Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
2836	2024-06-19 10:03	csrss.exe 08475c0ab2386f3353d1c2f254a839c3 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader Malicious Packer Malicious Library Antivirus UPX Create Service Socket ScreenShot Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDe Remcos VirusTotal Malware Code Injection Malicious Traffic Check memory buffers extracted Remote Code Execution	1 Keyword trend analysis	4	1	6.0	M	40	ZeroCERT

2837	2024-06-19 10:03	2345.exe 7936c4064fbc9b69fba8b5f0d44a2482 Generic Malware Malicious Packer Malicious Library UPX Anti_VM PE File PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Windows Browser DNS crashed		1		5.2	M	62	ZeroCERT

2838	2024-06-19 10:02	Rihypax_LetThereBeNightingale_... 02e07416de23472dfcc5a97ea6c94fab Generic Malware Downloader Malicious Packer Malicious Library .NET framework(MSIL) UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Ant Browser Info Stealer VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut ICMP traffic unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process Windows Browser ComputerName DNS Cryptographic key		1		9.6	M	49	ZeroCERT

2839	2024-06-19 10:01	AntiVirus4.exe 0073055ad7552b19ea9a239023318374 Malicious Packer Malicious Library Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself DNS		1		2.6	M	54	ZeroCERT

2840	2024-06-19 09:59	bin.exe 13e5872e9b7c47090e035dc228c5589f Generic Malware Malicious Packer Malicious Library UPX .NET framework(MSIL) PE File PE32 OS Processor Check PE64 .NET EXE JPEG Format Malware download Amadey VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns Malicious Traffic Creates executable files unpack itself AppData folder suspicious TLD Windows DNS CoinMiner	3 Keyword trend analysis	6	12 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 13 ET DNS Query to a .top domain - Likely Hostile ET INFO HTTP Request to a .top domain ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET POLICY Cryptocurrency Miner Checkin ET MALWARE Amadey Bot Activity (POST) M1 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING Possible EXE Download From Suspicious TLD ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	7.4	M	59	ZeroCERT

2841	2024-06-19 09:58	dd.exe d27a00984e82dbfc554df8a53e03cbcc Gen1 XMRig Miner Generic Malware Suspicious_Script_Bin Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns PDB Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Firewall state off Windows DNS CoinMiner		2	2	6.0		57	ZeroCERT

2842	2024-06-19 09:57	c3p.exe 02aa02aee2a6bd93a4a8f4941a0e6310 Gen1 XMRig Miner Generic Malware Suspicious_Script_Bin Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns PDB Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Firewall state off Windows		2	1	6.0	M	60	ZeroCERT

2843	2024-06-19 09:56	blob.exe fbfbe4ee13baecac3e7d16bec24cf079 PE64 PE File VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS CoinMiner		2	2	1.4	M	59	ZeroCERT

2844	2024-06-19 09:53	lamda1.cmd 34961215950869251baa1879d161a90d Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis			4.2	M	18	ZeroCERT

2845	2024-06-19 09:51	sky.exe f0834f7f2daa415fb992d93f549bbfd0 Gen1 XMRig Miner Generic Malware Suspicious_Script_Bin Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency AutoRuns PDB Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Firewall state off Windows		2	1	6.0	M	62	ZeroCERT

2846	2024-06-19 09:51	2.exe 3fa8ba44b848d959dec2f30e98adefa3 PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.6	M	51	ZeroCERT

2847	2024-06-19 09:49	2345.exe ce7dc5df5568a79affa540aa86b24773 Generic Malware Malicious Packer Malicious Library UPX Anti_VM PE File PE32 VirusTotal Malware AutoRuns unpack itself Windows DNS crashed		1		5.6	M	54	ZeroCERT

2848	2024-06-19 09:48	AntiVirus00.exe d31d65a28dca61cf4a21ba5020b60e83 PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key		1	1	5.6	M	57	ZeroCERT

2849	2024-06-19 09:47	lamda.cmd 1220872b5a60851b40457bfa168f34f2 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger heapspray Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	6 Keyword trend analysis			4.2	M	11	ZeroCERT

2850	2024-06-19 09:47	Ebyloto_LetThereBeNightingale_... ec974c132c919b5865a24a2c071bb93a Generic Malware Downloader Malicious Packer Malicious Library .NET framework(MSIL) UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P per Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut ICMP traffic unpack itself Windows utilities powershell.exe wrote suspicious process Ransomware Windows Browser ComputerName Cryptographic key				9.8	M	54	ZeroCERT