Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
46921	2024-08-10 17:41	setup.exe dab66bdcb96e8de84d56613c6bb9b4ae Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					11.0	M		ZeroCERT

46922	2024-08-10 17:41	setup.exe a62db46612899b8ec61837797bab0715 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					10.4	M		ZeroCERT

46923	2024-08-10 17:42	Visual.ps1 0ceeb6420f475c07ac5f4b4783855400 Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Windows Executable WriteProcessMemory		5.4	M		ZeroCERT

46924	2024-08-10 17:43	setup.exe c5def7482c409dd5f2220ce4c1e66656 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					11.0	M		ZeroCERT

46925	2024-08-10 17:43	setup.exe 382600785e4a2db8cead5a6b33717a7a Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					10.4	M		ZeroCERT

46926	2024-08-10 17:45	setup.exe b815bc206843843a7795df8ed74a622d Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					11.0	M		ZeroCERT

46927	2024-08-10 17:46	WE.exe c3810dc34fb0dd806c01d2a15617e343 Generic Malware Malicious Library PWS KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 PNG Format Browser Info Stealer Malware download FTP Client Info Stealer NetWireRC Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check SectopRAT Windows Browser Backdoor ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis	2	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)		15.0			ZeroCERT

46928	2024-08-10 17:47	setup.exe 05ed8d4bc0c2d438ff0c376e508b84ef Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					11.0	M		ZeroCERT

46929	2024-08-10 17:49	authenticator.exe 1560d6506f8e57432427df2bc4263f12 Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check PNG Format Browser Info Stealer Malware download FTP Client Info Stealer NetWireRC Malware suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check SectopRAT Windows Browser Backdoor ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis	1	3	1	8.0			ZeroCERT

46930	2024-08-10 17:52	setup.exe c2a206966403fd63bf68aad8e9f8b840 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					11.0	M		ZeroCERT

46931	2024-08-10 18:22	latest.jar 3ea0ddc6ba7691f2a3ac498158ed8a94 Generic Malware ZIP Format OS Processor Check VirusTotal Malware AutoRuns Check memory Checks debugger WMI RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows Java ComputerName DNS crashed		1			7.8		1	ZeroCERT

46932	2024-08-10 18:26	49fd9bf8a9029185e03f469c388fbe... 49fd9bf8a9029185e03f469c388fbe3c Generic Malware AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware Code Injection Malicious Traffic Check memory Creates shortcut RWX flags setting unpack itself suspicious process Interception DNS	2 Keyword trend analysis	1	1	1	5.6		28	ZeroCERT

46933	2024-08-11 13:35	5feeee23ecd310ed552b56c1992d5e... 12b3e621c89b84ef5b584c72c13c8b5e Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware crashed					1.4		48	guest

46934	2024-08-11 14:21	66b286b03f960_hp-scanner.exe 5fb3019941edcfa601638879bb313395 RedLine stealer Malicious Library .NET framework(MSIL) UPX ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		11.8		49	ZeroCERT

46935	2024-08-11 14:21	66b31f0061c9a_doz.exe 3b0041dfa75c093509fd3e2e1a144532 Stealc Client SW User Data Stealer LokiBot RedLine stealer ftp Client info stealer Malicious Library Antivirus .NET framework(MSIL) ASPack UPX Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	17.2	M	53	ZeroCERT