Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
21901	2023-01-22 15:45	nldapp.exe 870b4a4a72ce6eb37eecb232a2fac797 Gen1 Admin Tool (Sysinternals etc ...) Malicious Library UPX PE32 PE File DLL VirusTotal Malware Malicious Traffic Checks debugger buffers extracted Creates executable files unpack itself sandbox evasion WriteConsoleW anti-virtualization crashed	4 Keyword trend analysis Info http://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/appupdate.json http://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/ http://abcdefghijklmnopqrstuvwxxyzabcdefghijklmnopqrstuvwxyzabcdefghij.com/scrolltxt.txt http://ping.nolimitdronez.com/	3			6.2		8	ZeroCERT

21902	2023-01-22 15:43	cred64.dll 7e3f36660ce48aeb851666df4bc87e2c Ave Maria WARZONE RAT Malicious Library UPX OS Processor Check DLL PE File PE64 VirusTotal Malware PDB Checks debugger unpack itself installed browsers check Browser ComputerName crashed					2.8	M	44	ZeroCERT

21903	2023-01-22 15:43	Amadey111111.exe 9adcb26071e8018dc0b576b39acb980e Ave Maria WARZONE RAT Malicious Packer Malicious Library UPX Admin Tool (Sysinternals etc ...) PE32 OS Processor Check PE File JPEG Format DLL PE64 Malware download Amadey VirusTotal Malware AutoRuns PDB Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Windows Browser ComputerName crashed	2 Keyword trend analysis	5	3	2	9.8	M	58	ZeroCERT

21904	2023-01-22 15:41	jgffjdfgjdfjghjfdggsahfhfghf.d... c4fd7dee392f91d1c8b0a69c4bc9f234 RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash unpack itself IP Check Windows Exploit DNS DDNS crashed keylogger Downloader	2 Keyword trend analysis	3	12 Info ET INFO Executable Download from dotted-quad Host ET MALWARE MSIL/GenKryptik.FQRH Download Request ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO DYNAMIC_DNS Query to a .dyndns .org Domain ET INFO DYNAMIC_DNS Query to .dyndns. Domain ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check ET POLICY External IP Lookup - checkip.dyndns.org ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .org Domain		5.8	M	32	ZeroCERT

21905	2023-01-22 15:39	stown.exe 380c7f5b9f380e12d091c0f3a45b7499 RAT PWS .NET framework UPX PE32 OS Processor Check .NET EXE PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	4	1		6.8	M	53	ZeroCERT

21906	2023-01-22 15:38	46.exe 6d04a01ae99ec900fc39d01f639dd59f RAT PE32 .NET EXE PE File VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger unpack itself					5.0	M	43	ZeroCERT

21907	2023-01-22 15:36	clip64.dll 46132baadaa4c318d24db8ed2220b80a Admin Tool (Sysinternals etc ...) Malicious Library UPX PE32 OS Processor Check DLL PE File VirusTotal Malware PDB Checks debugger unpack itself					1.8	M	30	ZeroCERT

21908	2023-01-22 15:36	vbc.exe 010c974f8a83b76a831b336f45038b45 PWS[m] RAT Confuser .NET SMTP KeyLogger AntiDebug AntiVM PE32 .NET EXE PE File Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	3 Keyword trend analysis	3	6 Info ET HUNTING EXE Base64 Encoded potential malware ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check ET POLICY External IP Lookup - checkip.dyndns.org ET INFO DYNAMIC_DNS HTTP Request to a .dyndns .org Domain ET INFO DYNAMIC_DNS Query to a .dyndns .org Domain ET INFO DYNAMIC_DNS Query to *.dyndns. Domain		13.4	M	47	ZeroCERT

21909	2023-01-22 15:34	msedgewebview2023.exe ef77c5fb1167c7e606abe0ec25a56944 Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware PDB					1.6	M	26	ZeroCERT

21910	2023-01-22 15:33	clip64.dll 87f59221122202070e2f2670720627d5 Admin Tool (Sysinternals etc ...) Malicious Library UPX PE32 OS Processor Check DLL PE File VirusTotal Malware PDB Checks debugger unpack itself					1.6	M	27	ZeroCERT

21911	2023-01-22 15:32	cred64.dll 17ffefed5c2de006ac35f47b84d2477b Ave Maria WARZONE RAT Malicious Library UPX OS Processor Check DLL PE File PE64 VirusTotal Malware PDB Checks debugger unpack itself installed browsers check Browser ComputerName crashed					2.6	M	31	ZeroCERT

21912	2023-01-22 15:31	svhost.exe 2146b105c0908c19e7f605a64be38495 Malicious Library UPX PE32 OS Processor Check PE File VirusTotal Malware PDB					1.8	M	46	ZeroCERT

21913	2023-01-22 15:30	lola1.exe 7e93bacbbc33e6652e147e7fe07572a0 PE32 .NET EXE PE File VirusTotal Malware PDB suspicious privilege MachineGuid Check memory Checks debugger unpack itself Disables Windows Security Windows Update					4.2	M	7	ZeroCERT

21914	2023-01-22 15:29	4.exe c862f238215953453560aac20cae5528 Generic Malware Antivirus PE32 .NET EXE PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Tofsee Windows Discord ComputerName DNS Cryptographic key Downloader	1 Keyword trend analysis	2	3		10.0	M	30	ZeroCERT

21915	2023-01-22 15:28	12.exe 2723e93e0316787e1bcebfb5291c42b3 Generic Malware Antivirus PE32 .NET EXE PE File PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key Downloader					10.0	M	47	ZeroCERT