Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1576	2024-08-05 11:02	cvekil.exe b61f420fbf37cc18ac5668bf183d57c6 Generic Malware UPX PE File PE64 VirusTotal Malware Checks debugger Creates executable files Windows utilities suspicious process WriteConsoleW Windows ComputerName					4.8	M	36	ZeroCERT

1577	2024-08-05 11:01	atexec.exe 233d80fbd1fc0ad6562df06f55f01d0f Gen1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL .NET DLL VirusTotal Malware Creates executable files unpack itself AppData folder WriteConsoleW					2.8	M	44	ZeroCERT

1578	2024-08-05 10:59	x64.exe c5a325ee2a50f7670cd5bd685721ee06 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting DNS		1			3.2	M	56	ZeroCERT

1579	2024-08-05 10:58	smbexec.exe 9dd9d006d40d7e43eedbd1db385844b8 Gen1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL .NET DLL VirusTotal Malware Creates executable files unpack itself AppData folder WriteConsoleW					2.8	M	52	ZeroCERT

1580	2024-08-05 10:57	2.exe b859d1252109669c1a82b235aaf40932 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.0	M	24	ZeroCERT

1581	2024-08-05 10:55	mass.exe 197f78ed2328b1369153eda070489805 Malicious Library UPX Anti_VM ftp PE File PE32 OS Processor Check VirusTotal Malware PDB					1.8	M	44	ZeroCERT

1582	2024-08-05 10:54	[install].exe b7a8955b08547b07d755f17798eb3aad UPX PE File PE64 VirusTotal Malware					2.6	M	50	ZeroCERT

1583	2024-08-05 10:53	v.exe 5381689d4c9a0ce9d0f67dd8485188d2 Downloader Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 VirusTotal Malware AutoRuns Windows	2 Keyword trend analysis	2	1		3.8	M	45	ZeroCERT

1584	2024-08-05 10:52	reverse.exe 58840f757810108421b4ff20ec0a7c0b Metasploit Generic Malware PE File PE64 VirusTotal Malware DNS		1			3.0	M	42	ZeroCERT

1585	2024-08-05 10:51	psexec.exe 1dd30422a1cb52d87337debb4983d342 Gen1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL .NET DLL VirusTotal Malware Creates executable files unpack itself AppData folder WriteConsoleW					3.4	M	44	ZeroCERT

1586	2024-08-05 10:51	systems.exe 454a942056f6d69c4a06ffedffea974a RedLine Infostealer UltraVNC Generic Malware Downloader Malicious Library UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug An Malware download AsyncRAT NetWireRC VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell Telegram AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Tofsee Ransomware Windows ComputerName DNS Cryptographic key crashed		4	8 Info ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Telegram API Domain in DNS Lookup SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SURICATA Applayer Detect protocol only one direction ET INFO TLS Handshake Failure ET MALWARE Generic AsyncRAT Style SSL Cert		18.0	M	48	ZeroCERT

1587	2024-08-05 10:51	shell.exe 0213da520fdca3535f303c90982fb766 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	59	ZeroCERT

1588	2024-08-05 10:50	sasa.bat 90c3dfd74d6ab4b7b98777930ab44a23 Generic Malware Downloader Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Ant VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	4		9.6	M	1	ZeroCERT

1589	2024-08-05 10:49	miner.exe 53540062e2853766764ac60dbaa4baab Emotet Gen1 XMRig Miner CoinMiner Generic Malware Suspicious_Script_Bin NMap Downloader Malicious Library Antivirus UPX Malicious Packer Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code in VirusTotal Cryptocurrency Miner Malware Cryptocurrency Telegram AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process sandbox evasion WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key crashed	2 Keyword trend analysis	3	5 Info ET HUNTING Telegram API Domain in DNS Lookup ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET POLICY Cryptocurrency Miner Checkin SURICATA HTTP Request unrecognized authorization method ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection	2	14.8	M	51	ZeroCERT

1590	2024-08-05 10:49	client.exe 88f51d627da1f6fddea62b9f1cc66cbf njRAT backdoor PE File .NET EXE PE32 VirusTotal Malware WriteConsoleW DNS		2			3.6	M	65	ZeroCERT