Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
2071	2024-07-20 20:25	669b5b78252ea_googlesoft.exe 8ac8aa90462b3181025ca80e26af7848 Vidar Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library .NET framework(MSIL) UPX ASPack Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	17.0	M	18	ZeroCERT

2072	2024-07-20 20:25	svchost.exe 4ebd63449193b8fdbd0c0315f8e33e10 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	54	ZeroCERT

2073	2024-07-20 20:23	winiti.exe 6298475c0e4860db7568c5b231e3cca9 Generic Malware Malicious Library UPX Antivirus PE File PE32 DLL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key crashed					7.4	M	53	ZeroCERT

2074	2024-07-20 20:23	1x212.exe 5ce0b51dc000aef2803892a6c87aea26 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2	M	59	ZeroCERT

2075	2024-07-20 20:21	lummnew.exe cf8dc800af1373e2e48b68f126ab4123 Lumma Stealer UPX PE File PE32 VirusTotal Malware					1.2	M	59	ZeroCERT

2076	2024-07-20 20:20	669a659129ee2_crypted.exe#1 a6e3a44c463433ecb473af3f761923db Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself WriteConsoleW crashed					2.4	M	51	ZeroCERT

2077	2024-07-20 20:19	anony.exe 350292ff12ebe29fc711a05b2b38dc4a RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		6.2	M	60	ZeroCERT

2078	2024-07-20 20:19	hn.gn.gn.gngn.gn.gn.gn.doc 5dc44b9ca9e7ce8958b2b6f36cc06ebd MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	3 Keyword trend analysis	5	10 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET POLICY External IP Lookup ip-api.com		5.0	M	33	ZeroCERT

2079	2024-07-20 20:16	winiti.exe f077adcb2d6ea5208dc2b37f94d21fc8 AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	2 Keyword trend analysis	4	5 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com		13.6	M	54	ZeroCERT

2080	2024-07-20 20:16	3.0.exe eabbb27aa0d2776fc832a6cca0cef3e3 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		6.2	M	61	ZeroCERT

2081	2024-07-20 20:15	2.exe cd385c52e6ad2dd6a304839159534b7e Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself					2.0	M	31	ZeroCERT

2082	2024-07-20 20:14	mimilove.exe c67f3497c310c01018f599b3eebae99e Malicious Packer PE File PE32 VirusTotal Malware WriteConsoleW					1.4	M	60	ZeroCERT

2083	2024-07-20 20:12	winiti.exe deed9f1fa07445c4e7529c820d42800c AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	2	3		14.2	M	53	ZeroCERT

2084	2024-07-20 20:12	Population.exe 18bbc3fb86e902afb59c06811a5b01f4 Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE64 OS Processor Check VirusTotal Malware PDB DNS		1			2.6	M	41	ZeroCERT

2085	2024-07-20 20:11	uzopuzbkrpcziwca.txt.vbs 8850ab6fc8518f854ee3d29da8640d0f Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			6.0	M	17	ZeroCERT