Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46636	2024-08-05 10:41	XFTZHD.exe f9eb9ee28788c0079bbc91086cef30f2 PE File PE32 VirusTotal Malware unpack itself DNS	1 Keyword trend analysis	1			3.4	M	42	ZeroCERT

46637	2024-08-05 10:43	secretsdump.exe 96ec8798bba011d5be952e0e6398795d Gen1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL .NET DLL VirusTotal Malware Creates executable files unpack itself AppData folder WriteConsoleW					2.8	M	52	ZeroCERT

46638	2024-08-05 10:43	wmiexec.exe e3e29ce5e9af4e3b0452b79bad2a31ac Gen1 Generic Malware Malicious Library UPX Anti_VM PE File PE64 OS Processor Check DLL ftp ZIP Format VirusTotal Malware Check memory Creates executable files					2.0	M	26	ZeroCERT

46639	2024-08-05 10:44	Client.exe fedb1274930bfa08a83480134a3f1412 Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	55	ZeroCERT

46640	2024-08-05 10:44	rundll.exe 4c6421a1802b81596b4a5c1f67261826 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting DNS		1			3.2	M	57	ZeroCERT

46641	2024-08-05 10:49	client.exe 88f51d627da1f6fddea62b9f1cc66cbf njRAT backdoor PE File .NET EXE PE32 VirusTotal Malware WriteConsoleW DNS		2			3.6	M	65	ZeroCERT

46642	2024-08-05 10:49	miner.exe 53540062e2853766764ac60dbaa4baab Emotet Gen1 XMRig Miner CoinMiner Generic Malware Suspicious_Script_Bin NMap Downloader Malicious Library Antivirus UPX Malicious Packer Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code in VirusTotal Cryptocurrency Miner Malware Cryptocurrency Telegram AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process sandbox evasion WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key crashed	2 Keyword trend analysis	3	5 Info ET HUNTING Telegram API Domain in DNS Lookup ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET POLICY Cryptocurrency Miner Checkin SURICATA HTTP Request unrecognized authorization method ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection	2	14.8	M	51	ZeroCERT

46643	2024-08-05 10:50	sasa.bat 90c3dfd74d6ab4b7b98777930ab44a23 Generic Malware Downloader Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P Ant VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	4		9.6	M	1	ZeroCERT

46644	2024-08-05 10:51	shell.exe 0213da520fdca3535f303c90982fb766 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6	M	59	ZeroCERT

46645	2024-08-05 10:51	systems.exe 454a942056f6d69c4a06ffedffea974a RedLine Infostealer UltraVNC Generic Malware Downloader Malicious Library UPX Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug An Malware download AsyncRAT NetWireRC VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell Telegram AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Tofsee Ransomware Windows ComputerName DNS Cryptographic key crashed		4	8 Info ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Telegram API Domain in DNS Lookup SURICATA TLS invalid record type SURICATA TLS invalid record/traffic SURICATA Applayer Detect protocol only one direction ET INFO TLS Handshake Failure ET MALWARE Generic AsyncRAT Style SSL Cert		18.0	M	48	ZeroCERT

46646	2024-08-05 10:51	psexec.exe 1dd30422a1cb52d87337debb4983d342 Gen1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check DLL .NET DLL VirusTotal Malware Creates executable files unpack itself AppData folder WriteConsoleW					3.4	M	44	ZeroCERT

46647	2024-08-05 10:52	reverse.exe 58840f757810108421b4ff20ec0a7c0b Metasploit Generic Malware PE File PE64 VirusTotal Malware DNS		1			3.0	M	42	ZeroCERT

46648	2024-08-05 10:53	v.exe 5381689d4c9a0ce9d0f67dd8485188d2 Downloader Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 VirusTotal Malware AutoRuns Windows	2 Keyword trend analysis	2	1		3.8	M	45	ZeroCERT

46649	2024-08-05 10:54	[install].exe b7a8955b08547b07d755f17798eb3aad UPX PE File PE64 VirusTotal Malware					2.6	M	50	ZeroCERT

46650	2024-08-05 10:55	mass.exe 197f78ed2328b1369153eda070489805 Malicious Library UPX Anti_VM ftp PE File PE32 OS Processor Check VirusTotal Malware PDB					1.8	M	44	ZeroCERT