Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
46951	2024-08-11 14:51	66b7d12b3a8ea_5k.exe 4bead3a1a9683a320959d1f0704e5c62 RedLine Infostealer RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check Tofsee Ransomware Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	4	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RedLine Stealer - CheckConnect Response ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SURICATA HTTP unable to match response to request	14.2	M	21	ZeroCERT

46952	2024-08-11 14:52	ax.exe 3697adfd0eaf4b7835607c271843605a Malicious Library Antivirus UPX Anti_VM PE File PE64 OS Processor Check VirusTotal Malware				1.2	M	41	ZeroCERT

46953	2024-08-11 14:52	newbuildteamb.exe 8e7dc75f7c04882b9294d40c4eb67110 Malicious Library Antivirus UPX Anti_VM PE File PE64 OS Processor Check VirusTotal Malware				1.0	M	38	ZeroCERT

46954	2024-08-11 14:54	tt222.exe ff081c6eebbd9fef49eb7e78ac566a78 Malicious Library Antivirus UPX PE File PE64 OS Processor Check VirusTotal Malware PDB				1.2	M	31	ZeroCERT

46955	2024-08-11 14:54	ezil.exe b1dccf5b761bfef51a4204d0c4542bf8 UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	47	ZeroCERT

46956	2024-08-11 14:57	66b1b02a20b5a_cry.exe 675922f5041b15ce59929f38b1798b3c Malicious Library .NET framework(MSIL) UPX ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself				8.0	M	47	ZeroCERT

46957	2024-08-11 14:57	sthealthclient.exe 5a49dfb1f8484d86675a3811e95c5020 RedLine Infostealer UltraVNC Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Check virtual network interfaces AppData folder Windows DNS Cryptographic key crashed	2 Keyword trend analysis	1	4	7.6	M	44	ZeroCERT

46958	2024-08-11 14:58	66ae97ac4c30d_crypted.exe dbfb97dfac2ebd1c0c891897dee558a3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed				2.4	M	58	ZeroCERT

46959	2024-08-11 14:59	06082025.exe 0d76d08b0f0a404604e7de4d28010abc RedLine stealer RedlineStealer Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check PE64 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis Info https://bitbucket.org/cloudappsoftware/vsc/downloads/GlitchClipper.exe https://bbuseruploads.s3.amazonaws.com/0046344b-dbc7-4633-ba53-858e97e1e5e3/downloads/e035ed78-1bf0-4b5e-b1b5-5452a9c00962/GlitchClipper.exe?response-content-disposition=attachment%3B%20filename%3D%22GlitchClipper.exe%22&AWSAccessKeyId=ASIA6KOSE3BNNACKCQR3&Signature=0WJdjhH0SzZbZrg4qmi8SZhFZ1c%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEHYaCXVzLWVhc3QtMSJGMEQCIEk%2BARBMnCUmBc%2B4pE%2FLa%2FXufm9B9egBuQycdCg0PqkwAiB%2FJLKBV7ZCeo6kUBQVydv1ivbUl3CHG7AFwB5Ve1dCDCqnAghvEAAaDDk4NDUyNTEwMTE0NiIMOVl5UzuIlAe9MITSKoQCVVtkn%2FpUoHlSF02oe4h2lTomBpfefAEuKnNpHAuBWN7prPQgMTqVZWNuxiUYi1unMhcX2MkjGlQ4VbMWl7v0XjUEneW8uXb3jjfbwjBpUu9%2FehfDZcef8pKMqekxlnv7uYSkEUIqP7%2FxJKYRxxNYkQgfMBtOIMlNk2D0XzSI0jaeRzup4oYiGftG6Y62slfk4MfdNZ4Fr0fmaicEs%2FVc6X2UkwpF%2FYlfORUKcjK1Oc%2BzjmQDyjw4IVi7N6%2FfR0UKtOnQ58AOpnyt1jeZe3V3I1ajPYwFppy2QHHWYbuI49pGZGqy1%2BNIIgPHME5oVe4FJPKixo3xpnPL3OXsaW31abikMj0wkqDhtQY6ngEuq0NPpIJ4eoRobfM450Na17ef9eAvuAhiGVozXMuLABm9hdgvUUFB2x6r2%2BVsNi7xP9DvAXE5f1tArFGJjVEs8wwsJVM%2BtqfacjbOLG8Dh1EyJfGJjgom65rQfHPRPyDA6UamyxSfg9WC9zkEq4nZwz2Wm3mc3k6cLzQfk8Mr6HumakVxDKW4UAqaYDtFt%2BzVIEkRzKYcxiogT%2FvSMA%3D%3D&Expires=1723356954	5	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	10.4	M	62	ZeroCERT

46960	2024-08-11 15:01	tt2.exe ae136ee998229f2898b20cc44cf2bc99 Malicious Library Antivirus UPX Anti_VM PE File PE64 OS Processor Check VirusTotal Malware				1.2	M	41	ZeroCERT

46961	2024-08-11 15:01	NJTCFVIV.exe c350fa7b1a8b9cbbab1ae59e00575209 Generic Malware Malicious Library UPX Malicious Packer PE File PE32 DLL PE64 OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AntiVM_Disk VM Disk Size Check				3.6	M	34	ZeroCERT

46962	2024-08-11 15:03	newalp.exe 6093bb59e7707afe20ca2d9b80327b49 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check PE64 Malware download Amadey VirusTotal Cryptocurrency Miner Malware AutoRuns Malicious Traffic Creates executable files unpack itself AppData folder Windows DNS CoinMiner	3 Keyword trend analysis	9 Info xmr-eu1.nanopool.org(212.47.253.124) - mailcious zeph-eu2.nanopool.org(51.195.43.17) - mailcious pastebin.com(172.67.19.24) - mailcious stagingbyvdveen.com(147.45.60.44) 163.172.171.111 - mailcious 212.47.253.124 - mailcious 147.45.60.44 - malware 172.67.19.24 - mailcious 185.196.11.123 - mailcious	9 Info ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET DROP Spamhaus DROP Listed Traffic Inbound group 33 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	6.6	M	64	ZeroCERT

46963	2024-08-11 15:04	66af9bdbf0f60_Team.exe 2f208b17f8bda673f6b4f0dacf43d1bf Malicious Library UPX PE File PE64 MZP Format OS Processor Check VirusTotal Malware unpack itself				2.2	M	43	ZeroCERT

46964	2024-08-11 15:05	blued2.exe 444227bb8425c40230c70a0312b34d9e Malicious Library Antivirus UPX Anti_VM PE File PE64 OS Processor Check VirusTotal Malware DNS		1		1.4	M	25	ZeroCERT

46965	2024-08-11 15:05	Factura%20Pro-forma%20-%20S083... 66da887500b1a6ce357adfafb8a10d07 PDF Suspicious Link PDF					M		ZeroCERT