Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6376	2024-01-10 08:08	Gang.exe d4aa07253504503adbe12331ee6149b6 Generic Malware Antivirus PE32 PE File .NET EXE powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Disables Windows Security powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.8	M		ZeroCERT

6377	2024-01-10 08:07	288c47bbc187122b439df19ff4df68... d872ad98ce3e3db8497ccd15e0baad33 NPKI HermeticWiper Generic Malware Suspicious_Script NSIS Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM Javascript_Blob PE32 PE File .NET EXE PNG Format JPEG Format OS Processor Check MZP Format ZIP Format ico VirusTotal Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk IP Check VM Disk Size Check Tofsee Ransomware Windows DNS	3 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup (ipify .org)	1	10.2	M	51	ZeroCERT

6378	2024-01-10 08:05	456.exe f181b08d7d06f955a53a2593b3596991 Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check Check memory crashed					1.0	M		ZeroCERT

6379	2024-01-10 08:01	srr.exe 33bede7ea0b8b8c42e877d069a40c357 Malicious Library UPX AntiDebug AntiVM PE32 PE File VirusTotal Malware AutoRuns Code Injection Check memory unpack itself Windows utilities suspicious process AppData folder Windows DNS		3			6.6		59	ZeroCERT

6380	2024-01-10 07:59	nbhvygiuhjbkhvyiuhjbhgyi.exe 15f1d514f044c09b23254d2c6a7afc30 Malicious Library UPX PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.2	M	36	ZeroCERT

6381	2024-01-10 07:59	1.exe 0f58955700a934efece7eacadcefc950 PE32 PE File VirusTotal Malware					1.2	M	41	ZeroCERT

6382	2024-01-09 15:46	DisplayDriverExt.dll 1d509cbad17fe9bc39563956aadf5d3f Generic Malware Malicious Library UPX PE32 PE File DLL DllRegisterServer dll OS Processor Check PDB Check memory unpack itself Remote Code Execution					1.0			ZeroCERT

6383	2024-01-09 14:50	DECEMBER_2023_COMMISSION_PAYME... eba5412c896ac51f09604239e059e1e7 MS_RTF_Obfuscation_Objects Process Kill Suspicious_Script_Bin WebCam Malicious Library FindFirstVolume CryptGenKey UPX ScreenShot PWS DNS KeyLogger Anti_VM AntiDebug AntiVM RTF File doc PE32 PE File Device_File_Check OS Processor Check ZIP Format Word 200 VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Checks debugger buffers extracted WMI Creates executable files exploit crash unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW human activity check Windows Exploit ComputerName DNS Cryptographic key DDNS crashed DoTNet keylogger	2 Keyword trend analysis	4	2		17.2	M	37	ZeroCERT

6384	2024-01-09 10:03	file.exe 510b0f5662e6a9153ffe3fa6f1cc7b5c UPX PWS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		12.8	M	52	ZeroCERT

6385	2024-01-09 08:11	cryptedgolden123.exe c4c53c2ab7df21cbe96c00e9fc0831bb RedlineStealer RedLine stealer UPX AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder					8.2	M		ZeroCERT

6386	2024-01-09 08:09	Runtime.exe 603c16ec67037039ed079f0d266c6f79 AntiDebug AntiVM PE File PE64 suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key					7.4	M		ZeroCERT

6387	2024-01-09 08:08	ninet.exe 32e79981baf2a0a95dbcdb973c6eb4f7 Emotet Generic Malware Malicious Library UPX PE32 PE File PNG Format BMP Format Lnk Format GIF Format DLL OS Processor Check Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself AppData folder ComputerName Firmware					3.4	M		ZeroCERT

6388	2024-01-09 08:08	twtyoe.exe 76f62b8e582b16c9a0e944e6e0ec4416 Emotet Generic Malware Malicious Library UPX PE32 PE File PNG Format BMP Format DLL OS Processor Check Lnk Format GIF Format Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself AppData folder ComputerName Firmware					3.4			ZeroCERT

6389	2024-01-09 08:05	crypted1234.exe 91181ab80e0f828910908cb623f59430 RedlineStealer RedLine stealer .NET framework(MSIL) UPX AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)		13.8		50	ZeroCERT

6390	2024-01-09 08:04	hvthvjgfr6tyghgdtrtyigkhvjggft... c566575477a2c9f70f2ad5481bc81fe1 Malicious Library UPX PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself crashed					1.8		15	ZeroCERT