Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
106	2023-04-28 09:09	photo_410.exe 522ae0a94eb64b2124168a956e661bc3 Gen1 Emotet PWS .NET framework RAT UPX Malicious Library Confuser .NET Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check .NET EXE DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	7 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		15.8	M		ZeroCERT

107	2023-05-04 09:51	fotocr54.exe 6311878ae700ef484c76e9f6be5d78e4 Gen1 Emotet UPX Malicious Library Malicious Packer CAB PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2			15.4	M		ZeroCERT

108	2023-05-08 09:32	photo_727.exe b2e88b522292ea5d250be091a726aa95 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	3 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	1	16.0	M		ZeroCERT

109	2023-05-08 11:08	foto0183.exe 459b9ff381bf53ae74aae7bbdc5cc6b3 Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	6 Keyword trend analysis Info http://77.91.124.20/store/games/index.php - rule_id: 32547 http://77.91.124.20/store/games/index.php http://77.91.124.20/store/games/Plugins/cred64.dll - rule_id: 31849 http://77.91.124.20/store/games/Plugins/cred64.dll http://77.91.124.20/store/games/Plugins/clip64.dll - rule_id: 32546 http://77.91.124.20/store/games/Plugins/clip64.dll	2	5	3	16.0			ZeroCERT

110	2023-05-09 09:11	foto0174.exe 1b1b1239c10dcd01f551df6cee30d4e2 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	4 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	3	16.0	M		ZeroCERT

111	2023-05-09 09:11	fotocr23.exe 9a5f630ba99d3ee7e838d5c9abac233e Gen1 Emotet PWS .NET framework RAT UltraVNC UPX Malicious Library Malicious Packer Confuser .NET CAB PE32 PE File OS Processor Check .NET EXE AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Disables Windows Security AppData folder AntiVM_Disk VM Disk Size Check Windows Update Remote Code Execution DNS Cryptographic key crashed		2			7.0	M		ZeroCERT

112	2023-05-11 09:15	photo_570.exe 9521fd6fc4a58dd4ae3c47d95eb91557 Gen1 Emotet PWS .NET framework RAT UltraVNC UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Confuser .NET CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	6 Keyword trend analysis Info http://77.91.124.20/store/games/Plugins/cred64.dll - rule_id: 31849 http://77.91.124.20/store/games/index.php - rule_id: 32547 http://77.91.124.20/store/games/index.php http://77.91.124.20/store/games/Plugins/clip64.dll - rule_id: 32546 http://77.91.124.20/DSC01491/foto0174.exe http://77.91.124.20/DSC01491/fotocr23.exe	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	3	16.0	M		ZeroCERT

113	2023-05-12 18:04	photo190.exe d874573195e89d1fdd72f31050cfcdc2 RedLine stealer[m] Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer SMTP PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	4 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	3	20.4	M	40	ZeroCERT

114	2023-05-14 17:08	lega.exe 72361b9ac961ae2ec3e94022f1ccb0a6 RedLine stealer[m] Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Confuser .NET SMTP PWS[m] AntiDebug AntiVM CAB PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			14.0	M		ZeroCERT

115	2023-05-16 09:16	photo230.exe bd745f43c090fd7fc5aeae0ec6b48d5a RedLine stealer[m] Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	6 Keyword trend analysis Info http://77.91.124.20/store/games/Plugins/cred64.dll - rule_id: 31849 http://77.91.124.20/store/games/Plugins/clip64.dll - rule_id: 32546 http://77.91.124.20/DSC01491/foto0174.exe - rule_id: 32623 http://77.91.124.20/DSC01491/fotocr23.exe - rule_id: 32624 http://77.91.124.20/store/games/index.php - rule_id: 32547 http://77.91.124.20/store/games/index.php	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	5	21.6	M	33	ZeroCERT

116	2023-05-19 18:00	photo230.exe 6af5107aa062ad8f3aa8cd91491de9c1 Gen1 Emotet UPX Malicious Library CAB PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			11.0	M	37	ZeroCERT

117	2023-05-20 16:20	foto0195.exe 283d3a45769695434e47bbb2c98ff469 Gen1 Emotet PWS .NET framework RAT RedLine Stealer UltraVNC UPX Malicious Library Confuser .NET CAB PE File PE32 OS Processor Check .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Check memory Checks debugger WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			11.4	M	36	ZeroCERT

118	2023-05-24 10:46	photo660.exe 18091cc747be815a7b757e5c439df36e Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis Info http://77.91.124.20/store/games/Plugins/clip64.dll - rule_id: 32546 http://77.91.124.20/store/games/Plugins/cred64.dll - rule_id: 31849 http://77.91.124.20/DSC01491/fotocr45.exe http://77.91.124.20/store/games/index.php - rule_id: 32547 http://77.91.124.20/store/games/index.php	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	3	21.8	M	40	ZeroCERT

119	2023-05-24 15:16	fotocr45.exe 45ef32456aac94be8e1bac27ed574868 Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	3 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	3	19.4	M		ZeroCERT

120	2023-05-26 09:30	foto495.exe e09051927ec47af8b01ec79d5548c7be Gen1 Emotet PWS .NET framework RAT UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer Confuser .NET CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request		14.8	M	36	ZeroCERT