Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
886	2024-08-19 15:08	uuvipfix.exe 46be1d2a2de1c43b0169874d14503098 CoinMiner AutoIt Generic Malware UPX PE File PE32 VirusTotal Malware Check memory Checks debugger					2.6	M	60	ZeroCERT

887	2024-08-19 15:06	98.exe 0c29f5f793bd9427f43f3e2a3ef38dcc UPX PE File PE32 VirusTotal Malware					1.2	M	55	ZeroCERT

888	2024-08-19 15:06	POS_C079.exe e0172234f8bfbf6caab3256f36999589 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware unpack itself crashed					1.8	M	11	ZeroCERT

889	2024-08-19 15:05	66bf353c38733_Grids.exe efd6377cf1f3e1efd885db9343a9a686 Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed					1.4	M	25	ZeroCERT

890	2024-08-19 15:03	76.exe 82f852580cbfab46cd01190bb37587f5 Generic Malware ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS	1 Keyword trend analysis	1	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/Nemucod.M.gen downloading EXE payload ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		10.0	M	49	ZeroCERT

891	2024-08-19 15:02	watersmoothbutterburnsweetandh... 38f791dbf6e64dd4ec64edcf5c1965df MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.6	M	34	ZeroCERT

892	2024-08-19 15:01	fixHosts.exe 754c738f12caa66eae85d417a235908e CoinMiner AutoIt Generic Malware UPX PE File PE32 Malware download VirusTotal Malware Check memory Checks debugger Windows Downloader	2 Keyword trend analysis	2	4		2.6	M	55	ZeroCERT

893	2024-08-19 15:00	CFGG.exe d042c41a79787fb48e3bdf6ededd7a9a Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory					1.4	M	34	ZeroCERT

894	2024-08-19 14:59	66bf1a73a318a_otraba.exe#kisot... 36ea75b21cfb54d45e752c4f634ef88f Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Malware c&c PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces suspicious process sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser ComputerName DNS Software plugin	10 Keyword trend analysis Info http://193.176.190.41/9e7fbd3f0393ef32/nss3.dll http://193.176.190.41/9e7fbd3f0393ef32/freebl3.dll http://193.176.190.41/9e7fbd3f0393ef32/msvcp140.dll http://193.176.190.41/9e7fbd3f0393ef32/softokn3.dll http://193.176.190.41/9e7fbd3f0393ef32/sqlite3.dll http://193.176.190.41/ http://193.176.190.41/2fa883eebd632382.php http://x1.i.lencr.org/ http://193.176.190.41/9e7fbd3f0393ef32/vcruntime140.dll http://193.176.190.41/9e7fbd3f0393ef32/mozglue.dll	5	16 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity		16.0	M	52	ZeroCERT

895	2024-08-19 14:59	random.exe 3e361ace127f05f087344f33d05b37da PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.4	M	28	ZeroCERT

896	2024-08-19 14:57	wxupup.exe 5fb6829b52847d878a98f9069e5c5fa4 CoinMiner AutoIt Generic Malware UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					3.0	M	55	ZeroCERT

897	2024-08-19 14:57	rama.exe 304eb6432c7696e15f48eda1ffd469aa Stealc RedLine stealer Gen1 Generic Malware Downloader Malicious Library UPX Admin Tool (Sysinternals etc ...) Antivirus Malicious Packer Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff A Browser Info Stealer Malware download Amadey FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Tofsee Ransomware Stealc Stealer Windows Exploit Browser Email ComputerName DNS Software crashed plugin	10 Keyword trend analysis Info http://185.215.113.100/0d60be0de163924d/sqlite3.dll http://185.215.113.100/0d60be0de163924d/nss3.dll http://185.215.113.100/0d60be0de163924d/freebl3.dll http://185.215.113.100/0d60be0de163924d/vcruntime140.dll http://31.41.244.10/Dem7kTu/index.php http://185.215.113.100/0d60be0de163924d/msvcp140.dll http://185.215.113.100/ - rule_id: 41969 http://185.215.113.100/0d60be0de163924d/mozglue.dll http://185.215.113.100/0d60be0de163924d/softokn3.dll http://185.215.113.100/e2b1563c6670f193.php - rule_id: 41968	5	21 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	2	23.8	M	42	ZeroCERT

898	2024-08-19 14:56	POS_C081.exe 1ccf158942cdc89a6b0a2889b8448497 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File DllRegisterServer dll PE32 MZP Format VirusTotal Malware Check memory unpack itself					2.0	M	10	ZeroCERT

899	2024-08-19 14:54	TestikBro.exe 7c0a5c2cde620549b93d8372960b63c1 Generic Malware Malicious Library Downloader UPX PE File PE64 OS Processor Check VirusTotal Malware Checks debugger Creates executable files Tofsee	1 Keyword trend analysis	2	1		1.4	M	18	ZeroCERT

900	2024-08-19 14:54	MPDW-constraints.vbs a688b4bdbe8491ab01ed19eaec5ed363 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.6	M	4	ZeroCERT