Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46516	2024-08-01 11:15	dz.js 198c2e0eddd819cc239e7d79454bc7d2 VirusTotal Malware crashed	1 Keyword trend analysis				0.6		3	ZeroCERT

46517	2024-08-01 11:17	random.exe 28700cd817abafa9a16ad89a0f7ffd86 Amadey Client SW User Data Stealer RedLine stealer browser info stealer EnigmaProtector Generic Malware Downloader Google Chrome User Data Malicious Library Malicious Packer UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal cred Browser Info Stealer Malware download Amadey VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Detects VMWare suspicious process AppData folder malicious URLs VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	1 Keyword trend analysis	4	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Packed Executable Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	1	20.8	M	38	ZeroCERT

46518	2024-08-01 14:48	【算法工程师】李子豪.lnk e449e8239ec8d3910d2f81ed22ec762c Generic Malware UPX Antivirus Anti_VM AntiDebug AntiVM Lnk Format GIF Format PowerShell PE File DLL PE64 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger heapspray Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					8.4		31	ZeroCERT

46519	2024-08-01 14:48	MichelinNight.lnk 4f35ca4893709a1e9027ccda0c3a1102 Generic Malware UPX Antivirus Anti_VM AntiDebug AntiVM Lnk Format GIF Format PowerShell PE File DLL PE64 VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger heapspray Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					8.0		15	ZeroCERT

46520	2024-08-01 14:56	faultrep.dll d73cecec94d5983755c81711baa7678e UPX Anti_VM PE File DLL PE64 VirusTotal Malware Checks debugger unpack itself					1.8		38	ZeroCERT

46521	2024-08-01 14:56	faultrep2.dll 3d2fb2e111412d2d844d223b79fb5c99 UPX Anti_VM PE File DLL PE64 VirusTotal Malware Checks debugger unpack itself					1.8		52	ZeroCERT

46522	2024-08-01 14:58	vhcrvdh iobv.exe da2331ac3e073164d54bcc5323cf0250 CrimsonRAT Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2		48	r0d

46523	2024-08-01 15:06	hacrvidth vibev.exe 7a18b1bf9b07726327ba50e549764731 CrimsonRAT Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.8		50	r0d

46524	2024-08-01 15:13	Microsoft_AntiSpam_Extension_S... 6a364ef9c583ccfd5ea50113d7f0140e ZIP Format VirusTotal Malware					0.6		11	ZeroCERT

46525	2024-08-01 15:16	lasjdflakdsjf.pdf.exe 9de2806368f77203832f5b4b421af88f Malicious Library Malicious Packer UPX PE File PE64 VirusTotal Malware DNS		1			2.0		14	ZeroCERT

46526	2024-08-02 07:39	Installer.exe b4ac185a10fae02495def73d10960453 Gen1 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.4		25	ZeroCERT

46527	2024-08-02 07:43	crypted968071618UNGKC.exe 688ce25c0d970bd0cc5a02bbb16a4301 Formbook Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.0		48	ZeroCERT

46528	2024-08-02 07:43	pon.exe 3fbad097793fab9c62bbebb2a2d5e530 UPX Antivirus PE File PE64 OS Processor Check VirusTotal Malware PDB suspicious privilege Check memory WMI Windows utilities suspicious process Ransomware Windows ComputerName					5.2		13	ZeroCERT

46529	2024-08-02 07:47	4434.exe 607c413d4698582cc147d0f0d8ce5ef1 Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.4	M	56	ZeroCERT

46530	2024-08-02 07:47	jsawdtyjde.exe 4c3049f8e220c2264692cb192b741a30 SystemBC Generic Malware Downloader Malicious Library UPX Malicious Packer Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiV VirusTotal Malware AutoRuns PDB Code Injection Creates executable files unpack itself AppData folder Windows Remote Code Execution					5.8	M	51	ZeroCERT