Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
45541	2024-06-24 07:44	ama.exe 5d860e52bfa60fec84b6a46661b45246 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check MSOffice File PNG Format JPEG Format Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Stealer Windows Exploit Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	9	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	11.4		58	ZeroCERT

45542	2024-06-24 07:47	pic1.exe 1fecbc51b5620e578c48a12ebeb19bc2 Generic Malware Downloader Malicious Library UPX MPRESS Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PE File PE64 OS Processor C VirusTotal Malware PDB Code Injection Creates executable files unpack itself suspicious TLD Tofsee Remote Code Execution crashed		2	1	5.4		44	ZeroCERT

45543	2024-06-24 07:48	epitheliogeneticTFr.exe 7ca21eefff568606fed91321aaa31ba2 Generic Malware Malicious Library ASPack UPX PE File PE32 OS Processor Check VirusTotal Malware Cryptocurrency wallets Cryptocurrency Check memory unpack itself ComputerName DNS		1		3.8		63	ZeroCERT

45544	2024-06-24 07:50	1.exe b96f0135250aab5a530906d079b178e1 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				2.2		28	ZeroCERT

45545	2024-06-24 07:51	limba.exe 3e767dd673e06387e35d7362d89ddea1 Themida Packer Generic Malware Malicious Packer Anti_VM PE File PE32 ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory buffers extracted unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VMware anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName Firmware DNS Software crashed	1 Keyword trend analysis	5	8 Info ET MALWARE RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Token) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE RisePro CnC Activity (Inbound) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	14.8	M	28	ZeroCERT

45546	2024-06-24 11:01	new_image.jpg.exe 37302bd46eae616c2240bb480935648a Malicious Library UPX PE File DLL PE32 OS Processor Check .NET DLL VirusTotal Malware PDB				0.8		18	ZeroCERT

45547	2024-06-24 11:01	kissingisbestforcatwalkonthebe... b380556670eaff97d6dfb34144e8cbc5 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	3	1	4.6	M	38	ZeroCERT

45548	2024-06-24 11:04	a.hta 2114cf2cbdbbbdd823bf2bf4db1551c0 Check memory RWX flags setting ComputerName	2 Keyword trend analysis			0.8			ZeroCERT

45549	2024-06-24 11:04	a.dll e543d220625ff34807f7418a638f0775 Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Remote Code Execution				1.0		7	ZeroCERT

45550	2024-06-24 11:06	ChatLife.exe 033e16b6c1080d304d9abcc618db3bdb Suspicious_Script_Bin Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName				5.4	M	17	ZeroCERT

45551	2024-06-24 11:36	George.exe 5bb3677a298d7977d73c2d47b805b9c3 UPX PE File PE32 VirusTotal Malware unpack itself Remote Code Execution				2.4	M	25	ZeroCERT

45552	2024-06-24 14:38	BST.msi fe821027dfc49e8017c2cc50974a00b4 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AppData folder AntiVM_Disk suspicious TLD VM Disk Size Check Tofsee ComputerName DNS		3	3	3.2		19	ZeroCERT

45553	2024-06-24 15:32	pinspotterEtbYF.php.ps1 b07664f8abb0f1883e2adaa70e10ffcb Generic Malware Antivirus unpack itself WriteConsoleW Windows Cryptographic key	1 Keyword trend analysis			0.8			ZeroCERT

45554	2024-06-24 15:45	nyctalopicAWm.ps1 ce1d9b1f2993eb46aa483c2f5790ad58 Generic Malware Antivirus VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis			3.0		22	ZeroCERT

45555	2024-06-24 15:51	pumairld.txt.ps1 19a7f5e2e7fd8e14d8129dcdf6c8b992 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Discord ComputerName DNS Cryptographic key		2	3	8.4		17	ZeroCERT