Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5191	2024-09-20 10:36	ponos.exe aee44a0b550b02be63266fc037ca5181 Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	57	ZeroCERT

5192	2024-09-20 10:33	Document.exe 98f9ac86f222802896a6bd592357ba72 Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Telegram suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	8	9 Info ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET HUNTING Telegram API Domain in DNS Lookup ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check		16.4		39	ZeroCERT

5193	2024-09-20 10:32	payload.ps1 da15e8aa592ad3fd7a43bba187a4a706 Generic Malware Antivirus VirusTotal Malware unpack itself					1.4	M	38	ZeroCERT

5194	2024-09-20 10:32	Documents..pdf................... 82fe8be3478037bffb501a766890f8e3 RedLine stealer Generic Malware Malicious Library Antivirus ScreenShot PWS SMTP AntiDebug AntiVM PE File ftp .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1			11.2		53	ZeroCERT

5195	2024-09-20 10:30	payload.txt.ps1 888731192f8910e3bfbd4cffaade7d28 Generic Malware Antivirus VirusTotal Malware unpack itself					1.4		37	ZeroCERT

5196	2024-09-20 10:30	detalis.aspx db1110b5dc56b35228bc36c54e933c01 Suspicious_Script_Bin AntiDebug AntiVM Email Client Info Stealer suspicious privilege Check memory Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.0			ZeroCERT

5197	2024-09-20 10:29	jrj6.exe 1b24fed84d73ccf3575d306b504ebda7 UPX PE File PE32 VirusTotal Malware					1.2	M	57	ZeroCERT

5198	2024-09-20 10:28	1.exe dc3057afa994be72fc9b1dba3c74feb8 PE File PE64 VirusTotal Malware unpack itself ComputerName DNS	2 Keyword trend analysis	1	1		2.4	M	47	ZeroCERT

5199	2024-09-20 10:26	vdfsh12.exe 849e7d206dc382c53e6b1947f55e7ada Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	15.4	M	46	ZeroCERT

5200	2024-09-20 10:26	vsg15.exe b751220c1be48fcb6788c699b96256f9 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	16.6	M	46	ZeroCERT

5201	2024-09-19 14:21	66ea645129e6a_jacobs.exe d60d266e8fbdbd7794653ecf2aba26ed CoinMiner Generic Malware PE File PE64 VirusTotal Malware					1.6	M	33	r0d

5202	2024-09-19 11:21	clip64.dll d9dd7aedaae6adb2c1156aacacf87147 Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	1		1	3.6	M	41	ZeroCERT

5203	2024-09-19 11:19	cred64.dll 5477191916e3747ea607a9d806b65c7d Amadey Generic Malware Malicious Library UPX Antivirus PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	2 Keyword trend analysis	1		1	9.8		53	ZeroCERT

5204	2024-09-19 10:40	vsfdajg16.exe d0263e1e29b4f202bffd383f136395c4 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	17.6	M	46	ZeroCERT

5205	2024-09-19 10:38	QuickBooks_Setup.msi b3d559382c44cc0ea1abbc09d55c59cd Generic Malware Malicious Library .NET framework(MSIL) Malicious Packer UPX MSOffice File CAB OS Processor Check PE File DLL PE32 Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee ComputerName		2	1		3.8	M		ZeroCERT