Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
4546	2024-12-16 19:23	EM.ps1 8e04834cd195af2ca19b161e0216403a Hide_EXE Generic Malware Antivirus Malicious Library Malicious Packer Confuser .NET PWS AntiDebug AntiVM BitCoin .NET EXE PE32 PE File VirusTotal Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself powershell.exe wrote AppData folder ComputerName				11.4	9	ZeroCERT

4547	2024-12-16 19:21	1.exe 686cfcc7c0d54f5def526ed022af6edc Generic Malware Malicious Library Malicious Packer UPX Socket Http API Escalate priviledges HTTP Code injection Internet API AntiDebug AntiVM PE64 PE File OS Processor Check VirusTotal Malware Buffer PE Code Injection buffers extracted RWX flags setting unpack itself malicious URLs ComputerName DNS		1	1	8.2	53	ZeroCERT

4548	2024-12-16 19:20	l4.exe d68f79c459ee4ae03b76fa5ba151a41f Gen1 Generic Malware Malicious Library UPX Anti_VM PE64 PE File OS Processor Check DLL wget ftp VirusTotal Malware Check memory Creates executable files unpack itself				3.4	52	ZeroCERT

4549	2024-12-16 19:17	tmp.exe 459976dc3440b9fe9614d2e7c246af02 Metasploit Generic Malware PE64 PE File VirusTotal Malware DNS crashed		1		3.6	62	ZeroCERT

4550	2024-12-16 19:16	888.exe b6e5859c20c608bf7e23a9b4f8b3b699 Generic Malware Malicious Library Malicious Packer UPX Antivirus PE32 PE File OS Processor Check ZIP Format PNG Format Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell Telegram suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates shortcut unpack itself suspicious process Tofsee Windows Browser Email ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	4	5	7.8	49	ZeroCERT

4551	2024-12-16 19:12	Dynpvoy.exe c5ad2e085a9ff5c605572215c40029e1 Malicious Library .NET EXE PE32 PE File VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				4.4	46	ZeroCERT

4552	2024-12-16 19:10	dl 958d453dd48cb48acce0181b7202e567 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself				1.4	35	ZeroCERT

4553	2024-12-16 19:08	alexshlu.exe 9821fa45714f3b4538cc017320f6f7e5 Generic Malware Malicious Library UPX ScreenShot AntiDebug AntiVM PE32 PE File OS Processor Check VirusTotal Malware Code Injection buffers extracted unpack itself				7.0	55	ZeroCERT

4554	2024-12-16 19:08	frnd1.exe 8ceaf0f122909e63199c9f21f45e5098 Malicious Library .NET framework(MSIL) UPX .NET EXE PE32 PE File OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself				6.6	51	ZeroCERT

4555	2024-12-16 19:07	dropper.exe 1bbc3bff13812c25d47cd84bca3da2dc Gen1 RedLine stealer RedlineStealer Generic Malware Malicious Library Downloader UPX ASPack .NET framework(MSIL) Anti_VM PE64 PE File DLL OS Processor Check ZIP Format .NET EXE PE32 Browser Info Stealer RedLine Emotet Malware download FTP Client Info Stealer Malware Microsoft Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder sandbox evasion human activity check installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed Downloader	4 Keyword trend analysis	1	12 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET INFO Packed Executable Download ET MALWARE Redline Stealer TCP CnC - Id1Response ET HUNTING Suspicious Windows Executable WriteProcessMemory ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	13.6		ZeroCERT

4556	2024-12-16 19:06	AzVRM7c.exe 3567cb15156760b2f111512ffdbc1451 Browser Login Data Stealer Generic Malware Malicious Library UPX PE64 PE File OS Processor Check Browser Info Stealer VirusTotal Malware Telegram AutoRuns PDB MachineGuid Check memory sandbox evasion IP Check Tofsee Windows Browser Advertising Google ComputerName DNS	2 Keyword trend analysis	8	6 Info ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	5.2	57	ZeroCERT

4557	2024-12-16 19:06	random.exe 35f118147b6fd5e314bde56696123b0f Generic Malware Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName				6.4	45	ZeroCERT

4558	2024-12-16 19:06	zx.exe bb0be25bdd2121fa0bddf6ac59d4fa8d Gen1 Generic Malware Malicious Library ASPack UPX Anti_VM PE64 PE File OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself				2.4	28	ZeroCERT

4559	2024-12-16 19:01	duschno.exe c6813da66eba357d0deaa48c2f7032b8 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Check memory buffers extracted Creates shortcut unpack itself Collect installed applications sandbox evasion IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Browser Email ComputerName DNS		3	8 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped	9.8	56	ZeroCERT

4560	2024-12-16 19:01	Captcha.hta 81df0a7222ad3c1bd736c2190314b47c VirusTotal Malware Check memory RWX flags setting unpack itself	2 Keyword trend analysis			2.2	24	ZeroCERT