Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
1921	2024-07-26 10:52	RoguePotato.exe 2dd755be5842e71b304d2fbff93eb2a3 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware DNS		1		2.0	M	55	ZeroCERT

1922	2024-07-26 10:51	25072023.exe a9a37926c6d3ab63e00b12760fae1e73 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	7.6	M	53	ZeroCERT

1923	2024-07-26 10:50	5447jsX.exe 5dd9c1ffc4a95d8f1636ce53a5d99997 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.4	M	46	ZeroCERT

1924	2024-07-26 10:49	industries.exe b77405e92a8557ab11d1d6ed25d6b390 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL Browser Info Stealer VirusTotal Malware Checks debugger buffers extracted Creates executable files unpack itself AppData folder suspicious TLD Browser DNS	13 Keyword trend analysis Info http://www.coremagic.dev/rvsk/?MX7FkojV=Q6rrnvlrZTKYSle47xg6Y6OwSS9N0FqK+Mj9cH/UpKnUyMI1FWbgFk/FlNfWovow3hwVTGhvILolNNo3GNpr7hq9bWNUl6+SP6zUu/gjCFkqdjEUw+tJr6mTAbu4eV1uJ6YGGN8=&2Oj70=wymB9 http://www.balneo.shop/9kwt/?MX7FkojV=/fSY3QZdojWpNRWxwqctiQNAdxt1JuBXe68kaBTFsj+2jUSklURH6kjWh0GMyO+4mMP491VErEY7I0ob1VlJfdzB+SlT7K2iZIvlJJCUvillQoZjNNO9VKVTJ25PKBfJXbttaTY=&2Oj70=wymB9 http://www.butlay.website/u759/?MX7FkojV=MCukImoArEyLOTWqdQ1z2ePajSp2A5/BJZ6VTOICmOwJAgwJdKZCqOuSR5fILSmCknZcGV/72lN4bKl6niuzWckaU42fOjXxFvVyCgHozLVBKAJAIlIa8E7shRk9RybY7kmvMQk=&2Oj70=wymB9 http://www.hyattcreekoutpost.biz/sz4t/?MX7FkojV=PqYvDSUa5xpzdedq5tdpwiJC3gthoupmRjBzzJ3FbntVibPZI1/EKZl9s9hOn0Zmb9xaCSNsWJoSe51ux6SQqL8VwrNWtNbiyPi6OavNpFulETA7IisDPhWpDVcfmzCLy1FFmkA=&2Oj70=wymB9 http://www.mospos.top/q66s/?MX7FkojV=WxU+nNp+nJpz7Op4b6PDRlI6uXxtCFalh3oS6b0UMJSG3vkyp0IBCXywBW0+wHruShb13AiiEAiVUnW1+sH/RYwiBhm8QqKdAs/yfan11L/sTt125NYKX4Rdp1lkm/iDq+nnZa4=&2Oj70=wymB9 http://www.tepco-co.online/hkxp/?MX7FkojV=gPAUIlTRKA7qXOL1ZTlMStdeIysZD39Vk2/re0B3mS8rGAQ0GotM5sSvAkfRsadCl6ftFGx2rGJjUrcRh8RdozefQI8XmfbOp1GwBEXiGavuSYQFbTIXZtPOAEv8EMoS+0xwku0=&2Oj70=wymB9 http://www.sweatequitypac.org/raxq/?MX7FkojV=x7NDGsgoCWTIEJ1tNCkkA1f2sMsJkFt2/Kg/6Gal8l5Ws0UwXECJP572vAzACYdkP61pUsrmPyJQfMGcau4sPIxMO6OtXz5Fl6YkZsF6thbJOhJ/u+Iz2uLJY5XPwE+BFsUyCr8=&2Oj70=wymB9 http://www.sqlite.org/2019/sqlite-dll-win32-x86-3280000.zip http://www.summitpublications.net/ra7c/?MX7FkojV=SvKeswTuzWazx34ZRwNYWOUL+4Qzi3RGXdHaFUpExCUZEgDUs1lV719mAF8EtsBn/AVD65QVQa8ibY4gFbZqCpH5b+leOD1Jj6HueKbZfx9J0tpKEMSaJYca0b0uZ3KvEkzLgBc=&2Oj70=wymB9 http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip http://www.teandone.buzz/o6pn/?MX7FkojV=UJn6hLCr5CE83JGsiFr6F3dlh+gjmnQgpGSYIUWsdErR1O5ttgS2rCz/oa92Vy1JsAs4Vb0vhE186yqRppZqSaM6EjKfJ/MzG1s7XTw2DqO7xvMmiA2yEfwBZPs4V1K4aWoq150=&2Oj70=wymB9 http://www.sqlite.org/2022/sqlite-dll-win32-x86-3370000.zip http://www.summitpublications.net/ra7c/	21 Info www.hyattcreekoutpost.biz(15.197.148.33) www.sweatequitypac.org(15.197.148.33) www.balneo.shop(81.169.145.84) www.mospos.top(203.161.42.161) www.nswurology.store() www.teandone.buzz(104.21.5.210) www.unyiinnflcng.xyz() www.butlay.website(103.224.182.242) www.summitpublications.net(66.81.203.135) www.tepco-co.online(84.32.84.32) www.coremagic.dev(85.13.154.127) 15.197.148.33 - mailcious 85.13.154.127 84.32.84.32 - mailcious 172.67.133.217 3.33.130.190 - phishing 203.161.42.161 81.169.145.84 - mailcious 66.81.203.10 45.33.6.223 103.224.182.242 - phishing	4	7.0	M	48	ZeroCERT

1925	2024-07-26 10:48	RP.exe 3fc6176c962e7a70da7cc35fbdaf3fdc Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB MachineGuid				2.0	M	57	ZeroCERT

1926	2024-07-26 10:47	crypteda.exe 04e90b2cf273efb3f6895cfcef1e59ba Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.2	M	39	ZeroCERT

1927	2024-07-26 10:46	RogueOxidResolver.exe 73446530325d8bdf09edd62d56e2e329 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware				1.4	M	50	ZeroCERT

1928	2024-07-26 10:45	crypted.exe 371d606aa2fcd2945d84a13e598da55f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed				2.4	M	50	ZeroCERT

1929	2024-07-26 10:44	4ck3rr.exe d6a034f75349665f43aa35dee0230379 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	7.2	M	51	ZeroCERT

1930	2024-07-26 10:43	random.exe 25db2d5ac24b8e34330f8dd7882b6dd6 SystemBC Gen1 RedLine stealer RedlineStealer Generic Malware Downloader UPX Malicious Library Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder VMware anti-virtualization installed browsers check Tofsee Ransomware Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	11 Keyword trend analysis Info http://185.215.113.16/inc/pered.exe http://185.215.113.16/inc/svhosts.exe http://185.215.113.16/inc/4ck3rr.exe http://185.215.113.16/inc/crypteda.exe http://185.215.113.16/Jo89Ku7d/index.php http://185.215.113.16/inc/crypted.exe http://185.215.113.16/inc/2020.exe http://185.215.113.16/inc/build.exe http://185.215.113.16/inc/gawdth.exe http://185.215.113.16/inc/5447jsX.exe http://185.215.113.16/inc/25072023.exe	6	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET HUNTING Download Request Containing Suspicious Filename - Crypted SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Amadey Bot Activity (POST) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	19.0	M	38	ZeroCERT

1931	2024-07-26 10:41	2023.exe a2348de3f84a433171df2f2d09b036aa Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB Checks debugger unpack itself crashed				2.6		41	ZeroCERT

1932	2024-07-26 10:41	FullPowers.exe aa75221e6e2b20a5719e221ea1c1ca77 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware				0.6		11	ZeroCERT

1933	2024-07-26 10:34	random.exe c225910168e4d400b52e9ee5106c8e7a RedLine stealer Generic Malware Downloader Malicious Library Malicious Packer UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Internet API FTP KeyLogger P2P Anti_VM AntiDebug Browser Info Stealer MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed		3	2	12.6	M		ZeroCERT

1934	2024-07-26 10:28	chisel32.exe 7eae075c51e9bda629835d4b2815ee03 Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware WriteConsoleW crashed				1.8		51	ZeroCERT

1935	2024-07-26 10:28	random.exe d04ce1fea5d986c68c8570a9e73f01b6 Generic Malware Downloader Malicious Library UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS BitCoin Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName crashed		2	1	11.6		32	ZeroCERT