Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8566	2023-09-18 07:46	M.ps1 75ce07f2d1aa6a5802c6795babcf714c Generic Malware Antivirus PE File .NET DLL DLL PE32 Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key crashed	3 Keyword trend analysis	3	3	10.4			ZeroCERT

8567	2023-09-18 07:45	build1234dolla.exe 3d3801f8399c6bfdb21aa43fa13858b2 RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1		3.6	M		ZeroCERT

8568	2023-09-18 07:43	Archevod_XWorm.exe 87243804ebf481b95392b3ec64774297 PE File PE32 .NET EXE suspicious privilege Checks debugger WMI unpack itself Detects VMWare AntiVM_Disk sandbox evasion VMware VM Disk Size Check Windows ComputerName Cryptographic key crashed				6.4	M		ZeroCERT

8569	2023-09-18 07:39	AnyDesk.exe eafba56f876c04229c33c88a0bd964fa Generic Malware UPX Malicious Library Malicious Packer Antivirus PE File PE64 OS Processor Check PDB Check memory unpack itself Remote Code Execution				2.4			ZeroCERT

8570	2023-09-18 07:39	1.exe ee629be336cb1394d8902ad966703722 UPX Malicious Library PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	4	5.4			ZeroCERT

8571	2023-09-17 16:25	ss41.exe 6f75fdd73946160a17cac7e098a00032 Generic Malware UPX Malicious Packer PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution	1 Keyword trend analysis	2	2	1.6	M	27	ZeroCERT

8572	2023-09-17 16:24	173.exe a7be047e27cfe019ade71a4b347efb00 Gen1 UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS crashed plugin	8 Keyword trend analysis Info http://85.209.11.51/5db65a39eefecd5d/softokn3.dll http://85.209.11.51/5db65a39eefecd5d/mozglue.dll http://85.209.11.51/5db65a39eefecd5d/freebl3.dll http://85.209.11.51/5db65a39eefecd5d/nss3.dll http://85.209.11.51/fefb4a458e1dc58b.php http://85.209.11.51/5db65a39eefecd5d/sqlite3.dll http://85.209.11.51/5db65a39eefecd5d/msvcp140.dll http://85.209.11.51/5db65a39eefecd5d/vcruntime140.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with plugins Config ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	8.4	M	42	ZeroCERT

8573	2023-09-17 16:23	igccu.exe c6b88ed4d6660ddc052fd29605e2c041 UPX PE File PE32 .NET EXE OS Processor Check Check memory Checks debugger unpack itself Check virtual network interfaces				1.2	M		ZeroCERT

8574	2023-09-17 09:47	Setup.exe 379a74d6449d77be437b78c8ec875022 Generic Malware UPX Http API ScreenShot Internet API AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key crashed				8.2	M	27	ZeroCERT

8575	2023-09-17 09:44	Loader.exe 4ff01cbc0d241becc42c762c7aba5f43 UPX Downloader PE File PE64 OS Processor Check VirusTotal Malware PDB				1.2	M	33	ZeroCERT

8576	2023-09-17 09:43	HNL.vbs f060032506e839fea3e5d51db24f53bc Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	8.4		5	ZeroCERT

8577	2023-09-17 09:42	fridayyyyFile.vbs 20ed8a8e329f220221aba615fa5de616 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	4	1	11.0		5	ZeroCERT

8578	2023-09-17 09:41	afk.vbs 3de68367509febdc3036d1fccfeb0719 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	8.4		5	ZeroCERT

8579	2023-09-17 09:41	172.exe 3082e7832f7a31397990d4d3ae4c75c9 UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key		2	1	2.6	M		ZeroCERT

8580	2023-09-17 09:40	mar2.exe 3bffffda1e470fede020d005d03929da Malicious Library UPX Malicious Packer PE File PE32 PE64 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Tofsee	1 Keyword trend analysis	2	2	3.4	M	51	ZeroCERT