Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
1576	2025-03-26 13:30	system.exe ba061861481a48da1ae6efb1c678f26c Generic Malware Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key				8.0	58	ZeroCERT

1577	2025-03-26 13:30	VixenLoader.exe 9e02078809cf34479e5108fca383862c North Korea Generic Malware Malicious Library Antivirus PE File .NET EXE PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key				5.8	41	ZeroCERT

1578	2025-03-26 13:28	8191032732_1740264845.vbs 4afad6366d8fb4b51b9b644bd3bbb275 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				7.4	15	ZeroCERT

1579	2025-03-26 13:25	loader.exe c797beeee8e4aa8a65f2ec466d923404 Downloader UPX PE File PE64 OS Processor Check VirusTotal Malware PDB				1.4	50	ZeroCERT

1580	2025-03-26 13:22	nicworkingskillbetterwithnicet... 6fe3875062cb2b402b33d335dee94ac6 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware VBScript Code Injection Check memory wscript.exe payload download Creates executable files unpack itself suspicious process Tofsee DNS Dropper	1 Keyword trend analysis	2	4	10.0	8	ZeroCERT

1581	2025-03-26 11:31	apple.exe f0676528d1fc19da84c92fe256950bd7 Generic Malware Malicious Library WinRAR UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware PDB Code Injection Creates executable files Windows utilities Auto service suspicious process Windows				4.8	48	ZeroCERT

1582	2025-03-26 11:30	crypted.exe 264c28f35244da45b779e4ead9c6c399 PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.8	54	ZeroCERT

1583	2025-03-26 11:29	setup.exe 4a7a12a9e10dff157ee2b2bd9d8853ba Malicious Library UPX PE File PE32 MZP Format VirusTotal Malware unpack itself DNS		1		2.6	51	ZeroCERT

1584	2025-03-26 11:29	rem.exe 46482159a66da1f77b00f808b91ae3e4 Malicious Library PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows ComputerName Cryptographic key crashed				6.0	50	ZeroCERT

1585	2025-03-26 11:28	xmsn.exe 808a1e4b004ad48ca5e96aece8c64133 Emotet Gen1 Generic Malware Malicious Library Malicious Packer UPX ASPack PE File PE64 CAB OS Processor Check DLL DllRegisterServer dll PE32 VirusTotal Malware Telegram PDB Malicious Traffic Checks debugger Creates executable files ICMP traffic unpack itself DNS	6 Keyword trend analysis Info http://37.27.142.100/internals/api/ip?1742955734973498442 http://37.27.142.97/internals/api/ip?1742955747971253166 http://37.27.142.139/internals/api/ip?1742955786967592643 http://37.27.142.101/internals/api/ip?1742955760967662430 http://37.27.142.97/internals/api/ip?1742955763973640697 http://www.google.com/	26 Info t.me(149.154.167.99) - www.google.com(142.250.206.196) - i.instagram.com(157.240.215.63) - vanaheim.cn(46.173.214.156) - scontent-ssn1-1.cdninstagram.com(157.240.215.63) - s.youtube.com(64.233.189.102) - www.google.co.uk(142.250.207.99) - graph.instagram.com(157.240.215.63) - 149.154.167.99 - 185.7.214.57 - 74.125.23.138 - 157.240.215.63 - 185.7.214.51 - 185.156.72.27 - 142.250.198.100 - 37.27.142.100 - 37.27.142.101 - 142.250.66.35 - 37.27.142.139 - 46.173.214.156 - 185.42.12.21 - 37.27.142.97 - 185.42.12.45 - 185.11.61.16 - 185.11.61.15 - 185.156.72.58 -	4	5.8	49	ZeroCERT

1586	2025-03-26 11:27	we.exe 7e54eec2d10957178e6410ba1c899c21 AsyncRAT task schedule Downloader Malicious Library .NET framework(MSIL) Malicious Packer UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDe Malware download AsyncRAT NetWireRC VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder WriteConsoleW zgRAT Windows ComputerName DNS DDNS		12	5	5.8	59	ZeroCERT

1587	2025-03-26 11:25	y0u3d_003.exe 398ab46e27982dfd2028bf42f4832fa8 UPX PE File PE32 VirusTotal Malware				1.8	55	ZeroCERT

1588	2025-03-26 11:23	roblox_protected.exe 30173d85ceebafdf75d0d94b15cdba1d Themida Malicious Library Anti_VM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Detects VMWare Check virtual network interfaces suspicious process AppData folder WriteConsoleW VMware anti-virtualization IP Check Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	3	12.6	50	ZeroCERT

1589	2025-03-26 11:23	OkH8IPF.exe b38cd06513a826e8976bb39c3e855f64 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware crashed				2.0	50	ZeroCERT

1590	2025-03-26 11:21	jajajdva.exe 4f0990ea72c03f3911be671cbceb7fda RedLine stealer Generic Malware Malicious Library .NET framework(MSIL) Malicious Packer UPX PE File .NET EXE PE32 OS Processor Check DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder				2.6	38	ZeroCERT