Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6241	2024-01-18 18:52	cred64.dll 9e18426a541bc9f54ef80cba50ac6090 Generic Malware Malicious Library UPX Antivirus PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1		9.6	M	34	ZeroCERT

6242	2024-01-18 10:32	BL_ScannedDoc#0923887FedExAWB.... 286d534eb759c671fa9e79cfafd3bc85 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			6.0		14	ZeroCERT

6243	2024-01-18 09:43	inte.exe d41d8cd98f00b204e9800998ecf8427e							ZeroCERT

6244	2024-01-18 08:05	tuc4.exe 515c1e68ab13e0f7621f3d39b6313479 Emotet Gen1 Malicious Library UPX Malicious Packer PE32 PE File MZP Format DLL OS Processor Check URL Format PE64 DllRegisterServer dll .NET DLL .NET EXE VirusTotal Malware Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed				5.0	M	9	ZeroCERT

6245	2024-01-18 08:00	syncUpd.exe 35d678a1d18323f6b3cee0e0f00e2880 Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution				2.0	M	29	ZeroCERT

6246	2024-01-18 08:00	inte.exe 14f0c544a41aab73fcce2c78b3cda700 Malicious Library PE32 PE File PDB unpack itself Remote Code Execution				1.2	M		ZeroCERT

6247	2024-01-18 07:57	conhost.exe 7547a8f171604d74d6436f7983c7a91d AgentTesla PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger		2	4	12.0		31	ZeroCERT

6248	2024-01-18 07:57	cryppp.exe a95b7d1ef3c4f8932fa97c287dd54c70 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware crashed				1.2		31	ZeroCERT

6249	2024-01-18 07:55	client.exe a042db8045036de713193f079fe61d6f Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0		47	ZeroCERT

6250	2024-01-18 07:55	Nttazxfmp.exe a5e8111701769f6ee892b47ddb9b4790 Hide_EXE UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.4		34	ZeroCERT

6251	2024-01-18 07:16	4501185419.xls 6ab14c920d762241b62aaa41f0982987 VBA_macro Generic Malware MSOffice File VirusTotal Malware exploit crash unpack itself Exploit DNS crashed		1		3.6		35	guest

6252	2024-01-17 15:19	go.exe 5d01c27e7807d0c5d9d0076d6a803b55 RedLine stealer Generic Malware Malicious Library UPX Code injection Anti_VM AntiDebug AntiVM PE32 PE File OS Processor Check PNG Format MSOffice File Browser Info Stealer Malware MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	17 Keyword trend analysis Info https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/7_6o7HJ05F8.css?_nc_x=Ij3Wp8lg5Kz https://crash-reports.mozilla.com/submit?id={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&version=105.0.1&buildid=20220922151854 https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/om552iOCRxJ.css?_nc_x=Ij3Wp8lg5Kz https://www.facebook.com/favicon.ico https://connect.facebook.net/security/hsts-pixel.gif https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/wMc7fNlPdnA.css?_nc_x=Ij3Wp8lg5Kz https://facebook.com/security/hsts-pixel.gif?c=3.2.5 https://fbcdn.net/security/hsts-pixel.gif?c=2.5 https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/xGzxHIbkRpC.js?_nc_x=Ij3Wp8lg5Kz https://fbsbx.com/security/hsts-pixel.gif?c=5 https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/Lzd-U--zeLf.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/S-jgxi6wsFP.js?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0,cross/QoWVNltU_ZO.css?_nc_x=Ij3Wp8lg5Kz https://static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/EQ0cyse2DGv.css?_nc_x=Ij3Wp8lg5Kz	10	1	12.2			ZeroCERT

6253	2024-01-17 15:16	amer.exe b724b7b724854f8bcc44505303036f41 EnigmaProtector UPX PE32 PE File VirusTotal Malware Check memory unpack itself crashed				2.4		38	ZeroCERT

6254	2024-01-17 15:12	uwp4228677.png.exe 10f5e5c82ef49f4881d9f9bd83f07443 Generic Malware Antivirus UPX PE32 PE File DLL OS Processor Check .NET DLL VirusTotal Malware Remote Code Execution				0.6		3	ZeroCERT

6255	2024-01-17 14:25	beautifulhjcreversehissettings... c0b8ac37280a20cd4a86808102cc3eb2 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	9 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	5.0	M	35	ZeroCERT