Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
17581	2023-05-30 09:34	fotocr06.exe e9cdf6f42ec689a4f12eed551865668c Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Browser ComputerName RCE DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	11 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request	3	13.8	M		ZeroCERT

17582	2023-05-30 00:37	Newtonsoft.Json.dll 715a1fbee4665e99e859eda667fe8034 RAT UPX .NET DLL DLL PE File PE32 PDB					0.2			guest

17583	2023-05-29 23:08	http://123.175.114.112:54069/M... Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		1	2		6.4			guest

17584	2023-05-29 22:05	File_pass1234.7z 0d6f6b6bd8f63cb7ea5854d7fb265cb4 AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.8	M	6	guest

17585	2023-05-29 20:42	2.exe 294fab1523dc3b50cbcc120e67946a5b UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware DNS		1			3.4	M	56	guest

17586	2023-05-29 18:22	blessed.exe 4ddfcaf4794dc757f9f4806af87b233d Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed					10.0	M	34	ZeroCERT

17587	2023-05-29 18:22	ddd.xlsb 0e65c589e0c6edffb3b305e7595a271b ZIP Format Excel Binary Workbook file format(xlsb) VirusTotal Malware unpack itself DNS					1.8		3	ZeroCERT

17588	2023-05-29 18:21	https://blitzz.com.ar/wp-conte... 0d6f6b6bd8f63cb7ea5854d7fb265cb4 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		2	2		4.8	M	6	guest

17589	2023-05-29 18:20	%23%23%23%23%23%23%23%23%23%23... 2649a0cdd385220ace4898e1f3f5b377 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	1 Keyword trend analysis	1	6 Info ET INFO Executable Download from dotted-quad Host ET HUNTING Possibly Suspicious Request for Putty.exe from Non-Standard Download Location ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.6		35	ZeroCERT

17590	2023-05-29 13:57	redline.exe 2d0d9f29bca70bdde306f8b5188117ce PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1			6.2	M	53	ZeroCERT

17591	2023-05-29 13:55	OGQ5YTll.exe 33aafdcbbee5896be71abe19e26000db RAT Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed					9.6	M	53	ZeroCERT

17592	2023-05-29 13:52	toolspub2.exe 3a66a27b79651f7c45a136a08a44a571 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself					6.6	M	54	ZeroCERT

17593	2023-05-29 13:50	YzlhMGI2.doc c3681f1d0664c277cec547bd6f1824ef MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	3	6 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	M	38	ZeroCERT

17594	2023-05-29 13:49	OGQ5YTll.doc c460a03f63c3c77e60c5af1f792ac6d2 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis	5	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0	M	36	ZeroCERT

17595	2023-05-29 13:48	Y2Q0MzM1.exe 53ddfea8b518d5dcb6e1db29b8405187 Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET Malicious Packer SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NE Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName RCE DNS Cryptographic key Software crashed	5 Keyword trend analysis Info http://77.91.124.20/store/games/Plugins/cred64.dll - rule_id: 31849 http://77.91.124.20/store/games/index.php - rule_id: 32547 http://77.91.124.20/store/games/Plugins/clip64.dll - rule_id: 32546 http://77.91.124.20/DSC01491/fotocr05.exe http://77.91.124.20/DSC01491/foto495.exe	3	7 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	3	21.8	M	47	ZeroCERT