Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6991	2024-08-10 17:32	setup.exe 331893d25fb234561ff103e892ee3f63 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					10.4			ZeroCERT

6992	2024-08-10 17:32	setup.exe 011317aa716866ff4c2995b0ba4f6138 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					11.0			ZeroCERT

6993	2024-08-10 17:30	setup.exe 1f9db1ec7ebe3fd44d09e73c78916a0f Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					10.4			ZeroCERT

6994	2024-08-10 17:30	setup.exe d10485d74aa26c9e762a32346b28cf32 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					11.0			ZeroCERT

6995	2024-08-10 13:12	66b4b10e9ef0b_stealc_default.e... 9b43256a33142e469adbe046a1552781 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Windows					2.6	M	45	ZeroCERT

6996	2024-08-10 13:08	a.exe 2e171efa60b0cae4b318b199be88a351 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 MZP Format OS Processor Check VirusTotal Malware unpack itself					2.0	M	10	ZeroCERT

6997	2024-08-10 13:08	nino.exe 54a4376350631493186f19dfd5120d7b Amadey Client SW User Data Stealer ftp Client info stealer Http API PWS Code injection AntiDebug AntiVM PE File PE32 Browser Info Stealer Malware download Amadey Vidar VirusTotal Malware c&c AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Checks Bios Collect installed applications Detects VMWare malicious URLs sandbox evasion VMware anti-virtualization installed browsers check Ransomware Stealc Stealer Windows Exploit Browser ComputerName DNS crashed plugin	13 Keyword trend analysis Info http://185.215.113.19/Vi9leo/index.php - rule_id: 41489 http://185.215.113.100/0d60be0de163924d/nss3.dll http://185.215.113.100/0d60be0de163924d/freebl3.dll http://185.215.113.16/num/random.exe - rule_id: 41818 http://185.215.113.100/e2b1563c6670f193.php http://185.215.113.100/0d60be0de163924d/vcruntime140.dll http://185.215.113.16/well/random.exe - rule_id: 41492 http://185.215.113.100/0d60be0de163924d/sqlite3.dll http://185.215.113.100/ http://185.215.113.100/0d60be0de163924d/mozglue.dll http://185.215.113.100/0d60be0de163924d/softokn3.dll http://185.215.113.16/steam/random.exe - rule_id: 41792 http://185.215.113.100/0d60be0de163924d/msvcp140.dll	3	20 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	4	20.0	M	40	ZeroCERT

6998	2024-08-10 13:04	ReadilyAccompanied.exe 9c557c498c29e5d37016400cf0899ac6 Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName					6.4	M	5	ZeroCERT

6999	2024-08-10 13:03	CC.exe 0af6a0ec998bcaa184dd6829bf2690ba Generic Malware Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		6.2	M	37	ZeroCERT

7000	2024-08-10 13:02	armadegon.exe f5b93d3369d1ae23d6e150e75d2b6a80 Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself VMware Windows Cryptographic key					9.0	M	30	ZeroCERT

7001	2024-08-10 13:01	P.exe fa9bdae586c029c45206012d681207ad Generic Malware Malicious Library ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Trojan DNS	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		9.8	M	31	ZeroCERT

7002	2024-08-10 12:59	66b623c3b1dcb_Mowdiewart.exe b8d875d94fbd7df91b1dbbbc308a057f RedLine stealer RedLine Stealer Malicious Library .NET framework(MSIL) ScreenShot PWS SMTP AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		3	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		9.6	M	39	ZeroCERT

7003	2024-08-10 12:58	tools.exe f2bb9263e5a42975fcaab9b11293d7b2 Malicious Library PE File PE32 Malware download Cobalt Strike Cobalt VirusTotal Malware RWX flags setting unpack itself ComputerName DNS	1 Keyword trend analysis	1	1		3.2	M	62	ZeroCERT

7004	2024-08-10 12:57	555.exe ce4a4ba3f2215f59248f59cdc2240960 UPX PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself					1.8	M	34	ZeroCERT

7005	2024-08-10 12:56	random.exe a386741a24f6dd80f0a87a8af51c37c7 Malicious Library PE File PE32 VirusTotal Malware Check memory Checks debugger crashed					2.4	M	50	ZeroCERT