Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44011	2024-04-23 11:19	toolspub1.exe ace2b92a3208dec19577cbac84d543b2 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself				2.2	M	49	ZeroCERT

44012	2024-04-24 09:03	Fzonsvup.exe 1c762a2cd186f1cde4b9e5d743eca3b5 PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key crashed				3.2		40	ZeroCERT

44013	2024-04-24 09:03	gidro.exe 6a1ca153932a4d9b645a9cf47f30da65 Themida Packer Malicious Packer UPX PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Firmware DNS Software crashed	1 Keyword trend analysis	5	7 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound)	15.4		21	ZeroCERT

44014	2024-04-24 09:06	ads.exe 2d41e117f7b73d3b0b8804794b4fe9dd Formbook Generic Malware Malicious Library Malicious Packer UPX PWS AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check RedLine Malware download VirusTotal Malware Microsoft Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself AppData folder Stealer DNS		1	4	9.0	M	28	ZeroCERT

44015	2024-04-24 09:06	qauasariscrypted.exe eb0beafcb365cd20eb00ff9e19b73232 Generic Malware task schedule Malicious Library Malicious Packer Antivirus UPX ScreenShot PWS DNS KeyLogger AntiDebug AntiVM PE64 PE File OS Processor Check PNG Format MSOffice File JPEG Format VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting exploit crash unpack itself Windows utilities powershell.exe wrote suspicious process Tofsee Windows Exploit ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	2	3	13.4	M	29	ZeroCERT

44016	2024-04-24 09:11	hajde-lavacrypt-dfgs.exe f561ee026ad652bed5d2dbca19b0f6da UPX PE64 PE File OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself				3.4	M	35	ZeroCERT

44017	2024-04-24 09:12	qausarneedscrypted.exe 4d8cb64db6b9ae4663bb23229a6e9d16 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0		52	ZeroCERT

44018	2024-04-24 09:14	krummy-lavacrypt-gfhd.exe af1082c667a09a0f1f6adb041ca37d34 UPX PE64 PE File OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself				3.2	M	28	ZeroCERT

44019	2024-04-24 09:14	noncryptedmainstub.exe 9eab8c5d7b1f4659a787cc77d571f03b PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key crashed				3.2		47	ZeroCERT

44020	2024-04-24 09:16	softcore-shd-lavacrypt.exe f1de359b4cb3e98d01e03f7f4aff75d7 PE64 PE File VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself				3.2		28	ZeroCERT

44021	2024-04-24 09:16	steamworks.exe 91ab4023c2870d3adbc35385a9ea882a Generic Malware EnigmaProtector PE File PE32 VirusTotal Malware unpack itself suspicious TLD sandbox evasion ComputerName Remote Code Execution DNS crashed		1	1	3.6		23	ZeroCERT

44022	2024-04-24 09:18	degrado-lavacrypt-dfgs.exe 7d5053287343d71bf9e3b913d4e4e551 PE64 PE File VirusTotal Malware Buffer PE PDB suspicious privilege Check memory Checks debugger buffers extracted unpack itself				3.2	M	28	ZeroCERT

44023	2024-04-24 09:18	45697.exe 91bc63bbaeb58a07374126002e6fef62 Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				1.8	M	26	ZeroCERT

44024	2024-04-24 09:20	45690.exe 7c7a60a2b1ba76a894db318993c69bfe Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				1.8		30	ZeroCERT

44025	2024-04-24 09:23	BNPParibasRemittanceAdvice.exe 94f2ae1b5174532d81d5ea169b7f7726 AgentTesla Generic Malware Malicious Library Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key crashed keylogger	2 Keyword trend analysis	4	4	16.2	M	35	ZeroCERT