Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6766	2024-08-13 17:09	sahost.exe 29e3de6b17d0fdfb360834f038b59a39 NSIS Suspicious_Script_Bin Malicious Library UPX Anti_VM PE File PE32 DLL VirusTotal Malware AppData folder					1.4	M	24	ZeroCERT

6767	2024-08-13 16:00	NursultanClient.exe b3d8b18d332153db164df8b55c3272a4 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory crashed					1.2		14	ZeroCERT

6768	2024-08-13 11:29	T9.exe 762e2c938ec4a35e6b67fafb977fd05c RedLine stealer Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	1 Keyword trend analysis	2	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	11.4	M	30	r0d

6769	2024-08-13 11:22	T9.exe 762e2c938ec4a35e6b67fafb977fd05c Generic Malware AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Cryptographic key	1 Keyword trend analysis	2	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	11.4	M	30	r0d

6770	2024-08-13 11:06	arch1208_0924.7z f6b650c35ed4de1040e590b400db1ef3 Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself					1.6	M		ZeroCERT

6771	2024-08-13 10:44	arch1208_0924.7z f6b650c35ed4de1040e590b400db1ef3 Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger unpack itself					1.6			ZeroCERT

6772	2024-08-13 10:27	240903-회국회(정) 제1차 전체회의 의사일정안(결... f5f5a585a12df9cb406dde6b3e6da23d AntiDebug AntiVM CHM Format VirusTotal Malware Code Injection Check memory crashed					2.4		30	ZeroCERT

6773	2024-08-13 10:23	240903-회국회(정) 제1차 전체회의 의사일정안(결... f5f5a585a12df9cb406dde6b3e6da23d AntiDebug AntiVM CHM Format VirusTotal Malware Code Injection Check memory unpack itself					2.6		30	ZeroCERT

6774	2024-08-13 09:45	Helpstore.exe fc2aa8460ff7dd8a4f121d75116161cf Generic Malware Malicious Library Antivirus UPX PE File CAB PE32 OS Processor Check DLL VirusTotal Malware Creates executable files ComputerName RCE		2			4.4		35	ZeroCERT

6775	2024-08-13 09:45	240903-회국회(정) 제1차 전체회의 의사일정안(결... f5f5a585a12df9cb406dde6b3e6da23d AntiDebug AntiVM CHM Format VirusTotal Malware Code Injection Check memory unpack itself crashed					2.8		30	ZeroCERT

6776	2024-08-13 09:37	Visual.ps1 0ceeb6420f475c07ac5f4b4783855400 Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Windows Executable WriteProcessMemory	1	5.4	M		ZeroCERT

6777	2024-08-13 09:36	IEnetcats.hta 1f18e6c2757cc8ed24b3a244dc8202d5 Generic Malware Antivirus AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	3		11.4	M	17	ZeroCERT

6778	2024-08-13 09:36	TST.ps1 34261ad4c802d025f6ead9dd56634860 Generic Malware Antivirus Malware powershell Malicious Traffic Check memory buffers extracted unpack itself Check virtual network interfaces WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Suspicious Windows Executable WriteProcessMemory		5.4	M		ZeroCERT

6779	2024-08-13 09:36	stub.ps1 b4ce78d3ce06757ceac96f41e3d063b6 Generic Malware Antivirus VirusTotal Malware powershell Check memory unpack itself Check virtual network interfaces WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key		2	4		3.4		1	ZeroCERT

6780	2024-08-13 09:31	IMG001.scr fbbcf1e9501234d6661a0c9ae6dc01c9 NSIS Malicious Library UPX VMProtect PE File PE32 PE64 ftp DLL Lnk Format GIF Format VirusTotal Malware AutoRuns Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities suspicious process AppData folder suspicious TLD WriteConsoleW Windows ComputerName	3 Keyword trend analysis	2	1		7.4	M	68	ZeroCERT