Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
526	2024-08-29 09:15	66cf81753addd_vsldqfs15.exe#d1... 8ae4605ae214af3ba375ad58263ca707 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	17.0	M	32	ZeroCERT

527	2024-08-29 09:15	66cf769b69d70_crypted.exe#1 6d90f5899ff47cd3519ee0f53b8900f6 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		12.8	M	23	ZeroCERT

528	2024-08-29 09:13	66cf75d3791d7_vrewqgq.exe#spac... 1ef9bbed957bcd2df5a639e04a67f8bb Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	15.8	M	22	ZeroCERT

529	2024-08-29 09:12	113133.exe 7fdc6d283bcbd3b6957117bcf029121b RedLine stealer Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 Malware download VirusTotal Malware Stealer DNS		1	1		2.2		53	ZeroCERT

530	2024-08-28 12:43	wecreatednewthingstogetmebackt... c5b33393804cbc8be7ea90ddd2a9f024 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	4	1		4.6	M	34	ZeroCERT

531	2024-08-28 12:41	PENDXGKW.exe 61d31fb13c1dd46fcb03caf7f648508c Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer PE File PE32 DLL MZP Format DllRegisterServer dll OS Processor Check VirusTotal Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Tofsee DNS	1 Keyword trend analysis	3	1		4.4	M	8	ZeroCERT

532	2024-08-28 12:39	honey.exe b824978c8183a65d081012677a1d46d1 Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	62	ZeroCERT

533	2024-08-28 12:37	niceshirtwhichwearedbymesherea... 97184c45a919e70afa3378753cae6e2f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.6	M	33	ZeroCERT

534	2024-08-28 12:36	66cca0b083a5e_Yietgld.exe#upus 2268fa0c1b8ab3e3a8306b7f7949ccff njRAT backdoor Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself ComputerName DNS		1			2.6		19	ZeroCERT

535	2024-08-28 12:35	66cdff2bded74_Update.exe#updat... 9157a0df4966b25e45271e8010de96f7 Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware					1.2		11	ZeroCERT

536	2024-08-28 12:34	66cdfdb23b62d_File.exe#xin df168ea774b699222234ac533adce5b9 Emotet Malicious Library UPX PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName Remote Code Execution DNS		1			3.8		27	ZeroCERT

537	2024-08-28 12:33	thrylPXnvfySmGN.exe 04d4d4d83e1601d220f83f09ae16cd79 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library Antivirus ScreenShot Create Service Socket Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebug A Browser Info Stealer Remcos VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check Windows Browser Email ComputerName DNS Cryptographic key DDNS keylogger	1 Keyword trend analysis	4	2		15.4	M	34	ZeroCERT

538	2024-08-28 12:32	230.exe 49ef310675c37495a3fb6d406b3ed3cf Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					7.2	M	34	ZeroCERT

539	2024-08-28 12:30	SPOOOFER.exe a07e70b0b57df15c5a04d93da1de3f2b Generic Malware Admin Tool (Sysinternals etc ...) .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	3	3		6.0		55	ZeroCERT

540	2024-08-28 12:30	thrylPXnvfySmGN.doc c0d48716ea8eef0d46d77cc231fa5371 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.6	M	32	ZeroCERT