Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
4561	2024-12-16 18:50	M5iFR20.exe 5950611ed70f90b758610609e2aee8e6 Generic Malware Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware Checks debugger				1.4	50	ZeroCERT

4562	2024-12-16 18:46	PDFReader.exe ddce3b9704d1e4236548b1a458317dd0 Emotet Malicious Library Malicious Packer UPX DllRegisterServer dll PE32 PE File OS Processor Check Buffer PE AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Windows ComputerName Cryptographic key crashed		2		9.4		ZeroCERT

4563	2024-12-16 18:44	jy.exe 21a8a7bf07bbe1928e5346324c530802 Gen1 Malicious Library UPX PE32 PE File MZP Format PE64 OS Processor Check DLL VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder				3.4	35	ZeroCERT

4564	2024-12-16 18:42	Itaxyhi.exe 78c586522f986994aa77c466c9d678a8 RedLine stealer Malicious Packer .NET framework(MSIL) UPX .NET EXE PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Telegram MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Ransomware Windows Browser ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	4	6 Info ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain (get .geojs .io) in DNS Lookup ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	7.0	56	ZeroCERT

4565	2024-12-16 18:42	41a1111.hta 8d3008b1b51e600b464f1458142a3f0f UPX PE32 PE File VirusTotal Malware RCE DNS		1		5.2	58	ZeroCERT

4566	2024-12-16 18:40	xx.ps1 f69b016d952adc017710ec876b525327 Hide_EXE Generic Malware Antivirus AntiDebug AntiVM FormBook Malware download VirusTotal Malware powershell Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself powershell.exe wrote	3 Keyword trend analysis Info http://www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip http://www.duwixushx.xyz/bmve/?zER=Rsosln+CouPFD70u1OPXKbJXElFmgu5R0Qz9VzezY2yTYUIF1+nb21DIy1pFOudDIiHjy9JJbERJh7u1Q7B4QPYwE9D6Fj3j1eiWNaQYDUG6o+zT283k7NP57saUsP2d80o7rJ4=&cAItz=FLvgQyU9b0YI http://www.duwixushx.xyz/bmve/	3	1	10.0	25	ZeroCERT

4567	2024-12-16 18:40	system32.exe 3386d440d3907b4c9322f7842a914026 Malicious Library .NET EXE PE32 PE File VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger unpack itself human activity check Windows DNS Cryptographic key		1		6.2	55	ZeroCERT

4568	2024-12-16 18:40	hellres.exe 2511d20918fe5495f4cec12ed8e010df Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Check memory buffers extracted Creates shortcut unpack itself Collect installed applications sandbox evasion IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Browser Email ComputerName DNS		3	8 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped	9.8	55	ZeroCERT

4569	2024-12-16 18:40	DON.ps1 653067d2d3176ff5d92fb98c03cef517 Hide_EXE Generic Malware Antivirus VirusTotal Malware				0.6	15	ZeroCERT

4570	2024-12-16 18:23	c.exe 1348d98df832fb91e6ce20f25f242afd Malicious Library Javascript_Blob .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.2	29	ZeroCERT

4571	2024-12-16 18:23	test30.exe e9289cac82968862715653ae5eb5d2a4 Malicious Library PE64 PE File VirusTotal Malware RWX flags setting unpack itself ComputerName DNS		2		5.2	63	ZeroCERT

4572	2024-12-16 18:22	eo.exe 3626726dafb657c2a331dbe3b7fd1fde Malicious Library Malicious Packer .NET framework(MSIL) UPX .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself				2.0	57	ZeroCERT

4573	2024-12-16 18:21	resp.exe bee040fc0caf73ee0cb2e55d4c703f22 Generic Malware Malicious Library Malicious Packer UPX PE64 PE File OS Processor Check Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege Check memory buffers extracted Creates shortcut unpack itself Collect installed applications sandbox evasion IP Check installed browsers check Tofsee Ransomware MeduzaStealer Stealer Browser Email ComputerName DNS		3	8 Info ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) SURICATA Applayer Protocol detection skipped	9.8	59	ZeroCERT

4574	2024-12-16 18:21	System32.exe d4817ea043beaf35d19fa6a5adaa179c RedLine stealer RedlineStealer Themida Malicious Library .NET framework(MSIL) UPX Anti_VM PE32 PE File OS Processor Check VirusTotal Malware RWX flags setting unpack itself Checks Bios Detects VirtualBox Detects VMWare sandbox evasion VMware anti-virtualization Windows Firmware DNS crashed		1		8.4	61	ZeroCERT

4575	2024-12-16 18:19	BootstrapperV1.23_1.exe 02c70d9d6696950c198db93b7f6a835e Malicious Library .NET framework(MSIL) UPX PE64 .NET EXE PE File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows ComputerName crashed		4	1	4.4	57	ZeroCERT