Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2024-03-28 07:55	file.exe 90489ae7eda45c9ab0904ec54c1caa71 XWorm WebCam Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key crashed	3 Keyword trend analysis	4		15.6	M	50	ZeroCERT

2	2023-03-25 02:10	b807c47cdaefec023b49e34b6fdd59... ff5e5be0cacada5cdf90d4b38e6187c9 Gen1 UPX Malicious Library Malicious Packer PE64 PE File Remote Code Execution crashed				0.4			BRY

3	2022-10-28 17:36	qqq.exe 79a24a331ec7b5d3b1cf688cc64d995a PWS[m] RedLine stealer[m] RAT UPX AntiDebug AntiVM PE32 .NET EXE PE File PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	15.8	M	58	ZeroCERT

4	2022-10-11 09:51	MyNewFileChr.exe bd23004f9dce0af56443bcd736ed3873 RAT Gen1 Gen2 UPX Malicious Library Malicious Packer ScreenShot Internet API Http API AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL Browser Info Stealer VirusTotal Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Windows Browser Remote Code Execution DNS Cryptographic key	8 Keyword trend analysis Info http://77.73.133.7/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://77.73.133.7/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://77.73.133.7/d978126996ddb27849ad730eefea7bc8 http://77.73.133.7/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://77.73.133.7/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll http://77.73.133.7/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://77.73.133.7/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll http://77.73.133.7/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll	1		12.0	M	28	ZeroCERT

5	2022-06-13 07:48	fudge.exe 6e26dd07bb0c9e44cdce33032450d5c3 RAT DNS AntiDebug AntiVM PE32 .NET EXE PE File VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself Check virtual network interfaces suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed	1 Keyword trend analysis	4	2	14.8		17	ZeroCERT

6	2021-03-30 16:07	iexplore.exe c50eeb216ab9f7e9b375270426c4dfd6 Gen PDB Remote Code Execution				0.6			조광섭