Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
4051	2024-05-16 07:25	file200un.exe 8a763f29a240bb422973b6d3c8ea2324 Generic Malware Malicious Library UPX Antivirus PE64 PE File OS Processor Check PowerShell VirusTotal Malware Buffer PE suspicious privilege MachineGuid Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key				4.4	M	19	ZeroCERT

4052	2024-05-15 09:20	060.exe 154243bf5a1b7f1e59e747136827f5b8 Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 MZP Format DllRegisterServer dll OS Processor Check PE64 DLL ftp VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed				3.6	M	11	ZeroCERT

4053	2024-05-15 09:19	21372AA119DAB62FF66C4E6CE179C8... 1f68fe6fc999460d808a243a15232611 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Remote Code Execution				1.8	M	29	ZeroCERT

4054	2024-05-15 09:15	univ.exe 9b9b6eed588a5f1c17864c641aaf22d3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Remote Code Execution				2.0	M	33	ZeroCERT

4055	2024-05-15 09:13	univ.exe 6c0285eefe2804e725422c8c0fe61149 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Malicious Traffic WMI Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1	1	5.8		36	ZeroCERT

4056	2024-05-15 09:13	beautifulthingstobegreatwithgr... 2007140a415ec02159c11eee5bac1dfd MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	2	4.2	M	32	ZeroCERT

4057	2024-05-14 10:33	micromzx.scr b8513db1bf7a880432df0f6c4952f9df AgentTesla Malicious Library .NET framework(MSIL) UPX PWS SMTP KeyLogger AntiDebug AntiVM PE File ftp .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger	1 Keyword trend analysis	2	3	12.2	M	25	ZeroCERT

4058	2024-05-14 08:37	Layout.exe 8eb6ed01392a5cbba283febd7c9aa16a Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE64 PE File powershell PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key				9.0	M		ZeroCERT

4059	2024-05-14 08:35	yar.exe 9e8baf127b832943d4fae218ce90191a UPX PE File .NET EXE PE32 OS Processor Check AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName				5.6	M		ZeroCERT

4060	2024-05-14 08:34	file.exe 5db8857cca603a760cfb6955f5c309cf Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Check memory Checks debugger unpack itself ComputerName DNS		1		2.0	M		ZeroCERT

4061	2024-05-14 08:33	Kntgugii.exe f5fe6435df7702338b1320b55f96caa4 PE File .NET EXE PE32 suspicious privilege Check memory Checks debugger unpack itself Windows ComputerName DNS Cryptographic key crashed		1		2.8	M		ZeroCERT

4062	2024-05-14 08:33	TextEditor.exe 06d8a1accf0a9b34aaee3e1ec50552f0 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File .NET EXE PE32 Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis	4	1	12.4	M		ZeroCERT

4063	2024-05-14 08:33	Obrada.exe 1f90151f3470f316a645a6617534a0be Generic Malware Malicious Library .NET framework(MSIL) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Check virtual network interfaces suspicious process Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	10.8	M		ZeroCERT

4064	2024-05-14 08:33	build.exe 735c15c37831cdc319c03f4f7971da49 RedLine Infostealer RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX Anti_VM PE File .NET EXE PE32 OS Processor Check PE64 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Cryptocurrency Miner Malware Cryptocurrency suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces IP Check installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed CoinMiner SilentCryptoMiner	4 Keyword trend analysis	11	16 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET DROP Spamhaus DROP Listed Traffic Inbound group 15 ET MALWARE RedLine Stealer - CheckConnect Response ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request SURICATA HTTP unable to match response to request ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com)	9.4	M		ZeroCERT

4065	2024-05-14 08:33	%E5%90%8D%E5%8D%95%E5%86%8C%E7... 87c800dac6fb2709eafd6561f100035a Generic Malware Downloader Malicious Library Malicious Packer Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM Code Injection Check memory Creates executable files sandbox evasion WriteConsoleW Browser		2		4.2	M		ZeroCERT