Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
106	2024-09-17 13:40	cmd.exe 567381ee89c758794e9c619262885899 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS		1			5.2	M	61	ZeroCERT

107	2024-09-17 13:38	lake.exe 8b28fc96840848b88d76fb6df662eb23 Stealc Themida Anti_VM PE File PE32 Malware download VirusTotal Malware c&c Malicious Traffic Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Stealc Windows ComputerName DNS crashed	2 Keyword trend analysis	1	1	1	7.6	M	45	ZeroCERT

108	2024-09-17 13:37	whiteheroin.exe ca0a3f23c4743c84b5978306a4491f6f Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.4	M	59	ZeroCERT

109	2024-09-17 13:36	66e705d09b33c_jack.exe abdbcc23bd8f767e671bac6d2ff60335 Generic Malware Malicious Library .NET framework(MSIL) UPX Socket ScreenShot PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs DNS		1			10.6	M	48	ZeroCERT

110	2024-09-17 13:36	66e404f0b4ec1_main.exe 44085b8a499d1affb7656982fd6ab47b Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.6	M	57	ZeroCERT

111	2024-09-17 13:33	check2.exe d50d4c1c6ba5a9cc0522150dbf3c2f18 PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee ComputerName	1 Keyword trend analysis	4	1		3.4	M	26	ZeroCERT

112	2024-09-17 13:33	ZZ.exe aa4aca6b0973b169a4242718f04d9c54 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check ENERGETIC BEAR VirusTotal Malware Windows DNS DDNS keylogger		2	2		4.4	M	64	ZeroCERT

113	2024-09-17 13:32	999.exe 290a51a1f510c3983bab387318311a00 Generic Malware Malicious Library Antivirus Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		8.2	M	45	ZeroCERT

114	2024-09-17 13:31	s.exe 3eee1ec7c33c0101a5dcfe2656d26b3c UPX PE File PE32 VirusTotal Malware Check memory unpack itself					1.8	M	52	ZeroCERT

115	2024-09-17 13:29	debug.dbg 000ccbf32b9b4c304bd076b2451d5994 AntiDebug AntiVM ELF VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					4.6	M	41	ZeroCERT

116	2024-09-17 13:28	seed.exe c52e326b3e71b7930cf6b314d1fa1cff PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger ICMP traffic unpack itself Windows utilities suspicious process AppData folder Windows DNS		1			6.2	M	49	ZeroCERT

117	2024-09-17 13:28	random.exe 8bc68fd89fc539a6f195fb11cafff7dd Stealc Gen1 Themida Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare sandbox evasion VMware anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin	9 Keyword trend analysis Info http://185.215.113.103/0d60be0de163924d/msvcp140.dll http://185.215.113.103/ - rule_id: 42566 http://185.215.113.103/0d60be0de163924d/sqlite3.dll http://185.215.113.103/0d60be0de163924d/nss3.dll http://185.215.113.103/0d60be0de163924d/freebl3.dll http://185.215.113.103/0d60be0de163924d/mozglue.dll http://185.215.113.103/0d60be0de163924d/vcruntime140.dll http://185.215.113.103/e2b1563c6670f193.php http://185.215.113.103/0d60be0de163924d/softokn3.dll	1	15 Info ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	12.6	M	40	ZeroCERT

118	2024-09-17 13:26	66e464075714d_otr.exe#kisotrme... 39792b5d0b6a20c9216623181135f397 RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Stealer DNS		1	1		2.4	M	56	ZeroCERT

119	2024-09-17 13:24	b99.exe d18738ee43bda16b6a6d309f2baeef4d UPX PE File PE32 VirusTotal Malware					1.2		58	ZeroCERT

120	2024-09-17 13:24	PO.exe 644c70c76df47981aeac98d4f7a08971 ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		10.0		55	ZeroCERT