Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1876	2024-07-27 15:03	HNBC.txt.exe 2b985c758a227407855e1d8e14f8863d Browser Login Data Stealer Generic Malware Downloader Malicious Library Malicious Packer UPX ScreenShot AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser Email ComputerName DNS DDNS keylogger	1 Keyword trend analysis	4	3		11.4		59	ZeroCERT

1877	2024-07-27 15:02	iamtotalnewpersontogetmebackwi... 25a6c39dbc117a7596c857dbec4e5d93 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1			4.8	M	40	ZeroCERT

1878	2024-07-27 15:02	funtogetbacktomeforgetbacktoge... f179217f7e89dea23f1a01c29fc61659 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1			4.6	M	38	ZeroCERT

1879	2024-07-27 14:59	createdgoodthingstogetmebackth... 9f63ee5ef179cfcf56619e1c9d44447a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1			4.6	M	38	ZeroCERT

1880	2024-07-27 14:59	creamthingstohappenedgetmeback... e03f3290788de4d7a103f16b780b3cce MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit DNS crashed		1			5.2	M	37	ZeroCERT

1881	2024-07-27 14:57	pi.exe 1e8a2ed2e3f35620fb6b8c2a782a57f3 Generic Malware Downloader Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Checks debugger ICMP traffic Disables Windows Security Windows DNS	5 Keyword trend analysis	23 Info www.update.microsoft.com(20.72.235.82) 109.74.69.43 146.70.157.241 189.189.144.10 139.228.82.249 185.215.113.66 - malware 189.155.227.203 188.253.78.49 94.26.222.31 37.255.117.80 46.161.246.13 91.218.161.58 85.174.56.227 178.155.39.80 188.211.107.239 82.194.10.4 151.233.235.104 178.88.82.240 146.70.80.37 178.89.227.41 20.109.209.108 95.181.135.151 46.100.58.92	2	5	9.2	M	65	ZeroCERT

1882	2024-07-27 14:52	❉?????????????????????????????... 30d99024fb26c365e71bcdd860205eb4 AntiDebug AntiVM MSOffice File VirusTotal Malware MachineGuid Code Injection wscript.exe payload download Creates executable files exploit crash unpack itself Windows utilities suspicious process suspicious TLD Tofsee Windows Exploit DNS crashed		2	5		8.2		7	ZeroCERT

1883	2024-07-27 12:44	buildred.exe 4e0235942a9cde99ee2ee0ee1a736e4f RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		7.6	M	54	ZeroCERT

1884	2024-07-27 12:43	ldx111.exe 01519db4280c18b8ccd58235bf5a4048 .NET framework(MSIL) PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted RWX flags setting unpack itself suspicious process WriteConsoleW Windows Cryptographic key					11.2	M	33	ZeroCERT

1885	2024-07-27 12:42	InfluencedNervous.exe 1b0fe9739ef19752cb12647b6a4ba97b Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					6.2		33	ZeroCERT

1886	2024-07-27 12:41	PharmaciesDetection.exe 569720e2c07b1d34bac1366bf2b1c97a Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Proces VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName					6.6		12	ZeroCERT

1887	2024-07-27 12:39	build2.exe 410e91a252ffe557a41e66a174cd6dcb Generic Malware Malicious Library PE File PE64 VirusTotal Malware Check memory unpack itself					1.8		22	ZeroCERT

1888	2024-07-27 12:39	22per2.php.vbs ed24c6df34810458f7e9967058404512 Generic Malware Antivirus OS Processor Check Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.0			ZeroCERT

1889	2024-07-27 12:39	random.exe e04afeeb6bb46b372bc1d7c2e2f25ead Generic Malware EnigmaProtector Malicious Library UPX Code injection AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Checks Bios Detects VMWare AppData folder malicious URLs VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	1 Keyword trend analysis	4	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		18.0	M	38	ZeroCERT

1890	2024-07-27 12:38	22per.php.vbs 1f7c3d5b07e8e81501762bc87a897d96 Generic Malware Antivirus OS Processor Check Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.0			ZeroCERT