Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6691	2023-12-11 19:39	fred.exe 8b81d38713e8269f1fd5aff7be5a5788 Emotet Malicious Library UPX PE32 PE File OS Processor Check DLL VirusTotal Malware Check memory Creates executable files RWX flags setting AppData folder DNS		2			2.8	M	28	ZeroCERT

6692	2023-12-11 19:39	scan-docs.exe 03727c8d3165d315b14dc409305c2693 Malicious Library Admin Tool (Sysinternals etc ...) UPX PE32 PE File MZP Format OS Processor Check VirusTotal Email Client Info Stealer Malware Code Injection buffers extracted unpack itself sandbox evasion Browser Email					7.0	M	43	ZeroCERT

6693	2023-12-11 19:38	Winlock.exe 18563c62462e92e3c81dfe737e3a8997 Emotet Malicious Library UPX PE32 PE File OS Processor Check DLL VirusTotal Malware AutoRuns Check memory Creates executable files RWX flags setting Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Tofsee Windows Browser Advertising Google ComputerName	2 Keyword trend analysis Info https://drive.google.com/uc?export=download&confirm=no_antivirus&id=1BnLwNXIOB1ed0vfig76FOiB5_vSYfxO8 https://doc-0c-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gsj07kmmd732u9jfj0sd2ubl6lqnbh2o/1702290825000/03617822427045637603/*/1BnLwNXIOB1ed0vfig76FOiB5_vSYfxO8?e=download&uuid=cd74acaf-b34e-46e0-a195-a721074feb84	4	1		8.6	M	51	ZeroCERT

6694	2023-12-11 19:36	q.exe e606a8d90dc0458e72508b428e950038 Malicious Library .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0	M	62	ZeroCERT

6695	2023-12-11 19:34	hv.exe 8deb02b15e78ebf05834e4c32771c665 Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Malicious Library PWS AntiDebug AntiVM PE32 PE File .NET EXE DLL OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder installed browsers check SectopRAT Windows Browser Backdoor ComputerName DNS Cryptographic key Software crashed		1	1		16.2	M	43	ZeroCERT

6696	2023-12-11 19:34	wlanext.exe b488be4699206f2c9c43c007f190816f AgentTesla .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName crashed					9.2	M	50	ZeroCERT

6697	2023-12-11 19:32	SynapseExploit.exe 2cd9b5d48c0904c90537d3eb0f1becad RedLine stealer XMRig Miner Emotet Suspicious_Script_Bin Generic Malware task schedule Downloader Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) Obsidium protector Create Service Socket DGA Http API ScreenShot Escalate priviledges Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Kelihos Tofsee Stealer Windows Browser ComputerName Trojan DNS Cryptographic key Software crashed	3 Keyword trend analysis	6	11 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Possible Kelihos.F EXE Download Common Structure ET HUNTING Suspicious svchost.exe in URI - Possible Process Dump/Trojan Download	1	22.8	M	55	ZeroCERT

6698	2023-12-11 19:31	1701788303-crptmnr.exe 2360d77f2544609bde963256309a4437 Hide_EXE UPX PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					5.4	M	51	ZeroCERT

6699	2023-12-11 19:31	sleeps.exe 716c27c08649ad5319ef1c41950c1c82 Malicious Packer PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.4	M	54	ZeroCERT

6700	2023-12-11 19:29	injector%20resou%E2%80%AEnls..... 51584394f75ed4494c7bfabe52820d42 Generic Malware Antivirus PE32 PE File .NET EXE VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.0	M	35	ZeroCERT

6701	2023-12-11 19:27	soft.exe 1836716b2f372522b52f865d74f59dc7 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB Code Injection					4.0	M	48	ZeroCERT

6702	2023-12-11 19:27	InstallSetup9.exe 9277e82030f3f80d2acb91ca8a2e21bb NSIS Generic Malware Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Word 2007 fi VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk IP Check VM Disk Size Check Tofsee Ransomware Windows DNS	4 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup (ipify .org)		9.0	M	44	ZeroCERT

6703	2023-12-11 19:27	storeunderstanding.exe 93ee667d08153cc820c6f46b6f2dc4cf UPX PE File PE64 OS Processor Check VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces DNS		1			4.2	M	43	ZeroCERT

6704	2023-12-11 19:25	setup.exe 37f331d70abb19b2512a24e943680f69 Malicious Library PE32 PE File VirusTotal Malware WMI Creates executable files RWX flags setting Checks Bios anti-virtualization ComputerName					4.2	M	49	ZeroCERT

6705	2023-12-11 19:23	tbbhts.exe e1095986637973f78a0a8f38f18b4190 UPX PE32 PE File VirusTotal Malware unpack itself crashed					3.0	M	53	ZeroCERT