Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
43531	2024-03-19 11:09	pok0o0.exe 1ee90384d6500683ef5445816775e77f Generic Malware PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself Check virtual network interfaces Tofsee Windows Cryptographic key		2	1	4.6	M	48	r0d

43532	2024-03-20 07:58	taskhostw.exe f727c0754ddda4ed6354375ab748735b Generic Malware .NET framework(MSIL) Antivirus PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key				6.2	M	56	ZeroCERT

43533	2024-03-20 08:00	april.exe e94629419d1bb7dec76ca2425abd9c6a Emotet Gen1 Malicious Library UPX Antivirus PE File PE32 MZP Format DllRegisterServer dll OS Processor Check PE64 DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed				3.6	M	5	ZeroCERT

43534	2024-03-20 08:01	wininit.exe b26007c701f550b1bff5150c37f824f7 Process Kill Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 OS Processor Check VirusTotal Malware AutoRuns Checks debugger Creates executable files unpack itself AppData folder Windows				3.8		31	ZeroCERT

43535	2024-03-20 08:02	RtkAudUKZ1.exe 2644dec48ca3539cfc4a7b4dba0bd212 Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware AutoRuns PDB Check memory Checks debugger unpack itself Windows DNS crashed		1		3.6		48	ZeroCERT

43536	2024-03-20 08:02	asyns.exe 310b982faa6a9c8473c6a6097a64317f AsyncRAT Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File PE32 .NET EXE OS Processor Check Malware download AsyncRAT NetWireRC VirusTotal Malware DNS		1	2	1.8	M	56	ZeroCERT

43537	2024-03-20 08:03	crypted_15a94542.exe 68d3227e977490c4a3807927367146c7 Craxs RAT Browser Login Data Stealer Generic Malware Suspicious_Script_Bin Admin Tool (Sysinternals etc ...) Socket AntiDebug AntiVM PE File PE32 .NET EXE CHM Format PNG Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software	1 Keyword trend analysis	5	9 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RisePro CnC Activity (Outbound)	19.6	M	54	ZeroCERT

43538	2024-03-20 08:04	java.exe 5f98b113432846548068bfde934cc2f7 UPX PE File PE32 .NET EXE OS Processor Check VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Java DNS		3		4.8	M	55	ZeroCERT

43539	2024-03-20 08:06	february.exe 9fb28e5263c292d1b13c2b4f4161eafb Emotet Gen1 Malicious Library UPX Antivirus PE File PE32 MZP Format OS Processor Check PE64 DLL DllRegisterServer dll VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed				3.4	M	5	ZeroCERT

43540	2024-03-20 08:07	lee.exe d5fda8517a450948764da4b1618f831e PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself				2.4	M	41	ZeroCERT

43541	2024-03-20 08:08	june.exe 86c2ded51a3ad876245df827a115d8da Emotet Gen1 Malicious Library UPX Antivirus PE File PE32 MZP Format PE64 DLL DllRegisterServer dll OS Processor Check VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName DNS crashed		1		4.0	M	7	ZeroCERT

43542	2024-03-20 08:09	goldprimeldlldf.exe c084d6f6ba40534fbfc5a64b21ef99ab RedLine stealer Craxs RAT ScreenShot PWS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	12.8	M	52	ZeroCERT

43543	2024-03-20 08:11	control.exe 7b9d9f41d274ddd8fac0544e188ade4a Malicious Library .NET framework(MSIL) UPX PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	60	ZeroCERT

43544	2024-03-20 08:13	RtkAudBCK.exe b3c53eb5851703358e2bfacec3b19aa4 Generic Malware Antivirus PE File PE32 .NET EXE VirusTotal Malware AutoRuns PDB Check memory Checks debugger unpack itself Windows crashed				2.8	M	34	ZeroCERT

43545	2024-03-20 08:15	thost.exe 11e28d2499f7c530a6b28db768d10a0a UPX PE File PE32 .NET EXE VirusTotal Malware PDB suspicious privilege Check memory Checks debugger unpack itself				2.4	M	38	ZeroCERT