Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
46291	2024-07-25 11:22	pic1.jpg.exe d3785ed170cdb1f4784d3dff3a61dae0 Generic Malware Malicious Library Malicious Packer UPX Anti_VM DllRegisterServer dll PE File PE64 OS Processor Check VirusTotal Malware				1.2	M	45	ZeroCERT

46292	2024-07-25 15:34	Tgnviazinc.exe 8f1ddc73cd5ca16d3ac140423ce7726b PE File PE64 Buffer PE MachineGuid Check memory Checks debugger buffers extracted RWX flags setting unpack itself suspicious process WriteConsoleW Windows Cryptographic key crashed				4.2			ZeroCERT

46293	2024-07-25 15:34	linkedin.exe 1a99f8243d4971ae826fc063142c5b0b UPX PE File PE32 VirusTotal Malware				1.2		40	ZeroCERT

46294	2024-07-25 16:15	IMG_0972.jpeg 27df612d5004eb2e629ae814a9aaa6e0 JPEG Format							guest

46295	2024-07-25 16:22	ExcelRepairKitInstall.exe 9495509a5c158e6039fd72f21d69d07b Gen1 Malicious Library UPX PE File PE32 MZP Format OS Processor Check PE64 suspicious privilege Check memory Checks debugger WMI unpack itself Windows utilities AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName				4.6			guest

46296	2024-07-26 10:26	joom.exe 278d770f363da10c7f7eb1a9c653ccf0 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution				2.0		30	ZeroCERT

46297	2024-07-26 10:28	random.exe d04ce1fea5d986c68c8570a9e73f01b6 Generic Malware Downloader Malicious Library UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS BitCoin Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName crashed		2	1	11.6		32	ZeroCERT

46298	2024-07-26 10:28	chisel32.exe 7eae075c51e9bda629835d4b2815ee03 Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware WriteConsoleW crashed				1.8		51	ZeroCERT

46299	2024-07-26 10:34	random.exe c225910168e4d400b52e9ee5106c8e7a RedLine stealer Generic Malware Downloader Malicious Library Malicious Packer UPX Code injection Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Internet API FTP KeyLogger P2P Anti_VM AntiDebug Browser Info Stealer MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities suspicious process malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed		3	2	12.6	M		ZeroCERT

46300	2024-07-26 10:41	FullPowers.exe aa75221e6e2b20a5719e221ea1c1ca77 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware				0.6		11	ZeroCERT

46301	2024-07-26 10:41	2023.exe a2348de3f84a433171df2f2d09b036aa Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB Checks debugger unpack itself crashed				2.6		41	ZeroCERT

46302	2024-07-26 10:43	random.exe 25db2d5ac24b8e34330f8dd7882b6dd6 SystemBC Gen1 RedLine stealer RedlineStealer Generic Malware Downloader UPX Malicious Library Malicious Packer Antivirus .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic unpack itself Checks Bios Collect installed applications Detects VMWare AppData folder VMware anti-virtualization installed browsers check Tofsee Ransomware Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	11 Keyword trend analysis Info http://185.215.113.16/inc/pered.exe http://185.215.113.16/inc/svhosts.exe http://185.215.113.16/inc/4ck3rr.exe http://185.215.113.16/inc/crypteda.exe http://185.215.113.16/Jo89Ku7d/index.php http://185.215.113.16/inc/crypted.exe http://185.215.113.16/inc/2020.exe http://185.215.113.16/inc/build.exe http://185.215.113.16/inc/gawdth.exe http://185.215.113.16/inc/5447jsX.exe http://185.215.113.16/inc/25072023.exe	6	16 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET HUNTING Download Request Containing Suspicious Filename - Crypted SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET MALWARE Amadey Bot Activity (POST) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	19.0	M	38	ZeroCERT

46303	2024-07-26 10:44	4ck3rr.exe d6a034f75349665f43aa35dee0230379 RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	7.2	M	51	ZeroCERT

46304	2024-07-26 10:45	crypted.exe 371d606aa2fcd2945d84a13e598da55f Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed				2.4	M	50	ZeroCERT

46305	2024-07-26 10:46	RogueOxidResolver.exe 73446530325d8bdf09edd62d56e2e329 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware				1.4	M	50	ZeroCERT