Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48601	2024-10-04 11:19	processclass.exe c042782226565f89ce3954489075e516 Suspicious_Script_Bin Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P An VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName DNS crashed	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	10.4	M	49	ZeroCERT

48602	2024-10-04 11:20	rstxdhuj.exe 1ef39c8bc5799aa381fe093a1f2d532a Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege Check memory Checks debugger buffers extracted ICMP traffic unpack itself Windows ComputerName Cryptographic key crashed		3		6.4	M	51	ZeroCERT

48603	2024-10-04 11:20	LgendPremium.exe c84baaa0b67d15dbc989ca2eb55a9b1c UPX PE File PE32 VirusTotal Malware				1.6	M	13	ZeroCERT

48604	2024-10-04 11:21	lummetc.exe 2fe92adf3fe6c95c045d07f3d2ecd2ed UPX PE File PE32 VirusTotal Malware				1.2	M	52	ZeroCERT

48605	2024-10-04 11:23	DeliciousPart.exe 8432070440b9827f88a75bef7e65dd60 Suspicious_Script_Bin Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P An VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process malicious URLs sandbox evasion WriteConsoleW Windows ComputerName				7.6	M	37	ZeroCERT

48606	2024-10-04 11:24	newbundle2.exe 58e8b2eb19704c5a59350d4ff92e5ab6 RedLine stealer RedlineStealer Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder suspicious TLD WriteConsoleW installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	5	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 32 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	14.0	M	61	ZeroCERT

48607	2024-10-04 11:25	Ewpeloxttug.exe 23c8cb1226c61a164d7518218c837b81 Hide_EXE Malicious Library UPX Anti_VM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows ComputerName Cryptographic key crashed				5.0	M	51	ZeroCERT

48608	2024-10-04 11:26	utility-installer.exe 05bf0fb13746875a2b7b9082200f7dc0 Generic Malware Malicious Library UPX Antivirus PE File PE32 MZP Format OS Processor Check DLL PE64 Browser Info Stealer VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows Browser ComputerName Cryptographic key crashed	2 Keyword trend analysis	4	1	9.0	M	15	ZeroCERT

48609	2024-10-04 11:28	PkContent.exe 87c051a77edc0cc77a4d791ef72367d1 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName				6.4	M	35	ZeroCERT

48610	2024-10-05 01:32	SolaraBootstrapper.exe cb473abcf3be04ed1706cc4101575809 PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed				3.6		56	guest

48611	2024-10-05 09:03	_chat.txt ac14849626d888a8836b9cf1731f8364 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			guest

48612	2024-10-05 09:03	_chat.txt ac14849626d888a8836b9cf1731f8364 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.2			guest

48613	2024-10-05 09:04	WhatsApp Chat - +1 (478) 402-0... 5153fef434ade7616b315cc8314ddcee ZIP Format							guest

48614	2024-10-05 09:05	WhatsApp Chat - +1 (478) 402-0... 5153fef434ade7616b315cc8314ddcee ZIP Format							guest

48615	2024-10-05 09:07	Dee6666666666666666lelelelee.t... d5a8577e326cd45467846c06835ec7e8 Malicious Library Antivirus PE File DLL PE32 .NET DLL VirusTotal Malware				1.0		33	ZeroCERT