Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6661	2023-12-12 07:58	wlanext.exe a759e8c16420ac111730b3d85455c256 Generic Malware .NET framework(MSIL) Antivirus PE32 PE File .NET EXE powershell PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		2			7.8	M		ZeroCERT

6662	2023-12-12 07:57	wlanext.exe 4f3e829290915b518cdb7493604c0426 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Generic Malware Google Chrome User Data Downloader .NET framework(MSIL) Antivirus ScreenShot Create Service Socket Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebu Browser Info Stealer Remcos Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key	1 Keyword trend analysis	4	1		14.2	M		ZeroCERT

6663	2023-12-12 07:55	tuc2.exe 5e4649e7981b23161038a1b93c755420 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL DllRegisterServer dll OS Processor Check PE64 wget ZIP Format Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS crashed		1			4.6	M		ZeroCERT

6664	2023-12-12 07:54	olehps.exe 91d23595c11c7ee4424b6267aabf3600 RedLine stealer .NET framework(MSIL) UPX Confuser .NET PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)		5.0	M		ZeroCERT

6665	2023-12-12 07:53	ama.exe 294593fcb93a6d6694c9670e86e649bf Amadey UPX Malicious Library .NET framework(MSIL) PWS AntiDebug AntiVM PE32 PE File JPEG Format DLL PE64 OS Processor Check .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed Downloader	4 Keyword trend analysis	5	9 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request ET MALWARE Amadey Bot Activity (POST) M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	1	18.6	M		ZeroCERT

6666	2023-12-12 07:52	cp.exe 7603117e8e1611e887b8c6fccbdb9d4e Downloader Malicious Library VMProtect UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE32 PE File AutoRuns Code Injection Check memory Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS		2			6.2	M		ZeroCERT

6667	2023-12-12 07:49	newtot.exe a5ceb6c604029a5ade96a97169f1ec1d Malicious Library PE32 PE File PDB unpack itself Remote Code Execution					1.2	M		ZeroCERT

6668	2023-12-12 07:47	Client.exe 74bae7aac1e952c4aacda6e5861bdea5 Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Check memory Checks debugger unpack itself					0.8			ZeroCERT

6669	2023-12-12 07:47	ucdutchzx.exe 723bccfa9d5be24b8a064f547cf1c039 AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Browser Email ComputerName Software crashed		2	2		10.8			ZeroCERT

6670	2023-12-12 07:45	traffico.exe d46d968df6c8596c4a2dd2e19bd3dadb Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		5.0	M		ZeroCERT

6671	2023-12-11 20:03	microsoftunderstandhowimportan... c4cde68e89e1c045c73591c40eeb439f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	5	2		4.6		31	guest

6672	2023-12-11 20:01	tuc3.exe dbd9b2c45d72217c313af17fa3f86680 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check DllRegisterServer dll PE64 wget ZIP Format Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					4.6	M		ZeroCERT

6673	2023-12-11 20:00	setup294.exe f6817fb73608c56fbae10d7189621efd Malicious Library AntiDebug AntiVM PE32 PE File DLL VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder					5.0	M	46	ZeroCERT

6674	2023-12-11 19:57	redbull.bat 584774c57fe962e5fb91969c76dbb8e6 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.2	M	4	ZeroCERT

6675	2023-12-11 19:55	DDPbinzx.exe 5ce14bfd38a170d9347b7a83bd3f2538 PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	53	ZeroCERT