Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
4291	2024-12-16 19:08	alexshlu.exe 9821fa45714f3b4538cc017320f6f7e5 Generic Malware Malicious Library UPX ScreenShot AntiDebug AntiVM PE32 PE File OS Processor Check VirusTotal Malware Code Injection buffers extracted unpack itself				7.0	55	ZeroCERT

4292	2024-12-16 19:08	frnd1.exe 8ceaf0f122909e63199c9f21f45e5098 Malicious Library .NET framework(MSIL) UPX .NET EXE PE32 PE File OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself				6.6	51	ZeroCERT

4293	2024-12-16 19:07	dropper.exe 1bbc3bff13812c25d47cd84bca3da2dc Gen1 RedLine stealer RedlineStealer Generic Malware Malicious Library Downloader UPX ASPack .NET framework(MSIL) Anti_VM PE64 PE File DLL OS Processor Check ZIP Format .NET EXE PE32 Browser Info Stealer RedLine Emotet Malware download FTP Client Info Stealer Malware Microsoft Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder sandbox evasion human activity check installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed Downloader	4 Keyword trend analysis	1	12 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET INFO Packed Executable Download ET MALWARE Redline Stealer TCP CnC - Id1Response ET HUNTING Suspicious Windows Executable WriteProcessMemory ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	13.6		ZeroCERT

4294	2024-12-16 19:06	AzVRM7c.exe 3567cb15156760b2f111512ffdbc1451 Browser Login Data Stealer Generic Malware Malicious Library UPX PE64 PE File OS Processor Check Browser Info Stealer VirusTotal Malware Telegram AutoRuns PDB MachineGuid Check memory sandbox evasion IP Check Tofsee Windows Browser Advertising Google ComputerName DNS	2 Keyword trend analysis	8	6 Info ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	5.2	57	ZeroCERT

4295	2024-12-16 19:06	random.exe 35f118147b6fd5e314bde56696123b0f Generic Malware Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName				6.4	45	ZeroCERT

4296	2024-12-16 19:06	zx.exe bb0be25bdd2121fa0bddf6ac59d4fa8d Gen1 Generic Malware Malicious Library ASPack UPX Anti_VM PE64 PE File OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself				2.4	28	ZeroCERT

4297	2024-12-16 19:01	duschno.exe c6813da66eba357d0deaa48c2f7032b8 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Check memory buffers extracted Creates shortcut unpack itself Collect installed applications sandbox evasion IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Browser Email ComputerName DNS		3	8 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped	9.8	56	ZeroCERT

4298	2024-12-16 19:01	Captcha.hta 81df0a7222ad3c1bd736c2190314b47c VirusTotal Malware Check memory RWX flags setting unpack itself	2 Keyword trend analysis			2.2	24	ZeroCERT

4299	2024-12-16 18:50	M5iFR20.exe 5950611ed70f90b758610609e2aee8e6 Generic Malware Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware Checks debugger				1.4	50	ZeroCERT

4300	2024-12-16 18:46	PDFReader.exe ddce3b9704d1e4236548b1a458317dd0 Emotet Malicious Library Malicious Packer UPX DllRegisterServer dll PE32 PE File OS Processor Check Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Windows ComputerName Cryptographic key crashed		2		9.4		ZeroCERT

4301	2024-12-16 18:44	jy.exe 21a8a7bf07bbe1928e5346324c530802 Gen1 Malicious Library UPX PE32 PE File MZP Format PE64 OS Processor Check DLL VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder				3.4	35	ZeroCERT

4302	2024-12-16 18:42	Itaxyhi.exe 78c586522f986994aa77c466c9d678a8 RedLine stealer Malicious Packer .NET framework(MSIL) UPX .NET EXE PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Telegram MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	4	6 Info ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain (get .geojs .io) in DNS Lookup ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	7.0	56	ZeroCERT

4303	2024-12-16 18:42	41a1111.hta 8d3008b1b51e600b464f1458142a3f0f UPX PE32 PE File VirusTotal Malware RCE DNS		1		5.2	58	ZeroCERT

4304	2024-12-16 18:40	xx.ps1 f69b016d952adc017710ec876b525327 Hide_EXE Generic Malware Antivirus AntiDebug AntiVM FormBook Malware download VirusTotal Malware powershell Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself powershell.exe wrote	3 Keyword trend analysis Info http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip http://www.duwixushx.xyz/bmve/?zER=Rsosln+CouPFD70u1OPXKbJXElFmgu5R0Qz9VzezY2yTYUIF1+nb21DIy1pFOudDIiHjy9JJbERJh7u1Q7B4QPYwE9D6Fj3j1eiWNaQYDUG6o+zT283k7NP57saUsP2d80o7rJ4=&cAItz=FLvgQyU9b0YI http://www.duwixushx.xyz/bmve/	3	1	10.0	25	ZeroCERT

4305	2024-12-16 18:40	system32.exe 3386d440d3907b4c9322f7842a914026 Malicious Library .NET EXE PE32 PE File VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger unpack itself human activity check Windows DNS Cryptographic key		1		6.2	55	ZeroCERT