Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
646	2024-08-26 09:23	66cba4c565f5f_vief.exe#space 75d0097acc881bb6bc4332bda07f16f1 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	15.8	M	26	ZeroCERT

647	2024-08-26 09:23	도양기업 20240610 송장 갑지.bmp.lnk... 09b1213c8a336541a4849d65b937293f Antivirus AntiDebug AntiVM Lnk Format GIF Format wget VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis				6.8		28	ZeroCERT

648	2024-08-26 09:22	66cb3e08e7e87_install.exe#upus 7586d565812943ae038f1a3957e14a65 Generic Malware Malicious Library Malicious Packer UPX PE File .NET EXE PE32 DLL OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder crashed					3.0	M	21	ZeroCERT

649	2024-08-26 09:20	66cb89fccdd00_crypted.exe#1 92605ba136b126db1d3734ffab2f1700 RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		12.8		26	ZeroCERT

650	2024-08-26 09:20	WWW.exe c6eb9a4057ddf5e758ce3c4a1bdb9637 UPX PE File PE32 VirusTotal Malware					1.2	M	54	ZeroCERT

651	2024-08-26 09:18	900.exe afa78c01048274af803a0115dcc26757 Generic Malware ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		9.8	M	37	ZeroCERT

652	2024-08-26 09:18	66cb2ed66675d_cryppted.exe 7541f9ac48cc092641060d1924ab30fc Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName					2.6	M	20	ZeroCERT

653	2024-08-26 09:16	66cb3326d0f78_crypted.exe#1 0f9a7390c4a71cae8b2e709695fdd05b RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		12.8		21	ZeroCERT

654	2024-08-26 09:16	66cb2df8bd684_lawrng.exe e868144771e7cb04f68c6fe63a46d8c8 Antivirus ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself					6.8		17	ZeroCERT

655	2024-08-26 01:16	https://download.apkcombo.com/... 8c58c680c95bc15657f9af69acb1ebf9 Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM ZIP Format ftp MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis Info https://cdn.apkflash.net/com.shenyaocn.android.usbcamera/USB%20Camera_10.9.3_apkcombo.com.apk?ecp=Y29tLnNoZW55YW9jbi5hbmRyb2lkLnVzYmNhbWVyYS8xMC45LjMvNDg0LjljOWI3MTM4ZGNhOWU2Y2RhMmRkMDkyZmU3ZmE4M2RjM2FlNDRhOWMuYXBr&iat=1724602206&sig=9d074fe1f3b43296c3a72a7fd68eb56e&size=39226835&from=cf&version=old&lang=fr&fp=ff14b33da8308127abe0b024a20143c5&ip=197.15.6.209 https://download.apkcombo.com/com.shenyaocn.android.usbcamera/USB%20Camera_10.9.3_apkcombo.com.apk?ecp=Y29tLnNoZW55YW9jbi5hbmRyb2lkLnVzYmNhbWVyYS8xMC45LjMvNDg0LjljOWI3MTM4ZGNhOWU2Y2RhMmRkMDkyZmU3ZmE4M2RjM2FlNDRhOWMuYXBr&iat=1724602206&sig=aa93a3b41264866b7124111c04f825ff&size=39226835&from=cf&version=old&lang=fr&fp=ff14b33da8308127abe0b024a20143c5&ip=197.15.6.209	4	2		4.2			guest

656	2024-08-25 19:47	66c9d2d689463_Chrome.exe#d2 a9fe6ad4be60831ae6d7bcf8fbab71cd Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Check memory IP Check Tofsee Ransomware Browser Email ComputerName DNS		3	5		7.0	M	34	ZeroCERT

657	2024-08-25 19:13	66c9d3bd31e56_otraba.exe#kisot... 89f3026dea32a83cc17b59f7590d9467 Stealc Client SW User Data Stealer North Korea ftp Client info stealer Generic Malware Malicious Library .NET framework(MSIL) UPX Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Malware download VirusTotal Malware c&c PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Stealc ComputerName DNS	2 Keyword trend analysis	1	1	2	11.0	M	41	ZeroCERT

658	2024-08-25 19:10	66c9ca1a3ee7f_d2d2.exe 8d562b82bdf622983ca9b689e9455a62 Generic Malware Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1		3.0	M	28	ZeroCERT

659	2024-08-25 19:08	e.hta a7ad83b26f4ec2b3f42dd4db7d979a87 Generic Malware Antivirus PowerShell Malware download Cobalt Strike Cobalt VirusTotal Malware c&c powershell suspicious privilege Check memory Checks debugger Creates shortcut RWX flags setting unpack itself suspicious process Tofsee Blister Windows ComputerName Cryptographic key	2 Keyword trend analysis Info http://ntkdnj.oy4wvawf.pro/functionalStatus/SpSsrJtSGP21e9h7YTLyk9p87TIXIrl61FmTJ5a?_=djogfhnifolakdhbjgbhhheoclgdmoephnjglhaldeneabbijkmhkfenfplmppfpnjpennondkodkdnnoabplpgcipeodddkoobnfbjogchbjjghoddipfkpblhhhfedcgblickapnmjocdpmgnhgninheklamgjghmbpeajdhbomgbcpgdflfenfppgfnfacelengmmibiblohpjffoppcpbngmajllfladhackegiobkbcodcajkbghibmpidd https://woybuk.oy4wvawf.pro/Meeting/CtDyrHCBqrnO7O/	4	2		6.4	M	36	ZeroCERT

660	2024-08-25 19:08	66ca5602e5106_vqow.exe#space 13facf5abdf5f741c24b640b0e60347a Antivirus PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName					2.6	M	27	ZeroCERT