Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
676	2024-08-25 18:50	tunnel.php bb8b2337887949183d8eeb8d0c204e93 AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					4.0		14	ZeroCERT

677	2024-08-25 18:48	WindowsUI.exe 616b51fce27e45ac6370a4eb0ac463f6 Malicious Packer PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted RWX flags setting unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					6.6	M	47	ZeroCERT

678	2024-08-25 18:46	xxxx.exe 31fa485283c090077fb15a0831fd89f7 Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName					2.8	M	37	ZeroCERT

679	2024-08-25 18:46	securityscan.exe 11e16989e5df2577e5ebf712e4f639cc Antivirus UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	45	ZeroCERT

680	2024-08-25 18:45	stealc_default2.exe 7a02aa17200aeac25a375f290a4b4c95 Stealc Gen1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	16 Keyword trend analysis Info http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll http://185.215.113.17/2fb6c2cc8dce150a.php - rule_id: 42279 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll http://185.215.113.17/f1ddeb6592c03206/softokn3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/softokn3.dll http://185.215.113.17/ - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll http://185.215.113.17/f1ddeb6592c03206/freebl3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/freebl3.dll	1	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Dotted Quad Host DLL Request ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	9	8.4	M	66	ZeroCERT

681	2024-08-25 18:44	nc.exe 5cae15c12e26d4ac8f32cd7026a5cb7a ZIP Format VirusTotal Malware					1.0	M	35	ZeroCERT

682	2024-08-25 18:42	LummaC22222.exe 40e9f5e6b35423ed5af9a791fc6b8740 UPX PE File PE32 VirusTotal Malware					1.2	M	61	ZeroCERT

683	2024-08-25 18:41	microsoft-system-repair.msi 56130894f8bfb3a0f4b33cd2f9d765b4 Generic Malware Malicious Library MSOffice File CAB OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					2.4	M	14	ZeroCERT

684	2024-08-25 18:39	66c9dc4089598_update.exe#upus 857d79717817a2a9831add6dccf79305 Malicious Library Malicious Packer UPX PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName Remote Code Execution					3.2		42	ZeroCERT

685	2024-08-25 18:39	a.exe 06acac40f95b938cc52dd263fd39f631 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting DNS crashed		1			4.0	M	60	ZeroCERT

686	2024-08-24 19:15	install.exe cb4e8358a58de5cd176e3c4bbe264043 Emotet Gen1 Malicious Library UPX PE File PE32 MZP Format PE64 DLL OS Processor Check VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder					3.2	M	36	ZeroCERT

687	2024-08-24 19:13	payload_x86.ps1 194d1495881b3eb9703f20e7d48eaefd Generic Malware Antivirus VirusTotal Malware Check memory unpack itself DNS		2			3.6	M	39	ZeroCERT

688	2024-08-24 19:12	nicemengivinglotofsweetbutters... a9413df0cfdac99cdba5f57e62e5af76 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.8	M	40	ZeroCERT

689	2024-08-24 19:11	script.exe dc37d19933e5689c25bc6cce8c15d58c NSIS Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Cryptocurrency Miner Malware AutoRuns Check memory Checks debugger WMI Creates executable files WriteConsoleW Windows ComputerName DNS CoinMiner	1 Keyword trend analysis	1	1		4.0	M	11	ZeroCERT

690	2024-08-24 19:10	setup2.exe d78d85135f584e455f692923d9feb804 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.2	M	43	ZeroCERT