Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
43756	2024-04-03 13:45	dll.hta e81963d4c5a431f529c7669d3595a943 Malware download VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger unpack itself AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Trojan DNS Cryptographic key Downloader		2	7 Info ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING Suspicious BITS EXE DL From Dotted Quad ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging)	6.0	M	18	ZeroCERT

43757	2024-04-03 13:46	getimage15.php 2dc9ceba069ad4540a8a5bd03b4b4f4d Malicious Library Malicious Packer PE File PE32 Malware download VirusTotal Malware MachineGuid Check memory RWX flags setting unpack itself Checks Bios Detects VirtualBox Detects VMWare VMware anti-virtualization IP Check Tofsee Windows RisePro Firmware DNS crashed	1 Keyword trend analysis	5	4	8.2	M	36	ZeroCERT

43758	2024-04-03 17:09	FVr.xls 7ed6ac58a23ab36e89c5516c56af920d RedLine stealer Generic Malware PE File DLL PE32 .NET DLL VirusTotal Malware PDB				1.2	M	38	r0d

43759	2024-04-03 17:09	X5a.xls 6a2575c58e16930a2c7d55cc51f6ac18 RedLine stealer Generic Malware PE File DLL PE32 .NET DLL VirusTotal Malware PDB				1.0	M	27	r0d

43760	2024-04-03 17:10	X5a.xls.exe 6a2575c58e16930a2c7d55cc51f6ac18 RedLine stealer Generic Malware PE File DLL PE32 .NET DLL VirusTotal Malware PDB				1.0	M	27	r0d

43761	2024-04-03 17:10	X5a.xls 6a2575c58e16930a2c7d55cc51f6ac18 RedLine stealer Generic Malware PE File DLL PE32 .NET DLL VirusTotal Malware PDB				1.0	M	27	r0d

43762	2024-04-03 17:11	meteran.exe cff64cc3e82aebd7a7e81f1633b5040e Malicious Packer PE File PE32 VirusTotal Malware unpack itself DNS		1		3.6	M	64	ZeroCERT

43763	2024-04-03 17:12	ps.exe b26b57b28e61f9320cc42d97428f3806 UPX PE File PE32 OS Processor Check VirusTotal Malware WriteConsoleW				1.4	M	47	ZeroCERT

43764	2024-04-03 17:13	PrintSpoofer.exe dbdcbacbc74b139d914747690ebe0e1c Generic Malware Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware PDB				1.8	M	53	ZeroCERT

43765	2024-04-03 22:50	StealerClient_Cpp.exe a2a68318da5737ff0327f6d53438be60 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware				1.2	M	53	guest

43766	2024-04-04 07:29	current.exe e280b7c502386f1c7317ed841e65512d Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution				2.2	M	31	ZeroCERT

43767	2024-04-04 07:39	RoughExperienced.exe 8e42154340d1bbc53124f99ba0c32f4c NSIS Generic Malware Suspicious_Script_Bin Downloader Malicious Library UPX Socket Http API ScreenShot Escalate priviledges Steal credential HTTP Code injection Internet API KeyLogger Create Service DGA PWS Hijack Network Sniff Audio DNS persistence FTP P Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Windows Browser Email ComputerName Trojan Banking DNS		4	8 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped	21.8	M	12	ZeroCERT

43768	2024-04-04 09:31	file.bat bc25c5c1a7d89e6d53a0e3a01a816034 Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM MSOffice File PNG Format JPEG Format Code Injection Check memory buffers extracted RWX flags setting exploit crash unpack itself Windows utilities suspicious process WriteConsoleW Windows Exploit Cloudflare DNS crashed		1	1	5.0			ZeroCERT

43769	2024-04-05 23:38	toolspub1.exe af2027f509b6f4b269a7249c2cd5ae4d Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Remote Code Execution				1.0	M	28	ZeroCERT

43770	2024-04-05 23:38	ISetup2.exe e11127f67ea85a3b18f89ef3846e7687 Malicious Library UPX PE File PE32 OS Processor Check Remote Code Execution				0.6	M		ZeroCERT