Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
11131	2023-07-30 09:09	woproz2.1.exe 9c2b4213a8a1a6ba0dd80dba7c012337 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself AppData folder Windows DNS DDNS		2	2	5.2	M	37	ZeroCERT

11132	2023-07-30 09:08	2.exe d6067ce0e193dd31df5e3bff2b4b79a0 Gen1 UPX Malicious Library Antivirus Malicious Packer OS Processor Check PE File PE32 DLL Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware c&c PDB Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS plugin	8 Keyword trend analysis Info http://185.254.37.234/61c7c6a1a965cae9/mozglue.dll http://185.254.37.234/61c7c6a1a965cae9/freebl3.dll http://185.254.37.234/61c7c6a1a965cae9/sqlite3.dll http://185.254.37.234/61c7c6a1a965cae9/vcruntime140.dll http://185.254.37.234/61c7c6a1a965cae9/softokn3.dll http://185.254.37.234/a68326a8bd26a679.php http://185.254.37.234/61c7c6a1a965cae9/msvcp140.dll http://185.254.37.234/61c7c6a1a965cae9/nss3.dll	1	16 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Active C2 Responding with plugins Config ET MALWARE Win32/Stealc Submitting System Information to C2 ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET MALWARE Win32/Stealc Submitting Screenshot to C2	8.2	M	39	ZeroCERT

11133	2023-07-30 09:05	new.EXE c36f10074bd560df1341aeb405b23641 Gen1 Emotet UPX Malicious Library Malicious Packer CAB PE64 PE File OS Processor Check VirusTotal Malware AutoRuns PDB Creates executable files WriteConsoleW Windows Remote Code Execution				3.4	M	45	ZeroCERT

11134	2023-07-30 09:03	ChromeSetup.exe 665f93abbe5d9241c9b8146e85aacaa1 UPX Malicious Library PE File PE32 DLL .NET DLL PE64 GIF Format VirusTotal Malware Check memory Creates shortcut Creates executable files unpack itself suspicious process AppData folder crashed				4.2	M	48	ZeroCERT

11135	2023-07-30 09:00	09LW5kZ-.exe b56676093945f3c0c4676803cf7e0d50 PE64 PE File VirusTotal Malware unpack itself DNS		3		3.6	M	49	ZeroCERT

11136	2023-07-30 09:00	RobluxCoins.exe d13b979b1bd8830f093bb9aab1c3f80e UPX OS Processor Check PE64 PE File VirusTotal Malware Code Injection unpack itself				3.2	M	45	ZeroCERT

11137	2023-07-30 08:58	microsoft.exe bfb74ee91ef31c7384e645174406627d Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself Windows Cryptographic key crashed				1.4			ZeroCERT

11138	2023-07-30 08:58	ChromeSetup.exe e01d546954b7b9c3dafb2e61549788c7 .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Browser Email ComputerName DNS Software crashed		1		9.4	M		ZeroCERT

11139	2023-07-30 08:56	W8vQdbz8.exe 63c85f130b60b2c292e0eaf9794fe897 PE64 PE File unpack itself DNS		3		2.4	M		ZeroCERT

11140	2023-07-30 08:56	777888_2023-07-27_16-09.exe 117dc29bb97feea7e270cdb5af9b08b8 UPX Malicious Library OS Processor Check PE File PE32 unpack itself Remote Code Execution				1.0	M		ZeroCERT

11141	2023-07-30 08:54	fbinzx.exe 3a7cc97f59790807311ef47ae5cc28ca Formbook AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	2 Keyword trend analysis	4	2	7.4	M		ZeroCERT

11142	2023-07-30 08:53	ChromeSetup.exe 1f4365fb20db051b2b510416ee167971 UPX Malicious Library PE File PE32 DLL Check memory Creates executable files unpack itself AppData folder DNS		1		2.2	M		ZeroCERT

11143	2023-07-30 08:52	ChromeSetup.exe 647f17f3cbca30359b98deb1ec7e6c18 Generic Malware .NET framework(MSIL) Antivirus UPX Internet API AntiDebug AntiVM .NET EXE PE File PE32 DLL Email Client Info Stealer Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows Email ComputerName Cryptographic key crashed	1 Keyword trend analysis	4	2	13.4	M		ZeroCERT

11144	2023-07-30 08:52	meta123.exe 7e80b843f2688e8c90f01cf12c52b5c4 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)	5.0			ZeroCERT

11145	2023-07-28 17:45	chromium.exe 71bc10004d1b0408375de806d4530983 UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder				2.2	M	12	ZeroCERT