Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
45886	2024-07-08 16:54	cab.exe 5aefab6d98b943df267e28b42b5871e0 UPX PE File PE32 VirusTotal Malware suspicious privilege Windows utilities WriteConsoleW Windows DNS		2			4.4	M	47	ZeroCERT

45887	2024-07-08 16:56	Alingme.exe 2a16ef4fbdab9645dbd0dff6f3c1b0af Malicious Library SMTP AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	5	1		14.4	M	44	ZeroCERT

45888	2024-07-08 17:01	pc9.chm 7d101e683e7dbdfb83788c109c7b7de3 AntiDebug AntiVM CHM Format PNG Format JPEG Format VirusTotal Malware MachineGuid Code Injection Check memory RWX flags setting unpack itself ComputerName					2.8		4	ZeroCERT

45889	2024-07-08 17:01	sync.exe 69bf43760932bcccc3f1d58edc80bef9 UPX PE File PE64 VirusTotal Malware					2.0	M	19	ZeroCERT

45890	2024-07-08 17:02	windows.exe 9345f62e4c352920a96fe1ef4f295a9a Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	59	ZeroCERT

45891	2024-07-08 17:03	cc.exe f84d08aa136cff60ce8e8c45202190af UPX PE File PE64 suspicious privilege Windows utilities WriteConsoleW Windows DNS		1			3.0	M		ZeroCERT

45892	2024-07-08 17:04	Chrome_Password_Remover.exe f308be1162c86c3d72ad06c4c85a67d4 Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE64 DllRegisterServer dll OS Processor Check VirusTotal Malware crashed					1.8	M	56	ZeroCERT

45893	2024-07-08 17:06	gold.exe e72e3e0f37eddc11e9003053604c7ab6 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2		55	ZeroCERT

45894	2024-07-08 17:06	test.exe d19291fc64d40d67755f8a66e43200a3 UPX PE File PE64 VirusTotal Malware					1.4		12	ZeroCERT

45895	2024-07-08 17:08	Atte.exe b854f7f4b478960929e8c2ae1bd7f661 Malicious Library PE File PE64 VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Check virtual network interfaces WriteConsoleW Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		7.4		45	ZeroCERT

45896	2024-07-08 17:08	xmrig.exe c0f8959614ae06561216158d78a787e5 XMRig Miner Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware unpack itself ComputerName					2.0		57	ZeroCERT

45897	2024-07-08 17:10	serrrr.exe 293bdbec6a256c88eb2cfb4e46e892ae Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE32 OS Processor Check VirusTotal Email Client Info Stealer Malware Check memory Checks debugger Windows Email					3.2		49	ZeroCERT

45898	2024-07-08 17:11	newbuild07.exe 9adc621f718c8e283e2b946acf914322 RedLine stealer RedlineStealer Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer Anti_VM PE File .NET EXE PE32 OS Processor Check PE64 DllRegisterServer dll Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis Info https://bitbucket.org/tanosx/clockbrix/downloads/Chrome_Password_Remover.exe https://bbuseruploads.s3.amazonaws.com/443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207	5	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		9.8		57	ZeroCERT

45899	2024-07-08 18:00	xplayd.hta 82a46c36da6b5ae4bd7794eb6fd9f029 VirusTotal Malware crashed					0.6		6	ZeroCERT

45900	2024-07-08 18:04	IENETCache.hta 2c47bdda0532d55c27bcd50f34e6b8ca Generic Malware Downloader Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger wscript.exe payload download Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	2	1	1	12.0		17	ZeroCERT