Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7501	2024-07-31 09:37	Guide.pdf.lnk 0e5138203d1ba9f34206bdde51374198 Generic Malware AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware Code Injection Creates shortcut Windows utilities suspicious process WriteConsoleW Windows	1 Keyword trend analysis				3.2		22	ZeroCERT

7502	2024-07-31 09:37	DR_Mod_200_2023.PDF.lnk 0d6f8a03885e85f384584cb2416f859e Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key	1 Keyword trend analysis	1			6.6		35	ZeroCERT

7503	2024-07-31 09:23	corp.lnk 7eac7583b780de8a2c0e782ca49519c3 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				4.8		11	ZeroCERT

7504	2024-07-31 09:21	123123123.lnk 2a833855401c9710a5aeeea932a4d705 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut RWX flags setting unpack itself powershell.exe wrote suspicious process Interception Windows ComputerName Cryptographic key	1 Keyword trend analysis	1			6.4		25	ZeroCERT

7505	2024-07-31 09:21	8.lnk d60ad359db69bf1814acba1a77c4d292 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				4.6		8	ZeroCERT

7506	2024-07-31 09:21	7.lnk abd62871ee205dc0d58baa78e60d67f6 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				4.8		16	ZeroCERT

7507	2024-07-31 09:14	5.lnk c5f2ade21d5b2cb2eea83d9e3ad64c3f Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				4.8		11	ZeroCERT

7508	2024-07-31 09:13	4.lnk 6415eab0ee8401628cbb061942e3dd83 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				4.0		8	ZeroCERT

7509	2024-07-31 09:12	3.lnk 0a68f0e0832154a0a4fbdc304392693f Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				4.6		8	ZeroCERT

7510	2024-07-31 09:12	2.lnk 2ac86d33add8cc3fc0bacb12d028faff Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				4.8		16	ZeroCERT

7511	2024-07-31 07:38	sand.exe 037f916ac94fcc198a7253a0daf62777 Amadey Gen1 RedLine stealer RedlineStealer Generic Malware EnigmaProtector UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer .NET framework(MSIL) Anti_VM PE File PE32 DLL PE64 OS Processor Check .NET EXE ZIP Format ftp Malware download Amadey Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Tofsee Windows ComputerName DNS Cryptographic key crashed	8 Keyword trend analysis Info http://185.215.113.16/inc/4434.exe http://185.215.113.19/Vi9leo/index.php - rule_id: 41489 http://185.215.113.16/inc/GOLD.exe http://185.215.113.16/inc/pered.exe - rule_id: 41508 http://185.215.113.16/inc/crypteda.exe - rule_id: 41506 http://185.215.113.16/Jo89Ku7d/index.php - rule_id: 41502 http://185.215.113.16/inc/2020.exe - rule_id: 41509 http://185.215.113.16/inc/25072023.exe - rule_id: 41507	5	10 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Amadey Bot Activity (POST) ET INFO Packed Executable Download ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	6	15.8	M		ZeroCERT

7512	2024-07-31 07:32	postbox.exe c53bb047b93851b66fead144d7c46ff3 Gen1 Generic Malware Malicious Library Malicious Packer UPX DllRegisterServer dll PE File PE64 MSOffice File OS Processor Check						M		ZeroCERT

7513	2024-07-31 07:28	UXSNUWNZ.exe 532d05ffeadbd71ebd3427d829a6759f Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL PE64 OS Processor Check PNG Format Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check ComputerName					3.2			ZeroCERT

7514	2024-07-31 07:28	random.exe 9cccb9b47686e3ab460cbee74196ba25 EnigmaProtector PE File PE32 unpack itself ComputerName crashed					1.4			ZeroCERT

7515	2024-07-31 07:27	stealc_valenciga.exe 3c18dac89d980c0102252ad706634952 Gen1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download Vidar Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	9 Keyword trend analysis Info http://91.225.219.163/6a8702a34e51f278/mozglue.dll http://91.225.219.163/6a8702a34e51f278/sqlite3.dll http://91.225.219.163/ http://91.225.219.163/6a8702a34e51f278/vcruntime140.dll http://91.225.219.163/6a8702a34e51f278/nss3.dll http://91.225.219.163/6a8702a34e51f278/freebl3.dll http://91.225.219.163/6a8702a34e51f278/softokn3.dll http://91.225.219.163/7e93b9fd3ae92094.php http://91.225.219.163/6a8702a34e51f278/msvcp140.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity		6.0			ZeroCERT