Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48691	2024-10-08 21:41	123123.txt 658d46c7966d6d0e047dce33403a6650 ScreenShot AntiDebug AntiVM					0.4			guest

48692	2024-10-08 21:44	Extension-http.exe 4006811cd7916ac2258c0c81c6e3cf43 Malicious Library Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			4.2	M	61	ZeroCERT

48693	2024-10-08 21:44	Meeting-https.exe 4b61a3d79a892267bf6e76a54e188cc0 Generic Malware Malicious Library WinRAR UPX Malicious Packer PE File PE64 OS Processor Check icon PNG Format PE32 VirusTotal Malware PDB Creates executable files AppData folder Remote Code Execution					2.6	M	53	ZeroCERT

48694	2024-10-08 21:47	7f3c2473d1e6.exe#sp_vid f31e12f0766f3a345b1a4eddeb3d8307 Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Malicious Library UPX ASPack Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE FTP Client Info Stealer Malware Telegram MachineGuid Code Injection Malicious Traffic Check memory buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software crashed	1 Keyword trend analysis	5	3		14.4	M		ZeroCERT

48695	2024-10-08 21:47	taskhostw.exe a3939099773cda5b2c94a6f1061ffa19 Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	8	9 Info ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET HUNTING Telegram API Domain in DNS Lookup ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check		19.2	M	43	ZeroCERT

48696	2024-10-08 21:48	Journal-https.exe 01eec167288db3f18288cc9c88adb3c6 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS		1			5.2	M	60	ZeroCERT

48697	2024-10-08 21:48	BroadcomRetest.exe 6c5058cdea005156044e55525b31a488 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		2			4.0	M	61	ZeroCERT

48698	2024-10-08 21:50	Session.exe b079e06ca60cf07b35abd19e225d3e1c Malicious Library PE File PE64 VirusTotal Malware RWX flags setting unpack itself ComputerName DNS		1			5.2	M	56	ZeroCERT

48699	2024-10-08 21:51	LoadNew.exe 414753e6caa05ca4a49546cec841ef10 Generic Malware UPX Malicious Library Malicious Packer PE File PE64 DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Check memory buffers extracted Creates executable files Windows DNS crashed	2 Keyword trend analysis	1	3		4.6		21	ZeroCERT

48700	2024-10-08 21:53	salluireallymissyousallutrulyi... 72dd90d54b9dcfe691ff308a9cacb72f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	4	1		4.6	M	38	ZeroCERT

48701	2024-10-08 21:53	956d73b7f041.exe#default15st a3ad404cc615fc48ddfc3ddba9896dfa Stealc Client SW User Data Stealer Gen1 ftp Client info stealer Generic Malware Malicious Library UPX Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Malware c&c Code Injection Malicious Traffic Check memory buffers extracted unpack itself Stealc ComputerName DNS crashed	2 Keyword trend analysis	1	2	1	8.0	M		ZeroCERT

48702	2024-10-08 21:55	am10.exe 934310f719707becac6a69b4579f6fd2 Amadey Generic Malware Malicious Library Malicious Packer UPX Antivirus PE File PE32 OS Processor Check Browser Info Stealer Malware download Amadey VirusTotal Malware powershell AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files exploit crash unpack itself suspicious process AppData folder installed browsers check Windows Exploit Browser ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	2	4	1	10.8	M	60	ZeroCERT

48703	2024-10-08 21:55	04a4f32fae41.exe#d16 43f5318d55a4c0f947d592a271898ceb Client SW User Data Stealer LokiBot Gen1 ftp Client info stealer Generic Malware Malicious Library UPX ASPack Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE FTP Client Info Stealer Malware Telegram MachineGuid Code Injection Malicious Traffic Check memory buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software crashed	2 Keyword trend analysis	5	3		14.4	M		ZeroCERT

48704	2024-10-08 21:57	CCRNC.txt.exe 1a3fee38ced030e1751a309616c39202 Browser Login Data Stealer Generic Malware Malicious Library Downloader Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware DNS DDNS		2	2		3.8		61	ZeroCERT

48705	2024-10-08 21:57	g2m.dll e0fa9d4894017e66af927bd72df16793 Generic Malware Malicious Library Malicious Packer UPX PE File DLL PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					1.4	M	15	ZeroCERT