Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Hosts	IDS	Score	Zero	VT	Player
44131	2024-05-05 10:34	cyber2019.exe 813b31f7ee7bbdd8e42890394ea6f16f Generic Malware UltraVNC Malicious Library UPX Malicious Packer VMProtect Anti_VM PE File PE32 OS Processor Check MZP Format DLL ftp VirusTotal Malware PDB Checks debugger Creates executable files unpack itself sandbox evasion WriteConsoleW crashed			5.6		50	ZeroCERT

44132	2024-05-05 10:38	syncq.exe 9d13ef960c157624ac37ab30b76d26d0 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself			2.0		58	ZeroCERT

44133	2024-05-05 10:38	svchosc.exe aa566acaa8b6baaa830aff78d45501a1 Generic Malware Malicious Library Downloader Malicious Packer UPX ScreenShot KeyLogger AntiDebug AntiVM PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware Code Injection unpack itself malicious URLs sandbox evasion Browser DNS	8		7.4		57	ZeroCERT

44134	2024-05-05 10:39	yungengxin.exe 39bd6fd27d2093d5867143d759942251 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces Remote Code Execution	2		5.4	M	39	ZeroCERT

44135	2024-05-05 10:39	yileyou.exe 621aff451af46a3e94ede2ebfcb96dc6 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger Creates executable files Check virtual network interfaces Remote Code Execution DNS	4		5.6	M	39	ZeroCERT

44136	2024-05-05 10:42	ukca.exe 0222f8da926bf2722f6bef4ac243e5fa RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key	1		5.4	M	54	ZeroCERT

44137	2024-05-05 10:47	ExcUserFault_IMDPersistenceAge... ea6a71208211258fb4a444a627e19806 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName			3.4			guest

44138	2024-05-05 10:47	WiFiLQMMetrics-2024-05-03-0357... 5e06f15242235331ab0b628703f95711 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName			3.4			guest

44139	2024-05-05 10:57	ExcUserFault_IMDPersistenceAge... ea6a71208211258fb4a444a627e19806 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName			3.4			guest

44140	2024-05-05 11:07	WiFiLQMMetrics-2024-05-03-0357... 5e06f15242235331ab0b628703f95711 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName			3.4			guest

44141	2024-05-06 05:24	UAH-REM-PEF-202324.dll 9045490ffd594cb9efdb772a5f336dd0 Generic Malware Malicious Library UPX PE64 PE File DLL OS Processor Check VirusTotal Malware PDB			1.0		1	guest

44142	2024-05-06 05:26	UAH-REM-PEF-202324.dll 9045490ffd594cb9efdb772a5f336dd0 Generic Malware Malicious Library UPX PE64 PE File DLL OS Processor Check VirusTotal Malware PDB			1.0		1	guest

44143	2024-05-06 09:30	khxf80t6conphyb.exe 117efcf6a3a3af167c293331a7531a46 Generic Malware Malicious Library .NET framework(MSIL) Antivirus AntiDebug AntiVM PE File .NET EXE PE32 Malware download AsyncRAT NetWireRC VirusTotal Malware powershell Telegram PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName DNS Cryptographic key	4	7 Info ET INFO DYNAMIC_DNS Query to a *.run .place Domain ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) ET MALWARE Generic AsyncRAT Style SSL Cert	12.2	M	51	ZeroCERT

44144	2024-05-06 16:52	win.exe bd5be2867a859a3a311f8e2c4e90e686 NSIS Generic Malware Suspicious_Script_Bin Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Creates executable files Windows DNS	2		5.0	M	34	ZeroCERT

44145	2024-05-06 16:54	d112.dll a0fecce5300ae99eb4c36b4148395d91 Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Check memory unpack itself ComputerName crashed			2.2	M	48	ZeroCERT