Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
121	2024-06-16 10:33	output_64.exe 8018029cb32fd2517865b0145dea21e7 Generic Malware Malicious Library PE64 PE File VirusTotal Malware DNS		1			3.4	M	62	ZeroCERT

122	2024-06-16 10:31	random.exe 11afad19e16fa87f34c05c8e61e78811 Amadey PE File PE32 VirusTotal Malware AutoRuns Malicious Traffic Checks debugger unpack itself Checks Bios Detects VMWare AppData folder VMware anti-virtualization Windows DNS crashed	1 Keyword trend analysis	2		1	10.0	M	41	ZeroCERT

123	2024-06-16 10:31	x86_0802_1.exe 02bb63e3838307c0a3f20c84089b2055 Generic Malware Malicious Packer Malicious Library Downloader UPX PE File PE32 OS Processor Check VirusTotal Malware PDB sandbox evasion WriteConsoleW Remote Code Execution DNS crashed		1			5.0	M	49	ZeroCERT

124	2024-06-16 10:26	x86_0729_1.exe 5fd66ba54fdd540072eeea86213c351b Generic Malware Malicious Packer Malicious Library Downloader UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege sandbox evasion WriteConsoleW Windows Advertising Remote Code Execution Firmware DNS crashed		1			8.0	M	49	ZeroCERT

125	2024-06-16 10:25	hecto.scr 6f7f8c5a5e2ee030b2ad60fc83a84ecf AgentTesla Malicious Library .NET framework(MSIL) UPX PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Browser Email ComputerName Software crashed					9.4	M		ZeroCERT

126	2024-06-16 10:22	1019430.exe d235285e6e98fcda120673a5bd248341 Generic Malware Malicious Library PE File PE32 DNS		1			1.8	M		ZeroCERT

127	2024-06-16 10:20	services64.exe c8a50a6f1f73df72de866f6131346e69 PE64 PE File VirusTotal Malware DNS		2			2.4	M	51	ZeroCERT

128	2024-06-16 10:18	random.exe 0f2c5d3966f262c04af7eb8cbe26c78a Amadey Gen1 RedLine stealer RedlineStealer Lumma Stealer Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX Downloader Malicious Packer Antivirus .NET framework(MSIL) ScreenShot Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Chec Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Cryptocurrency Miner Malware Microsoft AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder VMware anti-virtualization installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed Downloader CoinMiner	10 Keyword trend analysis Info http://185.172.128.116/Mb3GvQs8/index.php http://185.172.128.116/NewLatest.exe http://185.172.128.116/Mb3GvQs8/index.php?scr=1 http://185.172.128.116/b2c2c1.exe http://77.91.77.81/Kiru9gu/index.php - rule_id: 40037 http://77.91.77.81/lend/monster.exe http://185.172.128.19/FirstZ.exe - rule_id: 39930 http://apps.identrust.com/roots/dstrootcax3.p7c http://77.91.77.81/lend/setup222.exe http://x1.i.lencr.org/	17 Info xmr-eu1.nanopool.org(51.15.58.224) - mailcious kmsandallapp.ru(31.31.198.35) - mailcious x1.i.lencr.org(23.40.44.214) pastebin.com(104.20.4.235) - mailcious boredombusters.online(104.21.44.95) zeph-eu2.nanopool.org(51.68.137.186) - mailcious 104.20.3.235 - malware 185.172.128.19 - mailcious 23.41.113.9 172.67.198.131 51.15.193.130 77.91.77.81 - mailcious 185.172.128.116 51.68.137.186 - mailcious 31.31.198.35 - mailcious 121.254.136.9 185.215.113.67 - mailcious	17 Info ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET MALWARE Amadey Bot Activity (POST) M1	2	20.0	M	41	ZeroCERT

129	2024-06-16 10:16	DhlServer.exe dcaab6548f0017f413d032fac6449fc1 Generic Malware Malicious Library PE File PE32 VirusTotal Malware AutoRuns Creates executable files unpack itself suspicious process Windows DNS	1 Keyword trend analysis	3	1		5.8	M	64	ZeroCERT

130	2024-06-16 10:13	lvse.exe bcb3fe24e81f8e6989bc8005838433a0 Generic Malware Malicious Library AntiDebug AntiVM PE File PE32 PE64 VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows utilities suspicious process AppData folder Windows Advertising		2			9.4	M	65	ZeroCERT

131	2024-06-16 10:11	ewwe.exe 58f8e96f834d5d882046bd503ee83b18 Malicious Packer Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware crashed					2.0	M	48	ZeroCERT

132	2024-06-16 10:09	lenin.exe 93896624af562420c457d547b73dd197 Malicious Packer PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	9 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)		13.8	M	41	ZeroCERT

133	2024-06-16 10:09	x86_0922_4.exe 5f53734c5153ec3dd61e2a732a2ff03f Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege WriteConsoleW Windows Advertising Remote Code Execution Firmware DNS crashed		1			7.2	M	37	ZeroCERT

134	2024-06-16 10:04	newbild.exe f9fc06f0cc64b6a700eda6fd6d816df3 PE File PE32 VirusTotal Malware Remote Code Execution					2.4	M	42	ZeroCERT

135	2024-06-16 10:00	x86_0923_1.exe 95996d628e7f15ed7290902c879aa81b Generic Malware Malicious Packer Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege sandbox evasion WriteConsoleW Windows Advertising Remote Code Execution Firmware DNS crashed		1			7.4	M	26	ZeroCERT