Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1	2024-10-10 11:16	QkZoHEBKmB.exe 16d6121d4ff8ab1f1a6ae47a096220d3 Generic Malware Downloader Malicious Library UPX Obsidium protector Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P persistence AntiDebug VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder malicious URLs Windows ComputerName Cryptographic key crashed				8.0	M	55	ZeroCERT

2	2023-05-16 09:20	321.exe ac9b826b0329458eaad2ccb3fafcd7ff Loki_b Loki_m Gen1 PWS .NET framework RAT Downloader UPX Malicious Library Malicious Packer Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger Scre VirusTotal Malware powershell Telegram MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder malicious URLs Tofsee ComputerName DNS	3 Keyword trend analysis	6	3	9.0	M	43	ZeroCERT

3	2023-05-15 08:55	bild6.exe 21eab81729333b160786a2de1b1e621d RedLine stealer[m] PWS .NET framework RAT Generic Malware Downloader UPX Malicious Library Antivirus Confuser .NET Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP Key Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Telegram AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check installed browsers check Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	8	5	14.8	M	52	ZeroCERT

4	2023-05-14 17:09	bild202.exe a17af46e9c7bba005d9907ad2b722560 Loki_b Loki_m RedLine stealer[m] Gen1 PWS .NET framework RAT Generic Malware Downloader UPX Malicious Library Antivirus Malicious Packer Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escala Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Telegram suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software	4 Keyword trend analysis	6	3	16.6	M	48	ZeroCERT

5	2023-05-14 17:07	HalogenSySCheck.exe ee0da89ff62475fe63a8cd12c7134c5e RedLine stealer[m] RAT PWS .NET framework Generic Malware Downloader UPX Malicious Library Antivirus Confuser .NET Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP Key Browser Info Stealer VirusTotal Malware powershell Telegram suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed		3	4	9.8	M	42	ZeroCERT

6	2023-04-18 17:52	Togwcstgxg.exe 7225b0d133ba9c857fbfb6291eab84e3 Generic Malware Downloader task schedule UPX Malicious Library Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot persistence AntiDebug An Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AppData folder malicious URLs installed browsers check Ransomware Windows Browser ComputerName DNS Cryptographic key	1 Keyword trend analysis	1		9.4	M	50	ZeroCERT

7	2023-04-18 17:35	virus.exe 43967615d9e0e19bc59d32fdb5afd7e4 RedLine stealer[m] PWS .NET framework RAT Generic Malware Downloader UPX Malicious Library Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenS Browser Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs installed browsers check Windows Browser ComputerName DNS Cryptographic key	1 Keyword trend analysis	2		10.2	M	34	ZeroCERT

8	2021-11-18 14:39	Done.exe aaea0b2a1b429283fe48d824d1c40c4b Themida Packer Generic Malware Malicious Library UPX Anti_VM Antivirus Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM PE Fi Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare powershell.exe wrote suspicious process AppData folder VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		3		12.6		32	ZeroCERT

9	2021-11-18 14:16	5.exe 5947013e88bba4a0f8857d4d07e7ede4 Generic Malware Themida Packer Malicious Library UPX Antivirus Create Service DGA Socket Steal credential DNS Internet API Code injection Sniff Audio HTTP KeyLogger FTP Escalate priviledges Downloader ScreenShot Http API P2P AntiDebug AntiVM PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare powershell.exe wrote suspicious process AppData folder VMware anti-virtualization installed browsers check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		1		12.4		25	ZeroCERT

10	2021-09-19 11:00	CurrenyCalculatorInst.exe 63fe4796434aad20a0ccbb0944ea0f02 Themida Packer Generic Malware Malicious Library Anti_VM Antivirus UPX Admin Tool (Sysinternals etc ...) DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Dow Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW VMware anti-virtualization installed browsers check Tofsee Windows Exploit Browser ComputerName Firmware DNS Cryptographic key Software crashed	5 Keyword trend analysis	12	1	17.4	M	38	ZeroCERT

11	2021-09-18 19:53	CurrenyCalculatorInstaller.exe 47a6177d085d921f354fa5081ec7fd1d Themida Packer Generic Malware Malicious Library Anti_VM Antivirus DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P AntiDebug AntiVM PE File P Browser Info Stealer FTP Client Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Checks Bios Collect installed applications Detects VMWare powershell.exe wrote Check virtual network interfaces suspicious process AppData folder VMware anti-virtualization installed browsers check Tofsee Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	5	1	14.2		27	ZeroCERT