Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
4066	2024-05-14 08:33	build.exe 735c15c37831cdc319c03f4f7971da49 RedLine Infostealer RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX Anti_VM PE File .NET EXE PE32 OS Processor Check PE64 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Cryptocurrency Miner Malware Cryptocurrency suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces IP Check installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed CoinMiner SilentCryptoMiner	4 Keyword trend analysis	11	16 Info ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET DROP Spamhaus DROP Listed Traffic Inbound group 15 ET MALWARE RedLine Stealer - CheckConnect Response ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request SURICATA HTTP unable to match response to request ET COINMINER Observed DNS Query to Cryptocurrency Mining Pool Domain (xmr .2miners .com)	9.4	M		ZeroCERT

4067	2024-05-14 08:33	%E5%90%8D%E5%8D%95%E5%86%8C%E7... 87c800dac6fb2709eafd6561f100035a Generic Malware Downloader Malicious Library Malicious Packer Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM Code Injection Check memory Creates executable files sandbox evasion WriteConsoleW Browser		2		4.2	M		ZeroCERT

4068	2024-05-14 08:33	DbVisualizer_Pro.exe c059c2e1a13ba50f4c8d9dffea0f4e57 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File DllRegisterServer dll OS Processor Check				0.4	M		ZeroCERT

4069	2024-05-14 08:32	random.exe 906505cc5818955f1793017c1d83206d Themida Packer Malicious Packer PE File PE32 Malware download Malware AutoRuns MachineGuid unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization IP Check Tofsee Windows RisePro ComputerName Firmware DNS crashed	1 Keyword trend analysis	5	4	8.0	M		ZeroCERT

4070	2024-05-14 08:15	setup%E6%9F%A5%E7%9C%8B.exe 405dbea7123e931820e7dd4fcf6e67c1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Check memory RWX flags setting unpack itself Windows DNS		1		4.4	M	41	ZeroCERT

4071	2024-05-14 08:14	lox.exe 70b96a07a3624e8f408a98d0e7908820 Generic Malware Themida Packer Malicious Library UPX Admin Tool (Sysinternals etc ...) Anti_VM PE64 PE File OS Processor Check .NET EXE PE32 VirusTotal Malware PDB Creates executable files unpack itself AppData folder Remote Code Execution DNS		1	1	3.8	M	27	ZeroCERT

4072	2024-05-14 08:13	my.exe 19d05221bdd0110e564e00074a7f6636 Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0		51	ZeroCERT

4073	2024-05-14 08:12	vnc.exe 1b6d04ab5d5e03ec81db2c856b86d98d NSIS Malicious Library UPX PE File PE32 PNG Format DLL JPEG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder				2.4	M	20	ZeroCERT

4074	2024-05-14 08:10	sarra.exe 6c5eff575235162e48d1343214977dec PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	6 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	16.0	M	39	ZeroCERT

4075	2024-05-14 08:10	msgbox.exe 69592b2d2f12c492e954ff8943b7900a UPX PE64 PE File OS Processor Check VirusTotal Malware PDB				0.6	M	4	ZeroCERT

4076	2024-05-13 10:56	.rels 77bf61733a633ea617a4db76ef769a4d Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

4077	2024-05-13 10:56	[Content_Types].xml ded1b06d92c5c6b15c0b12c176ff3355 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

4078	2024-05-13 10:55	.rels 77bf61733a633ea617a4db76ef769a4d AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

4079	2024-05-13 10:54	.rels 77bf61733a633ea617a4db76ef769a4d Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest

4080	2024-05-13 10:54	[Content_Types].xml ded1b06d92c5c6b15c0b12c176ff3355 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest