Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
6331	2024-01-13 19:11	perlo.exe 529534459e46a1deb637dae10c151bda EnigmaProtector Malicious Packer UPX PE32 PE File unpack itself crashed				1.2	M		ZeroCERT

6332	2024-01-13 19:09	mimi.exe ef6177c0e5d8029c6de12f79aa21f7bc Generic Malware UPX Antivirus PE32 PE File OS Processor Check PowerShell VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed				5.2	M	7	ZeroCERT

6333	2024-01-13 19:07	conhost.exe 57ec8609c4c4bdc9c6249a30ba59b489 .NET framework(MSIL) PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself DNS		1		3.2	M	44	ZeroCERT

6334	2024-01-13 19:05	rty31.exe 797344a5766214c49734b8f63f78e797 Malicious Packer UPX PE File PE64 VirusTotal Malware PDB MachineGuid unpack itself Check virtual network interfaces Tofsee Remote Code Execution	2 Keyword trend analysis	3	1	3.6		27	ZeroCERT

6335	2024-01-13 19:03	abc.exe 7a83a738db05418c0ae6795b317a45f9 Malicious Library PE32 PE File VirusTotal Malware unpack itself				2.2	M	55	ZeroCERT

6336	2024-01-13 19:03	miner.exe cafeab1513ff424cc79caeca170678d1 Generic Malware Antivirus PE32 PE File .NET EXE VirusTotal Malware PDB suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Disables Windows Security suspicious process WriteConsoleW Windows ComputerName Cryptographic key				6.4	M	51	ZeroCERT

6337	2024-01-13 19:01	leru.exe 1abfdde35393e3bed6dc4c88ddaec0c6 Generic Malware Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check ZIP Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Windows utilities Disables Windows Security suspicious process AntiVM_Disk WriteConsoleW anti-virtualization IP Check VM Disk Size Check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software crashed	1 Keyword trend analysis	5	6 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration) ET MALWARE [ANY.RUN] RisePro TCP (Activity) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	11.6	M	48	ZeroCERT

6338	2024-01-13 19:00	entiersystemneedsuchagoodupdat... 5dde4a3d8d6670a47acda3673aaa625d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed				2.8	M	30	ZeroCERT

6339	2024-01-13 18:58	skinswapper.exe b025fb2414e1ab51da37d339f6fe97ea Malicious Packer UPX .NET framework(MSIL) AntiDebug AntiVM PE32 PE File .NET EXE PE64 OS Processor Check VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName				12.0		33	ZeroCERT

6340	2024-01-13 18:58	BrowserUpdate.vbs 55bb883a7a332f86d1ca49379d1ca95d Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	4	2	9.0		3	ZeroCERT

6341	2024-01-13 18:55	browserupdationrecentlydonebym... 510fbf28e3dd6ebb0fe934dad853d70b MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	7	3	6.0		30	ZeroCERT

6342	2024-01-13 18:55	browserUpdate.vbs 2cf4670bd083efe16afb9041a0116341 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	4	2	9.6		3	ZeroCERT

6343	2024-01-13 18:54	rty45.exe ef895c5307108231ad39d601a38a098f Malicious Packer UPX PE File PE64 VirusTotal Malware PDB MachineGuid unpack itself Check virtual network interfaces Tofsee Remote Code Execution	2 Keyword trend analysis	3	1	3.0	M	25	ZeroCERT

6344	2024-01-13 18:54	venom.exe 38312527c8f936445c85e7ddde36f420 Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	49	ZeroCERT

6345	2024-01-13 18:51	autorun.exe 43dbb23cc102ad60226a40a2e1ab5f13 RedLine stealer ScreenShot PWS AntiDebug AntiVM PE32 PE File .NET EXE RedLine Malware download VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Stealer Windows ComputerName DNS Cryptographic key crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)	9.0	M	29	ZeroCERT