Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
181	2023-08-18 07:52	fotod300.exe e802b1dbc1f2d392ab7b809d0f177763 Gen1 Emotet Malicious Library UPX PE File CAB PE32 VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Update Remote Code Execution					8.4	M	44	ZeroCERT

182	2023-08-22 07:40	img0581.exe 65e6ee55777c6d70eec5adc27270786c Gen1 Emotet Malicious Library UPX PE File CAB PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Email Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealc Stealer Windows Update Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)	1	13.8	M		ZeroCERT

183	2023-08-27 15:30	fotod400.exe b8cc6af4f254f54043acedb5945a1335 Gen1 Emotet Malicious Library UPX PE File CAB PE32 VirusTotal Malware AutoRuns PDB Check memory Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Remote Code Execution					5.4		41	ZeroCERT

184	2023-08-27 15:30	foto4066.exe db0300034190fd2dc6fc67552a5702c8 Gen1 Emotet Malicious Library UPX PE File CAB PE32 VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Update Remote Code Execution					8.2		42	ZeroCERT

185	2023-08-28 10:03	reliigiousplanpro.exe 265f3a4af704826afeb581c091445847 Gen1 Emotet Malicious Library UPX Anti_VM PE File CAB PE64 VirusTotal Malware AutoRuns PDB MachineGuid Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces Tofsee Windows Remote Code Execution		2	1		4.4		11	ZeroCERT

186	2023-08-28 10:05	religiousplanpro.exe 93cc75015ca399e68d2176adecea521d Gen1 Emotet Malicious Library UPX Anti_VM PE File CAB PE64 .NET EXE PE32 VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows Remote Code Execution		2	1		4.6		10	ZeroCERT

187	2023-08-29 22:03	reliigiousplanpro.exe 265f3a4af704826afeb581c091445847 Gen1 Emotet Malicious Library UPX Anti_VM PE File CAB PE64 VirusTotal Malware AutoRuns PDB MachineGuid Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces Tofsee Windows Remote Code Execution		2	1		4.4		11	guest

188	2023-08-30 08:11	foto9066.exe ce3cbd4a21c9a184fdd4a6697a75ffaa Gen1 Emotet Malicious Library UPX PE File CAB PE32 VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Update Remote Code Execution					8.2	M	42	ZeroCERT

189	2023-08-30 17:34	fotod900.exe ae22f96ad670c6b12a3e7e90057f6b23 Gen1 Emotet Malicious Library UPX PE File CAB PE32 VirusTotal Malware AutoRuns PDB Check memory Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Remote Code Execution					5.4		46	ZeroCERT

190	2023-08-31 07:57	fotos894.exe 608bfad41214b06eefaf2cdffa6bab23 Gen1 Emotet Malicious Library UPX CAB PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealc Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1	1	14.6	M	40	ZeroCERT

191	2023-09-04 17:08	fotod200.exe e08ec2efbc2cb0b25e6b8b63a6c19014 Gen1 Emotet Malicious Library UPX CAB PE File PE32 VirusTotal Malware AutoRuns PDB Check memory Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Remote Code Execution					5.2		39	ZeroCERT

192	2023-09-04 17:13	foto2166.exe 1ad10fe1f8b0816dcc0c371a16383f10 Gen1 Emotet Malicious Library UPX CAB PE File PE32 VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Update Remote Code Execution Cryptographic key crashed					8.6	M	46	ZeroCERT

193	2023-09-05 08:42	fotod780.exe c438ccb5facbc06a480f86f9a868287c Gen1 Emotet Malicious Library UPX CAB PE File PE32 AutoRuns PDB Check memory Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Remote Code Execution					4.2	M		ZeroCERT

194	2023-09-05 08:47	foto7866.exe 86e1e4c7dd69a31a2c6fe3d9e40c923f Gen1 Emotet Malicious Library UPX CAB PE File PE32 AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Update Remote Code Execution Cryptographic key crashed					7.4	M		ZeroCERT

195	2023-09-07 07:33	fotod780.exe cbef3e310e728779c219a307e7bc945d Gen1 Emotet Browser Login Data Stealer RedLine Infostealer RedLine stealer Malicious Library UPX .NET framework(MSIL) Confuser .NET CAB PE File PE32 OS Processor Check .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)		11.2	M		ZeroCERT