Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
48736	2024-10-10 11:01	dl b02d517049bc1374b86c555b24e926f9 Malicious Library PE File PE32 VirusTotal Malware unpack itself				2.4	M	34	ZeroCERT

48737	2024-10-10 11:04	InstallSetup.exe e6dd6a25125edd4c21fe5cf7bafcd2bb Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName				5.4	M		ZeroCERT

48738	2024-10-10 11:04	Unit.exe bc243f8f7947522676dc0ea1046cb868 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Email Client Info Stealer Malware WMI Checks Bios anti-virtualization Tofsee Email ComputerName	2 Keyword trend analysis	4	1	5.4	M	58	ZeroCERT

48739	2024-10-10 11:04	6705797d4437e_game_bench.exe 888da0597b89d2a8dfc4c5d7dfb22dfd Generic Malware Suspicious_Script_Bin Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P An VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs WriteConsoleW Windows ComputerName				7.6	M	31	ZeroCERT

48740	2024-10-10 11:06	Hillmen.exe c1a37e2ae299837d1c06fe6f05f74882 RedLine stealer RedLine Stealer Malicious Library Confuser .NET .NET framework(MSIL) PWS SMTP AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName				5.8	M	57	ZeroCERT

48741	2024-10-10 11:08	tvnserverUI.exe 5c570a494f8d3568d8d37780f7708c9a Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself Windows utilities suspicious process Windows ComputerName Remote Code Execution crashed				3.4	M	15	ZeroCERT

48742	2024-10-10 11:16	QkZoHEBKmB.exe 16d6121d4ff8ab1f1a6ae47a096220d3 Generic Malware Downloader Malicious Library UPX Obsidium protector Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P persistence AntiDebug VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder malicious URLs Windows ComputerName Cryptographic key crashed				8.0	M	55	ZeroCERT

48743	2024-10-10 13:34	picturewithherimagesverygoodfo... afa95ffef9a1e2ee01b008da56592b30 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1	7.6	M	5	ZeroCERT

48744	2024-10-10 20:19	ngrok.exe d0b7c78ee341e83d50b03cbd31e085ad Malicious Library Malicious Packer UPX PE File ftp PE64 wget OS Processor Check VirusTotal Malware wscript.exe payload download Check virtual network interfaces crashed	1 Keyword trend analysis	2		3.8	M	25	guest

48745	2024-10-11 11:11	ng5th.exe e393c90747e935149ecabf5af936a07a Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed				5.0		46	ZeroCERT

48746	2024-10-11 11:14	jgt.exe 1417d38c40d85d1c4eb7fad3444ca069 PE File PE64 Malware download VirusTotal Cryptocurrency Miner Malware suspicious TLD DNS CoinMiner		10 Info jaiodsnvzxkxcz5hvxzkighiwagfew9oi0d3219v687dyfsdg.su(172.67.184.91) justpaste.it(83.168.108.45) pool.supportxmr.com(141.94.96.195) - mailcious pastebin.com(104.20.3.235) - mailcious rentry.co(104.26.2.16) - malware 104.20.3.235 - malware 104.26.2.16 - mailcious 104.21.19.3 141.94.96.71 83.168.108.45	7 Info ET INFO Observed Pastebin Service Domain (rentry .co in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO Pastebin Service Domain in DNS Lookup (rentry .co) ET INFO Observed Pastebin-style Service Domain (justpaste .it) in TLS SNI ET INFO Observed DNS Query to Pastebin-style Service (justpaste .it)	1.8	M	56	ZeroCERT

48747	2024-10-11 11:16	random.exe 9f875cd80ee26b55a71c2f795eb01c33 Themida Anti_VM PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Disables Windows Security Checks Bios Detects VMWare VMware anti-virtualization Windows Update DNS crashed		1		8.6	M	39	ZeroCERT

48748	2024-10-11 14:01	JavUmar.exe 3394808f2d5c141b86e33a51ace8a577 Generic Malware Admin Tool (Sysinternals etc ...) UPX PE File PE32 DLL Malware download VirusTotal Malware Malicious Traffic AppData folder suspicious TLD WriteConsoleW CryptBot ComputerName DNS	1 Keyword trend analysis	2	3	3.6	M	43	ZeroCERT

48749	2024-10-11 15:47	%ea%b0%90%ec%9e%90%ec%84%9c%eb... bf3b97432310ca538a7db99ee63b256e Generic Malware .NET framework(MSIL) UPX Antivirus PE File .NET EXE PE32 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut RWX flags setting unpack itself Check virtual network interfaces suspicious process Windows ComputerName Cryptographic key				5.6		43	ZeroCERT

48750	2024-10-11 16:00	njsirvorgroup.txt.exe f8cfd88f0871e35b0e9ce296284dbfa7 PE File .NET EXE PE32 VirusTotal Malware DNS		1		2.8		56	ZeroCERT