Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1396	2024-08-09 07:57	GOLD.exe e71c0c5d72455dde6510ba23552d7d2f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PDB unpack itself crashed					1.2	M		ZeroCERT

1397	2024-08-09 07:56	stealc_default.exe e78239a5b0223499bed12a752b893cad Stealc Gen1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Antivirus UPX Malicious Packer PE File PE32 DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer Vidar Email Client Info Stealer Malware c&c Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software plugin	9 Keyword trend analysis Info http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll - rule_id: 275 http://185.215.113.17/2fb6c2cc8dce150a.php - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/mozglue.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/softokn3.dll - rule_id: 275 http://185.215.113.17/ - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/nss3.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll - rule_id: 275 http://185.215.113.17/f1ddeb6592c03206/freebl3.dll - rule_id: 275	1	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config M1 ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET MALWARE Win32/Stealc Submitting System Information to C2 ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	9	7.2	M		ZeroCERT

1398	2024-08-09 07:56	bsso_launcher_v1.exe 6a60f6fbd451bfb11d0c943706ceda0a Malicious Library UPX PE File PE64 ftp OS Processor Check Check memory Checks debugger Creates executable files RWX flags setting unpack itself Check virtual network interfaces Tor DNS crashed		5	6 Info ET TOR Known Tor Exit Node Traffic group 70 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 70 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 258 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 194 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 788 ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 170		5.2	M		ZeroCERT

1399	2024-08-09 07:54	DivxBra.exe 4ee6fb632595268ef97aacf18a0bffb8 Suspicious_Script_Bin Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P An suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Ransomware Windows ComputerName					7.0	M		ZeroCERT

1400	2024-08-09 07:53	buildz.exe b7cb7f2b5cd9bd047710650295dc88f7 Suspicious_Script_Bin Malicious Library UPX Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Malware Microsoft AutoRuns Code Injection malicious URLs Tofsee Windows ComputerName DNS	2 Keyword trend analysis	4	6 Info ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET POLICY External IP Address Lookup DNS Query (2ip .ua)	1	4.8	M		ZeroCERT

1401	2024-08-09 07:51	kitty.exe 0ec1f7cc17b6402cd2df150e0e5e92ca Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PE64 Malware download Email Client Info Stealer Malware AutoRuns Malicious Traffic WMI Creates executable files Windows utilities Checks Bios suspicious process WriteConsoleW anti-virtualization Tofsee Windows Email ComputerName DNS	3 Keyword trend analysis Info http://185.216.214.225/mingh.exe https://fusionflow-meta.net/socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 https://fusionflow-meta.net/socket/?id=5BCCD56859158D5509DEF6EE93BD1D99E583188F0C221CF3349EDF15382DB8F4&us=1ACC94780D1E&mn=3AECB4580D1EC6312C&os=39C08968505B9841589FC5AB9AE31E8EF2DC42D055785DDC&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9BD4	3	5		7.4	M		ZeroCERT

1402	2024-08-09 07:50	30072024.exe aedfb26f18fdd54279e8d1b82b84559a RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1	1		4.2	M		ZeroCERT

1403	2024-08-09 07:49	Aatxl.exe 02b2f62e789410f8c256b0d63ac45a1a Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 Check memory Checks debugger buffers extracted unpack itself ComputerName crashed					2.0			ZeroCERT

1404	2024-08-09 07:48	sahost.exe 3470b26b4f683b2c79794d5a71b5d681 NSIS Suspicious_Script_Bin Malicious Library UPX PE File PE32 DLL Check memory Creates executable files unpack itself AppData folder					1.6	M		ZeroCERT

1405	2024-08-08 16:51	카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.ex... 6eaf878c7f1449d65f4b99d49aa9844a Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 MZP Format OS Processor Check DLL PE64 VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					7.2		18	ZeroCERT

1406	2024-08-08 16:13	Launcher_Setup.exe 6c1f3f90da84d774ee602dd603a5a22e Emotet Generic Malware Malicious Library Malicious Packer UPX Anti_VM DllRegisterServer dll PE File PE64 OS Processor Check VirusTotal Malware					1.0		38	ZeroCERT

1407	2024-08-08 16:10	Targeted Advance Persistent Th... ccec3e4857cbb197ac79b0f3b01f5189 Word 2007 file format(docx) ZIP Format Vulnerability VirusTotal Malware unpack itself Tofsee	2 Keyword trend analysis	4	1		2.8		11	ZeroCERT

1408	2024-08-08 16:07	Launcher_Setup.exe 6c1f3f90da84d774ee602dd603a5a22e Emotet Generic Malware Malicious Library Malicious Packer UPX Anti_VM DllRegisterServer dll PE File PE64 OS Processor Check VirusTotal Malware crashed					1.2		38	ZeroCERT

1409	2024-08-08 16:03	sahost.exe a50c4a5189f1223de3c44d7803972571 Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	6 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		15.0		22	ZeroCERT

1410	2024-08-08 15:33	sweetdresswearwithgirlstyle.gI... 4d8093da8406aa5447403631e1383e8e Generic Malware Antivirus Hide_URL PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.0	M		ZeroCERT