Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
5791	2024-09-11 10:12	rkcms.exe 06077fd4b5e75f2d730ca61e2bf0f4e7 UPX PE File PE64 VirusTotal Malware					0.4		7	ZeroCERT

5792	2024-09-11 10:12	scan_documet_027839.vbs a5a98320f9ac5232423dbde020b8af40 VirusTotal Malware ComputerName					1.0		28	ZeroCERT

5793	2024-09-11 10:11	2b4pI1hCJx7p.exe 2d7e2eb114ceca66531637b4988a586c Emotet Gen1 Generic Malware Malicious Library Malicious Packer ASPack UPX PE File DllRegisterServer dll PE32 OS Processor Check DLL VirusTotal Malware Check memory unpack itself AppData folder RCE					3.0		49	ZeroCERT

5794	2024-09-11 10:11	32.exe.txt 33c05328038a99ed239df21e508182e6 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			2.6		68	ZeroCERT

5795	2024-09-11 10:01	off.exe 8584c1ffa2cdeed2d4f4c3ae4d3661ca Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 MZP Format DLL OS Processor Check PE64 VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder ComputerName crashed					3.4		34	ZeroCERT

5796	2024-09-11 09:58	66e095f996804_111.exe 84696a854747864cc51653cb5d843a2a RedLine Infostealer Generic Malware UltraVNC Suspicious_Script_Bin Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API per Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Stealer Windows Browser ComputerName RCE DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		13.0		35	ZeroCERT

5797	2024-09-11 09:58	svchost.exe f8f78f7b3bd5595e858889fa483ae272 PE File PE64 Malware Malicious Traffic unpack itself DNS crashed	1 Keyword trend analysis	1			2.0			ZeroCERT

5798	2024-09-11 09:56	66e06cea88f93_BlueSapphire.exe... 0feebe85e6413561e738588cad1076a3 Malicious Library .NET framework(MSIL) UPX ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					8.2	M	32	ZeroCERT

5799	2024-09-11 09:55	66df1689df956_l.exe e318c6ab13d30b93d2d43bf5d2c31fe5 Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					7.4		42	ZeroCERT

5800	2024-09-10 10:34	AvosLocker.exe 8da384b2427b8397a5934182c159c257 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check PowerShell VirusTotal Malware suspicious privilege Creates executable files Windows utilities suspicious process sandbox evasion WriteConsoleW Ransom Message Turn off Windows Error Recovery notification window Windows					7.2	M	64	ZeroCERT

5801	2024-09-10 10:33	l.exe 1c67f687230addd2815b74bc892a047f Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					8.2	M	39	ZeroCERT

5802	2024-09-10 10:32	s.exe 45fb3cd11b294fe8a05691cdab474786 Client SW User Data Stealer ftp Client info stealer Antivirus Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName					7.6		40	ZeroCERT

5803	2024-09-10 10:31	66dd9bfe41964_w9.exe#kis9 64034db3a0ce29dcb4cfb658ab805226 RedLine stealer Malicious Library .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself					1.8	M	30	ZeroCERT

5804	2024-09-10 10:30	v.exe 65208d6a2c36c758bab95b17fb22e19e Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	15.4	M	43	ZeroCERT

5805	2024-09-10 10:29	66ddde9c4d56a_crypted.exe#1 5ac3358abe03a6faa36599fe785b85b2 RedLine stealer Suspicious_Script_Bin Antivirus Malicious Library .NET framework(MSIL) ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Telegram Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	9	9 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	1	20.6	M	41	ZeroCERT