Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8941	2023-09-02 18:47	stealc_freestyleebet.exe 03b75cb65dfc55f7594704128d3c2bad Stealc PE File PE32 Browser Info Stealer Malware download VirusTotal Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	8 Keyword trend analysis Info http://45.9.74.92/d45a644c7f4dcff4/vcruntime140.dll http://45.9.74.92/d45a644c7f4dcff4/mozglue.dll http://45.9.74.92/d45a644c7f4dcff4/softokn3.dll http://45.9.74.92/d45a644c7f4dcff4/nss3.dll http://45.9.74.92/d45a644c7f4dcff4/freebl3.dll http://45.9.74.92/7a03fb9d4773da33.php - rule_id: 36050 http://45.9.74.92/d45a644c7f4dcff4/msvcp140.dll http://45.9.74.92/d45a644c7f4dcff4/sqlite3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with plugins Config ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	7.2	M	48	ZeroCERT

8942	2023-09-02 18:43	soso.exe 6dc87042689e8ee4fcf2ad4978251c44 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check PE64 VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Tofsee	1 Keyword trend analysis	2	2		3.4	M	52	ZeroCERT

8943	2023-09-02 18:41	ui_static.js bb973dacad0a0e1cb2e2c145fd8f4c3e unpack itself crashed					0.6			ZeroCERT

8944	2023-09-02 18:41	s5.exe 6d23627f776c90f686e5768774aad09f Malicious Library PE File PE32 PDB Remote Code Execution					0.8	M		ZeroCERT

8945	2023-09-02 18:40	Install_WinX64X86.exe ebd57653d474ebeb5c5df2c19df6912b Themida Packer Malicious Library PE File PE64 VirusTotal Malware DNS crashed		1			3.0	M	21	ZeroCERT

8946	2023-09-02 18:39	1111.exe d9c8bc57eff19e15e8670881fa0dcb81 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)		6.2	M	44	ZeroCERT

8947	2023-09-02 18:38	ela205.exe ff0ca5d8a61da8a0b725bcd6e36412db Malicious Library UPX PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution		2	2		1.6	M	23	ZeroCERT

8948	2023-09-02 18:36	fil111e.exe 34577f0fd1d3f1d5f53eecd0aca166c3 Generic Malware Antivirus PE File .NET EXE PE32 PowerShell VirusTotal Malware powershell PDB suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key		1			7.0	M	43	ZeroCERT

8949	2023-09-02 18:36	wp.vbs 788d9b6fd542ea9680d7fd61e3424aec Malware download Wshrat NetWireRC VirusTotal Malware VBScript AutoRuns WMI wscript.exe payload download AntiVM_Disk VM Disk Size Check Windows Houdini ComputerName DNS DDNS Dropper	1 Keyword trend analysis	2	4	1	10.0	M	25	ZeroCERT

8950	2023-09-02 18:34	R3nzSkin_Injector.exe e785b8d686d97cea7f16ee1ff56dad95 Malicious Library UPX OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	4		6.6		47	ZeroCERT

8951	2023-09-02 18:34	Clic.exe 3e1addce70b29934018089965733a491 Generic Malware Downloader WinRAR Malicious Library UPX Antivirus Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM OS Processor Chec VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Firewall state off Tofsee Windows ComputerName Remote Code Execution Cryptographic key crashed		2	1		13.0		49	ZeroCERT

8952	2023-09-02 18:32	4t.exe f519d275a74776c00243901014f40df9 Malicious Library PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2	M	23	ZeroCERT

8953	2023-09-02 18:31	alldata.exe 1d80dd9f0e5db1a685c6bb9e9a91b222 Malicious Library PE File PE32 VirusTotal Malware PDB Remote Code Execution					2.0		43	ZeroCERT

8954	2023-09-02 18:30	4t.exe cd2d66edbe500051c5d2711026a84f9d Malicious Library PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2	M	22	ZeroCERT

8955	2023-09-02 18:30	ummaa.exe 58bc43389c3e720c0af4ff563d5ed7ce Amadey Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check PE64 Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Kelihos Windows ComputerName DNS	4 Keyword trend analysis	2	9 Info ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Possible Kelihos.F EXE Download Common Structure	1	9.6	M	53	ZeroCERT