Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
44206	2024-05-09 11:08	5.hta 0864405d81d8ab37b43868a26748f57a Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell Lnk Format GIF Format ZIP Format Vulnerability VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key keylogger	2 Keyword trend analysis	1	2	13.0	M	24	ZeroCERT

44207	2024-05-10 09:14	up2date.exe cda96eb769b520de195cae37c842c8f3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.0		38	ZeroCERT

44208	2024-05-10 09:14	beautifulthingstohappeningwhen... 13d24d0ebfb462fa27ab6815086eb3df MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Windows Exploit DNS crashed Downloader	1 Keyword trend analysis	3	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 17 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	5.0		35	ZeroCERT

44209	2024-05-10 09:16	current.exe 6cacf1262591bf7eb7c5882d47a1c8a8 Generic Malware Malicious Library PE File PE32 VirusTotal Malware				1.6		27	ZeroCERT

44210	2024-05-10 09:18	1.exe 3be9e476da2e99adbc49591cbc94b4d9 Generic Malware Malicious Library UPX PE64 PE File OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				1.8		15	ZeroCERT

44211	2024-05-10 09:59	udated.exe fecabb1640f8768ff0b10ea4186724b7 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed				2.2		51	ZeroCERT

44212	2024-05-10 09:59	build.exe 7b207a5aba4025733f54ea5185f1f1cb RedLine Infostealer RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces IP Check installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	8	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE RedLine Stealer - CheckConnect Response ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SURICATA HTTP unable to match response to request	8.0	M	62	ZeroCERT

44213	2024-05-10 10:01	pojgysef.exe d4f738f4e3787ef0b31891e446919aa8 Generic Malware Downloader Malicious Library UPX VMProtect Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Processo VirusTotal Malware PDB Code Injection Creates executable files unpack itself AppData folder Remote Code Execution				4.8		36	ZeroCERT

44214	2024-05-10 10:04	setup_1715277229.6072824.exe e3e2300616cc1112ffe8fae1901eff5c Generic Malware Malicious Library Malicious Packer UPX AntiDebug AntiVM PE File .NET EXE PE32 DLL OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder suspicious TLD WriteConsoleW installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	4	6 Info ET DNS Query to a *.top domain - Likely Hostile SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer/MetaStealer Family TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer/MetaStealer Family TCP CnC Activity - MSValue (Response) ET MALWARE MetaStealer Activity (Response)	14.2	M	38	ZeroCERT

44215	2024-05-10 10:05	hjv.exe e25ecb676f67f979e48235335467ab31 NSIS Malicious Library UPX PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder				2.6	M	31	ZeroCERT

44216	2024-05-10 10:08	morningiswakupwithacupoffcoffe... f1764942482f773318b6a6b736c8327d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware exploit crash unpack itself Tofsee Exploit DNS DDNS crashed	3 Keyword trend analysis	7	4	3.6	M	37	ZeroCERT

44217	2024-05-10 16:54	Analytics-2024-05-08-091812.ip... 7290bbf769109f0a486d81d551a3d0b0 AntiDebug AntiVM OS Processor Check Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

44218	2024-05-10 22:23	AMIFUWINx64.exe 9afdd5c7a004d9c3839754036b3ca6c2 Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check PE64 VirusTotal Malware Checks debugger unpack itself AppData folder crashed				2.4		3	guest

44219	2024-05-11 14:56	nom.exe 95939f7e0943f1428467c77c293e6036 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself suspicious process Windows DNS DDNS		2	2	8.4	M	63	ZeroCERT

44220	2024-05-11 14:57	nomal1.exe 5c97b08df1ac8a00b3a618ec5a26aeae BitRAT Generic Malware Malicious Library Downloader Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File ftp PE32 OS Processor Check VirusTotal Malware AutoRuns suspicious privilege Check memory AppData folder BitRAT Windows ComputerName DNS DDNS keylogger		2	3	6.6	M	59	ZeroCERT