed	1 Keyword trend analysis	2			10.2		1	ZeroCERT

6357	2024-08-20 17:58	한중 북중 안보현안 비공개 정책간담회 계획.lnk... 32e828282dbe16073293dacc17f0598c Generic Malware Antivirus AntiDebug AntiVM HWP MSOffice File Lnk Format GIF Format PowerShell VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis	1			8.0		24	ZeroCERT

6358	2024-08-20 16:11	Skibidi Boilet Master.msc e25027c2a3b9e45f0551604453e6f865 Antivirus ScreenShot KeyLogger AntiDebug AntiVM VirusTotal Malware MachineGuid Code Injection Check memory RWX flags setting unpack itself	1 Keyword trend analysis				2.8		14	ZeroCERT

6359	2024-08-20 12:29	e0c3282206b5533bb3272741212cb6... e0c3282206b5533bb3272741212cb6e1 Generic Malware UPX Antivirus Anti_VM AntiDebug AntiVM Lnk Format GIF Format PowerShell PE File DLL PE64 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger heapspray Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					7.8		14	ZeroCERT

6360	2024-08-20 11:08	Jhiidutz.exe 8083fed730e151bf47528621db8e7ff8 PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					3.4		34	ZeroCERT