Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
631	2024-08-26 09:44	explorer.exe 7bc9e427746a95ed037db5e0b3230780 Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					4.0		61	ZeroCERT

632	2024-08-26 09:42	pyld611114.exe 43bce45d873189f9ae2767d89a1c46e0 Gen1 Generic Malware task schedule Downloader Malicious Library Malicious Packer UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP SMTP DNS Code injection Internet API FTP KeyLogger P2P VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Auto service suspicious process malicious URLs sandbox evasion WriteConsoleW Windows ComputerName Cryptographic key					9.6		48	ZeroCERT

633	2024-08-26 09:42	build9.exe 4e18e7b1280ebf97a945e68cda93ce33 Generic Malware Malicious Library PE File PE64 FTP Client Info Stealer VirusTotal Malware Malicious Traffic Check memory buffers extracted unpack itself Tofsee ComputerName Software	1 Keyword trend analysis	2	1		4.6	M	50	ZeroCERT

634	2024-08-26 09:39	gagagggagagag.exe 7f20b668a7680f502780742c8dc28e83 AsyncRAT Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Malware download AsyncRAT NetWireRC VirusTotal Malware DNS		1	2		1.8	M	50	ZeroCERT

635	2024-08-26 09:38	winn.exe 5e7c5bff52e54cb9843c7324a574334b Malicious Library PE File PE64 VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted unpack itself					3.4		40	ZeroCERT

636	2024-08-26 09:37	surfex.exe 1f4b0637137572a1fb34aaa033149506 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		12.8	M	26	ZeroCERT

637	2024-08-26 09:35	Identification-1.exe c7cd553e6da67a35d029070a475da837 Emotet Malicious Library UPX PE File PE64 MZP Format OS Processor Check VirusTotal Malware unpack itself					2.6	M	46	ZeroCERT

638	2024-08-26 09:34	PURLOG.exe 457c9342db5fc82febdcf8a348123a0e Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	21	ZeroCERT

639	2024-08-26 09:33	BaddStore.exe 26d737343527707f7e4fbad11ef723ad Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder DNS crashed		1			4.0	M	45	ZeroCERT

640	2024-08-26 09:32	Mswgoudnv.exe de64bb0f39113e48a8499d3401461cf8 .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Buffer PE Check memory Checks debugger buffers extracted unpack itself ComputerName					3.6	M	53	ZeroCERT

641	2024-08-26 09:30	win.exe 48dfda3eff897f0a62f71bbac51ff237 UPX PE File PE32 VirusTotal Malware AutoRuns Creates executable files Check virtual network interfaces Windows DNS	1 Keyword trend analysis	2	1		6.4	M	44	ZeroCERT

642	2024-08-26 09:30	ven_protected.exe d0dd63b98bf3d7e52600b304cdf3c174 Generic Malware UPX Anti_VM PE File .NET EXE PE32 VirusTotal Malware DNS		1			3.6		28	ZeroCERT

643	2024-08-26 09:28	66cba4c974f15_swej.exe#space 05554101e30ffaf2f05439200060852f Stealc Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Downloader Antivirus Malicious Library UPX Malicious Packer ScreenShot Http API PWS Create Service Socket DGA Escalate priviledges Steal credential Sniff Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	12 Keyword trend analysis Info http://46.8.231.109/1309cdeb8f4c8736/nss3.dll http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll http://147.45.44.104/prog/66cba4cc1c754_lawd.exe http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll http://46.8.231.109/c4754d4f680ead72.php - rule_id: 42211 http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll http://147.45.44.104/prog/66cba4c565f5f_vief.exe http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll http://46.8.231.109/ - rule_id: 42142 http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll https://steamcommunity.com/profiles/76561199761128941 - rule_id: 42293	7	21 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	3	18.4	M	26	ZeroCERT

644	2024-08-26 09:27	9009.exe 644a43fda332b29e94af26722ee4a836 UPX PE File PE32 VirusTotal Malware					1.0	M	38	ZeroCERT

645	2024-08-26 09:25	66cb4f5c496b9_doz.exe 4f43057798a7498e61de57cdc627d87c Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library .NET framework(MSIL) Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	15.2	M	18	ZeroCERT