Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6631	2023-12-14 10:15	POA35BT56TT.bat 5409f23480db5358d2cc2417f2c41494 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM PowerShell ZIP Format VirusTotal Malware powershell AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key crashed	2 Keyword trend analysis	5			12.4	M	2	ZeroCERT

6632	2023-12-14 10:15	Payment_Slip.jar 39396afaa066833586662903487761f2 Antivirus MSOffice File VirusTotal Malware Check memory heapspray unpack itself Java					2.4	M	20	ZeroCERT

6633	2023-12-14 08:08	021983908713.exe 5553b09479b6bb61784ac90f9089d889 PE File PE64 VirusTotal Malware DNS		1			3.0	M	61	ZeroCERT

6634	2023-12-14 08:07	file.exe db9836afc44b9a8fd086abd3e882524e Amadey Downloader Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX MPRESS Malicious Library Http API ScreenShot Create Service Socket DGA Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API pe Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare suspicious process AppData folder suspicious TLD sandbox evasion WriteConsoleW VMware anti-virtualization installed browsers check Ransomware Lumma Stealer Windows Browser Email ComputerName Firmware DNS Cryptographic key Software crashed Downloader	4 Keyword trend analysis	4	12 Info ET DNS Query to a .pw domain - Likely Hostile ET INFO HTTP Request to a .pw domain ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Amadey Bot Activity (POST) M1	2	25.6	M	47	ZeroCERT

6635	2023-12-14 08:06	artifact.exe a9cd040f3de100f802ccbce93bebd7a3 Malicious Library PE32 PE File Malware download Cobalt Strike Cobalt VirusTotal Malware Malicious Traffic RWX flags setting unpack itself ComputerName DNS	2 Keyword trend analysis	1	1		4.6	M	61	ZeroCERT

6636	2023-12-14 08:04	PC_Cleaner.exe 84326112ddead59fca719ef1d7d87685 Emotet Sality Generic Malware Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File ftp MZP Format OS Processor Check Lnk Format GIF Format DllRegisterServer dll URL Format DLL PE64 BMP Format Browser Info Stealer VirusTotal Malware Check memory Checks debugger Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder AntiVM_Disk anti-virtualization VM Disk Size Check installed browsers check Tofsee Browser ComputerName DNS crashed	1 Keyword trend analysis	9	2		8.4	M	11	ZeroCERT

6637	2023-12-14 08:03	pdf.exe 5fd002676f224c376302680812079254 UPX AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		9.8	M		ZeroCERT

6638	2023-12-14 08:01	int.exe 9af7c42f197794370d28ec2454ff4b6e Malicious Packer Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Malicious Library Http API ScreenShot AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder suspicious TLD sandbox evasion installed browsers check Ransomware Lumma Stealer Windows Browser ComputerName Firmware DNS Cryptographic key crashed	3 Keyword trend analysis	8	9 Info ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tirechinecarpett .pw) ET DNS Query to a .pw domain - Likely Hostile ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (musclefarelongea .pw) ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET INFO HTTP Request to a .pw domain ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fanlumpactiras .pw) ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (freckletropsao .pw) ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ownerbuffersuperw .pw)		15.4	M	50	ZeroCERT

6639	2023-12-14 08:00	abux.exe 34793ade11411172d60e1eacf6c92bfd AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs suspicious TLD Tofsee Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	3	3		13.4	M	45	ZeroCERT

6640	2023-12-14 07:58	NTPDRAPE.exe 6ae58a1b3f242ea4259e97c6539a618a Emotet Malicious Library UPX PE32 PE File DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.6	M	2	ZeroCERT

6641	2023-12-14 07:58	BEST-13-12-2023v1.exe 4bc1bd277770c8da36c5d31968a0e977 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware crashed					0.8	M	16	ZeroCERT

6642	2023-12-13 20:13	paste.ps1 baeee25ebf0efeec414dce64b9e7aca7 XMRig Miner Generic Malware Antivirus Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Cryptocurrency Miner Malware Cryptocurrency powershell Buffer PE suspicious privilege Check memory buffers extracted WMI Creates executable files unpack itself Windows utilities Auto service powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Firmware DNS Cryptographic key	2 Keyword trend analysis	3	5		11.8	M	19	ZeroCERT

6643	2023-12-13 18:31	wlanext.exe 342e0ad16ed51c7f353ecc0378ea02d3 Generic Malware Malicious Library UPX Antivirus PE32 PE File Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed					7.6	M	23	ZeroCERT

6644	2023-12-13 18:26	microsoftdecidedtoupdateentire... 911181c9ce56b902706424dfcc600236 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.2	M	34	ZeroCERT

6645	2023-12-13 17:22	microsoftcachedelete.vbs a69d043d32d4ac372b3901a54dc231d9 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		8.4		5	ZeroCERT