Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
48931	2024-10-17 10:54	cred64.dll 304e7afdf32dbcbdce75b6366103abcb Generic Malware Malicious Library UPX Antivirus PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency powershell PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process sandbox evasion installed browsers check Windows Browser ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1			9.8	M	53	ZeroCERT

48932	2024-10-17 10:54	cred.dll b3d199fd9fa4a18f08d4aa9e17181869 Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1			10.0	M	55	ZeroCERT

48933	2024-10-17 10:54	clean.exe acafa6fa58da4d3ec756a5cdac02e996 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Malware suspicious privilege Checks debugger WMI Windows utilities WriteConsoleW Ransomware Windows Browser ComputerName					3.4	M	11	ZeroCERT

48934	2024-10-17 10:55	mso-install.exe d16b9f62e697777a3b63f53c95a8c65c Gen1 Generic Malware UPX Malicious Library Malicious Packer Antivirus PE File PE32 OS Processor Check PE64 CAB DLL Malware download VirusTotal Malware powershell suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check human activity check installed browsers check Tofsee Interception Windows Browser ComputerName DNS Cryptographic key	12 Keyword trend analysis Info http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20791.cab http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl http://185.25.60.13:8080/distr/components/deploy-mso.dst http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64.cab http://cacerts.digicert.com/DigiCertGlobalRootG2.crt http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl http://195.130.214.155:8080/logUserActivity.php?u=3FE1525F8E2065C102140EB6C463BC5D&t=1729181842&m=common&a=run_Component:%20deploy-mso%20(pid%20=%201603) http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v64_16.0.14332.20303.cab http://185.25.60.13:8080/distr/components/deploy-mso.ver	14 Info officecdn.microsoft.com(38.96.206.65) nexusrules.officeapps.live.com(52.111.243.30) ecs.office.com(52.113.194.132) mrodevicemgr.officeapps.live.com(52.109.124.190) cacerts.digicert.com(152.195.38.76) www.microsoft.com(104.94.217.134) 195.130.214.155 23.40.45.184 - mailcious 52.109.124.190 152.195.38.76 52.111.227.14 52.113.194.132 185.25.60.13 - malware 173.222.248.74	5 Info ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Possible Windows executable sent when remote host claims to send a Text File ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		12.6		18	ZeroCERT

48935	2024-10-17 10:56	cred.dll 7c5bea5cda7a89450f82fa18497a0191 Amadey Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName Cryptographic key Software	1 Keyword trend analysis	2		1	9.4	M	57	ZeroCERT

48936	2024-10-17 10:57	clip.dll bd38b3834594180499a656b6cf3dfab0 Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself Remote Code Execution	2 Keyword trend analysis	4	2		3.0	M	54	ZeroCERT

48937	2024-10-17 10:58	login.exe 0538d8a54c0f7b2af395ff7322714d0b Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection BitCoin I Browser Info Stealer VirusTotal Malware Code Injection Checks debugger exploit crash unpack itself malicious URLs sandbox evasion installed browsers check Exploit Browser crashed					6.0		19	ZeroCERT

48938	2024-10-17 10:59	AA_v3.exe ee50ecb3152bdebe5fff2cc3cfb4d451 Ammy Admin Process Kill Generic Malware Malicious Library FindFirstVolume CryptGenKey UPX PE File Device_File_Check PE32 VirusTotal Malware AutoRuns Malicious Traffic Check memory anti-virtualization Windows Remote Code Execution DNS	2 Keyword trend analysis	7	1		5.2	M	50	ZeroCERT

48939	2024-10-17 10:59	2927.exe f734d3c885625d361b085cfc8af1fc25 Generic Malware Malicious Library UPX Antivirus PE File PE32 MZP Format OS Processor Check DLL PE64 VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		6.4	M	18	ZeroCERT

48940	2024-10-17 11:01	clip.dll 143a210c0ca4bd09985f12b588663ab4 Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself	1 Keyword trend analysis	2			3.0	M	54	ZeroCERT

48941	2024-10-17 11:04	AA_v3.exe 4d4c220362f24e0ba72797572e447795 Ammy Admin Generic Malware Malicious Library UPX PE File PE32 VirusTotal Malware AutoRuns Malicious Traffic Windows Remote Code Execution DNS	2 Keyword trend analysis	7	1		4.4	M	55	ZeroCERT

48942	2024-10-17 11:06	cred64.dll d936bcd060924a3ea77c08a9fe550990 Generic Malware Malicious Library UPX Antivirus PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software	2 Keyword trend analysis	6	2		9.8	M	52	ZeroCERT

48943	2024-10-17 11:10	clip.dll 9730e0bcf27e4265d1be56b8a7767759 Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	2			3.6	M	57	ZeroCERT

48944	2024-10-17 11:11	ax.exe 431c75b491aa7535b92c5d9c00e23675 Generic Malware Malicious Library Malicious Packer ASPack Antivirus UPX Anti_VM PE File DllRegisterServer dll PE32 OS Processor Check PE64 Malware download NetWireRC VirusTotal Malware GhostRAT AutoRuns Check memory Creates executable files RWX flags setting unpack itself suspicious process AppData folder AntiVM_Disk sandbox evasion anti-virtualization VM Disk Size Check Windows Browser Remote Code Execution DNS crashed		3	1		11.0	M	65	ZeroCERT

48945	2024-10-17 13:38	bthsefyjsec.exe a4ba0c64ad8df1955b7661eb2a519b08 Generic Malware Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 Malware download NetWireRC VirusTotal Malware WriteConsoleW IP Check RAT ComputerName DNS	1 Keyword trend analysis	3	3		3.0		57	ZeroCERT