Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
5986	2024-02-01 07:59	Apple.exe 6467c1d4c14b19a50b3e154be9454e5f Downloader UPX PE File PE64 OS Processor Check PDB MachineGuid Creates executable files Check virtual network interfaces Tofsee	1 Keyword trend analysis	3	1	2.0	M		ZeroCERT

5987	2024-02-01 07:57	goldklassd.exe a647afc0219638fb62a777cd2f32a4bd PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself				1.4	M		ZeroCERT

5988	2024-02-01 07:55	alomazx.exe 3a03f2b8543956361e40d28834cf8e8d AgentTesla UPX PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Discord Browser Email ComputerName DNS Software crashed keylogger	1 Keyword trend analysis	4	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	12.8	M		ZeroCERT

5989	2024-02-01 07:54	crypted.exe 75875ec9ca2b60b8c46b50634b9a3971 PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself				1.4	M		ZeroCERT

5990	2024-02-01 07:52	keysb.exe 4b784904d1b0442fe4825e46fa1b1bea PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself				1.4			ZeroCERT

5991	2024-01-31 16:07	12.exe ac481092ba6b334ba64482381726c022 Generic Malware Admin Tool (Sysinternals etc ...) UPX PE32 PE File VirusTotal Malware				1.6	M	51	ZeroCERT

5992	2024-01-31 16:07	tuc2.exe 9eac713654465ca3d8589ec7d5a0c8f7 Emotet Gen1 Malicious Library UPX Anti_VM PE32 PE File MZP Format DllRegisterServer dll OS Processor Check PE64 DLL ftp VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed				4.0	M	23	ZeroCERT

5993	2024-01-31 16:03	AzertY%40.exe 01a908923cbc76874658c47d432424a0 .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself ComputerName DNS		1		2.8	M	52	ZeroCERT

5994	2024-01-31 16:02	bossa.exe 31118351b8b0db68e9c1bc3ad1da8e7c WebCam .NET framework(MSIL) PWS DNS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key				9.0	M	50	ZeroCERT

5995	2024-01-31 16:02	conhost.exe d1ebfffb918cb931ae8e6ef5546b9efa Gen1 email stealer Downloader .NET framework(MSIL) UPX Malicious Packer Malicious Library Escalate priviledges PWS DNS Code injection persistence KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL Browser Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key crashed		2		14.6	M	45	ZeroCERT

5996	2024-01-31 16:02	tuc4.exe 650bc579bc2a815cb05da7dcc43e88e4 Emotet Gen1 Malicious Library UPX Anti_VM PE32 PE File MZP Format DllRegisterServer dll OS Processor Check PE64 DLL ftp VirusTotal Malware Checks debugger Creates executable files unpack itself AppData folder Windows ComputerName crashed				4.2	M	11	ZeroCERT

5997	2024-01-31 15:59	Binded.exe 8f505e8ec6a2129264b6609d96e68962 Suspicious_Script_Bin UPX Malicious Packer .NET framework(MSIL) PE32 PE File .NET EXE OS Processor Check ZIP Format Browser Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed	1 Keyword trend analysis	4	5	7.0	M	53	ZeroCERT

5998	2024-01-31 15:58	%40dramo%40.exe ac15ae1e49f4272e8d38b5fd5573ce35 .NET framework(MSIL) PE32 PE File .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself ComputerName DNS		1		2.8	M	44	ZeroCERT

5999	2024-01-31 15:56	config.exe f92cabc07a676ab522160b08b604683a PhysicalDrive Malicious Library UPX Anti_VM PE File PE64 ftp OS Processor Check VirusTotal Malware PDB Check memory anti-virtualization				2.4	M	45	ZeroCERT

6000	2024-01-31 15:55	Azerty.exe bc6d085a203913266fde3530393ebba7 .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.2	M	49	ZeroCERT