Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48856	2024-10-15 15:12	crypted.exe 09d0e438a6a8666361559becb0359e5f RedLine stealer RedLine Infostealer RedlineStealer Generic Malware Malicious Library UPX .NET framework(MSIL) ScreenShot PWS AntiDebug AntiVM BitCoin PE File PE32 OS Processor Check .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Ransomware Stealer Windows Browser ComputerName Trojan DNS Cryptographic key Software crashed Downloader	7 Keyword trend analysis	4	11 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RedLine Stealer - CheckConnect Response ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) ET MALWARE Single char EXE direct download likely trojan (multiple families) ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SURICATA HTTP unable to match response to request		19.4	M	47	ZeroCERT

48857	2024-10-15 17:29	update.exe d77ae460c0411b137e405520a0fd5120 UPX PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.8		41	ZeroCERT

48858	2024-10-15 17:30	CheckX-Cracked-VIP.exe 3a1085797ca3089008cb2b51d2fcdc84 RedLine Infostealer RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	3	5 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE RedLine Stealer - CheckConnect Response ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SURICATA HTTP unable to match response to request	2	13.0	M	41	ZeroCERT

48859	2024-10-15 17:30	RLPR_DL.exe 12f9806ad64e90f6276302e3c023fb71 RedLine Infostealer RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	4 Keyword trend analysis	3	9 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE RedLine Stealer - CheckConnect Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SURICATA HTTP unable to match response to request	3	13.2	M	24	ZeroCERT

48860	2024-10-15 18:05	update.exe d77ae460c0411b137e405520a0fd5120 Generic Malware UPX PE File PE32 VirusTotal Malware Check memory unpack itself Remote Code Execution					3.0	M	41	r0d

48861	2024-10-16 11:01	etermproxy.exe d83c3a49036fa08e25465e0b9f7ba110 Malicious Library Antivirus UPX Anti_VM PE File PE32 VirusTotal Malware Remote Code Execution					1.6		24	ZeroCERT

48862	2024-10-16 11:04	DHLLLFILEMPDW-constraints.vbs 52f38d9e69e33318bbfa6bf359ede1d4 VirusTotal Malware					0.4		9	ZeroCERT

48863	2024-10-16 11:04	keygen.exe 3bd08acd4079d75290eb1fb0c34ff700 PE File PE32 VirusTotal Malware Check memory unpack itself					2.6	M	33	ZeroCERT

48864	2024-10-16 11:05	parttransferpro.exe a38e702946c3b3770260051e865cba87 Emotet Gen1 Malicious Library UPX Admin Tool (Sysinternals etc ...) PE File PE64 CAB .NET EXE PE32 VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself AppData folder Windows Remote Code Execution					4.8		50	ZeroCERT

48865	2024-10-16 11:05	smiplethingstobegreatthingsfor... 6535be26b54348be4df6f17aa902dc90 MS_RTF_Obfuscation_Objects RTF File doc Vulnerability VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1	4		4.6	M	35	ZeroCERT

48866	2024-10-16 11:06	nicepciturefornicepersonwhogoo... cfe1e071f17323cecb8f5970cda07036 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1	1		4.4	M	29	ZeroCERT

48867	2024-10-16 11:08	bringconcentrate.exe 61728bbdda288ef4ad058010348340b0 Hide_EXE Malicious Library .NET framework(MSIL) Anti_VM PE File .NET EXE PE32 Check memory Checks debugger unpack itself ComputerName					1.0	M		ZeroCERT

48868	2024-10-16 11:10	PHOENIX_NATION_BUILD_YOUR_FOUN... 721714d3e36114e3311e587e5dc2ab8b PDF ZIP Format Windows utilities Windows	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip				1.4	M		ZeroCERT

48869	2024-10-16 11:11	%E6%8A%96%E9%9F%B3%E5%BC%B9%E5... 467692ca4ffc05c33fa1381e92f1baf9 Generic Malware Malicious Library ASPack UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.8	M	44	ZeroCERT

48870	2024-10-16 11:12	speechcarrierpro.exe c022c9594435faedd2d06aa40d19c360 Emotet Gen1 Malicious Library UPX .NET framework(MSIL) AntiDebug AntiVM PE File PE64 CAB .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows Remote Code Execution DNS Cryptographic key crashed	1 Keyword trend analysis	2			16.2		49	ZeroCERT