popup

Submissions

No Date Request Urls Hosts IDS Rule Score Zero VT Player Etc
47491 2024-08-23 10:00 sheisworthforbuttermilkwhichgi...  

3d88ae1173dd6f3122d6936d7078982a


MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed 		1 3 1 4.6 M 33 ZeroCERT

47492 2024-08-23 10:25 66c788707161f_len4n1d.exe  

1ec595d061389ddf2349330280609a57


Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself 		7.2 34 ZeroCERT

47493 2024-08-23 20:12 lum_agent_online.exe  

d09a787b5982cf6eccd6e4bbe6290850


Emotet Generic Malware Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check DLL PE64 DllRegisterServer dll Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Auto service Check virtual network interfaces Tofsee Ransomware Windows ComputerName Remote Code Execution 		4 7 1 7.4 guest

47494 2024-08-24 18:55 viqw.exe  

480e83a8b9bb22bf1bef2965113f3901


Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software 		1 5 3 1 16.2 M 53 ZeroCERT

47495 2024-08-24 18:57 semgm.exe  

972df6653179052f7a5dc3c4424e8868


Stealc Client SW User Data Stealer ftp Client info stealer Antivirus Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download Vidar VirusTotal Malware c&c PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin 		9 1 15 2 12.4 M 53 ZeroCERT

47496 2024-08-24 18:58 Onedrive.exe  

a249251ea0987f54ccb9d96d995008bc


Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware 		1.4 51 ZeroCERT

47497 2024-08-24 18:59 Setup1.exe  

2f62bde469827dbadc9cb1281d8f3d9b


Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 Browser Info Stealer Malware download VirusTotal Malware Malicious Traffic Check memory buffers extracted unpack itself Collect installed applications suspicious TLD anti-virtualization installed browsers check CryptBot Browser ComputerName DNS crashed 		1 2 3 6.8 M 41 ZeroCERT

47498 2024-08-24 18:59 wethinknewbuttersmoothoiltomak...  

9b11ffc668d7fde9f491c1366d298403


MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed 		1 3 1 4.8 M 40 ZeroCERT

47499 2024-08-24 19:00 v2mb4.exe  

380b11f8a23405b141467c3f563c4a22


Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software 		1 5 3 1 15.6 M 41 ZeroCERT

47500 2024-08-24 19:01 66c88e6d46f4d_crypted.exe  

95fe51bf6712dabad88f0dff35b9cc2a


RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed 		1 6 13.2 M 51 ZeroCERT

47501 2024-08-24 19:03 66c8f1817d261_valef.exe#space  

061d8703e1b09de4efc023a101b71f57


Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software 		1 5 3 1 15.0 M 49 ZeroCERT

47502 2024-08-24 19:05 rword.txt.exe  

e93b549ac1147b884fe1093ac5d32705


Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check Remcos VirusTotal Malware Malicious Traffic Check memory DNS 		1 3 1 3.0 66 ZeroCERT

47503 2024-08-24 19:06 jhl_service.exe  

2e5655f2cfebe6357e6388e678f3c073


Themida Packer Malicious Library ScreenShot Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 DLL Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Checks Bios Detects VMWare AppData folder AntiVM_Disk sandbox evasion VMware anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName Firmware DNS crashed keylogger 		1 3 1 18.2 M 55 ZeroCERT

47504 2024-08-24 19:07 vword.txt.exe  

e3be1355e20608d663d10bd9187af3e4


Generic Malware Malicious Library Downloader Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check PDB MachineGuid Check memory Checks debugger unpack itself DNS 		1 1.8 ZeroCERT

47505 2024-08-24 19:07 66c8f17d5f1ae_selwq.exe#space  

258229d6ad139e745a770eb9e0418310


Stealc Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Downloader Antivirus Malicious Library UPX Malicious Packer Http API PWS Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealc Stealer Windows Browser Email ComputerName DNS Software plugin 		12 7 21 3 18.4 M 52 ZeroCERT

keyword