Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6031	2024-09-05 11:04	castoridaezv.ps1 10b8b561e8cbd458966af621f7f8df7c Generic Malware Antivirus Check memory Checks debugger unpack itself WriteConsoleW Windows ComputerName Cryptographic key crashed				2.2	M		ZeroCERT

6032	2024-09-05 11:01	ywp.exe 6a9213568bc6a19895240ff14fd57329 UPX PE File PE32 VirusTotal Malware				1.2	M	57	ZeroCERT

6033	2024-09-05 10:59	gutweedtE.exe c194c15101c7b0b66550938d65b403db Generic Malware Malicious Library ASPack UPX PE File PE32 OS Processor Check VirusTotal Malware Cryptocurrency wallets Cryptocurrency Check memory unpack itself ComputerName				3.2	M	59	ZeroCERT

6034	2024-09-05 10:57	66d60cd3ce002_SeparatelyDied.e... 1959ce1e98b798963f8b7d04bfb71e69 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName				6.6	M	31	ZeroCERT

6035	2024-09-05 10:57	66d59ef9d4404_premium.exe#upus 68ebcc4ad727c077aeb5cc60b868e304 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName RCE				3.2	M	46	ZeroCERT

6036	2024-09-05 08:51	66d8985a256af_installer.exe 4b0348bf0a8544b5c6b90c79bbeca054 Malicious Library UPX PE File PE64 Checks debugger Creates executable files unpack itself crashed				1.2			ZeroCERT

6037	2024-09-05 08:51	66d89809e92e0_favorite.exe#rea... cba5724bc1281aa004c0d66fd8045d7b Malicious Library UPX PE File .NET EXE PE32 OS Processor Check PDB Check memory Checks debugger unpack itself ComputerName				1.8	M		ZeroCERT

6038	2024-09-05 08:49	66d897dfa580a_crypted.exe#1 49fbbdd3bd005ded23aeadf895b316ed RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	12.0	M		ZeroCERT

6039	2024-09-05 08:49	66d897ad1752a_File.exe#xin f10161c3acde4b7dadcd1eeddcf937f1 RedLine stealer Antivirus PWS AntiDebug AntiVM PE File .NET EXE PE32 PDB Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1		7.8	M		ZeroCERT

6040	2024-09-05 08:33	IAEA.doc.lnk 1d2b9a986461e97edfff9b91e64e1e5b Generic Malware AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware Code Injection Check memory Creates shortcut unpack itself suspicious process Interception	1 Keyword trend analysis	2		4.6		18	ZeroCERT

6041	2024-09-04 18:03	강연의뢰서.docx 108180eaed0fe88ebb3cbc783fce110a Word 2007 file format(docx) ZIP Format unpack itself				1.2			ZeroCERT

6042	2024-09-04 17:48	shell.bat 978e36e12abdfb849745a694eca47fc6 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		1		7.2		28	ZeroCERT

6043	2024-09-04 17:48	pc.ps1 8a319fa42e7c7432318f28a990f15696 Generic Malware Antivirus VirusTotal Malware unpack itself				1.6		41	ZeroCERT

6044	2024-09-04 11:16	huna.exe 8424ecf2f95410ceed693e7d1011d26f Themida PE File PE32 VirusTotal Malware				1.4	M	24	r0d

6045	2024-09-04 11:02	66d7077a2064d_l.exe 5cdada1cda3c68a8ca61405458e1e587 Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself				7.4	M	40	ZeroCERT