Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
6961	2024-08-11 14:28	66b38609432fa_sosusion.exe 0031946b83cbec1b920f827478e68c17 Generic Malware Malicious Library VMProtect UPX AntiDebug AntiVM PE File PE64 OS Processor Check .NET EXE PE32 VirusTotal Malware Code Injection buffers extracted DNS		1			7.2	M	43	ZeroCERT

6962	2024-08-11 14:27	GGWSUpdate.exe 2b1a769d68dd3486b48e3e5bd2296397 Malicious Library PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2	M	46	ZeroCERT

6963	2024-08-11 14:25	controlrireeeMPDW-constraints.... dcf0d8a05c45980bd5bfc7184ea4c7e4 Generic Malware Antivirus Hide_URL PowerShell powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	1 Keyword trend analysis	2	1		7.2	M		ZeroCERT

6964	2024-08-11 14:25	freedom.exe db5717fd494495eea3c8f7d4ab29d6b0 Malicious Library Antivirus UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key					4.0	M	58	ZeroCERT

6965	2024-08-11 14:23	66ab1b27ae40b_BotClient.exe d9a30725d248756dd74badb45d1b3171 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check Lnk Format GIF Format Malware download VirusTotal Malware AutoRuns Check memory buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows RisePro ComputerName DNS		1	3		8.6	M	59	ZeroCERT

6966	2024-08-11 14:23	66ae1dd27873e_file.exe 2967b157eb79a40d8ba4216c3294be82 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself crashed					2.6		58	ZeroCERT

6967	2024-08-11 14:21	66b31f0061c9a_doz.exe 3b0041dfa75c093509fd3e2e1a144532 Stealc Client SW User Data Stealer LokiBot RedLine stealer ftp Client info stealer Malicious Library Antivirus .NET framework(MSIL) ASPack UPX Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	17.2	M	53	ZeroCERT

6968	2024-08-11 14:21	66b286b03f960_hp-scanner.exe 5fb3019941edcfa601638879bb313395 RedLine stealer Malicious Library .NET framework(MSIL) UPX ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		11.8		49	ZeroCERT

6969	2024-08-11 13:35	5feeee23ecd310ed552b56c1992d5e... 12b3e621c89b84ef5b584c72c13c8b5e Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware crashed					1.4		48	guest

6970	2024-08-10 18:26	49fd9bf8a9029185e03f469c388fbe... 49fd9bf8a9029185e03f469c388fbe3c Generic Malware AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware Code Injection Malicious Traffic Check memory Creates shortcut RWX flags setting unpack itself suspicious process Interception DNS	2 Keyword trend analysis	1	1	1	5.6		28	ZeroCERT

6971	2024-08-10 18:22	latest.jar 3ea0ddc6ba7691f2a3ac498158ed8a94 Generic Malware ZIP Format OS Processor Check VirusTotal Malware AutoRuns Check memory Checks debugger WMI RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows Java ComputerName DNS crashed		1			7.8		1	ZeroCERT

6972	2024-08-10 17:52	setup.exe c2a206966403fd63bf68aad8e9f8b840 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					11.0	M		ZeroCERT

6973	2024-08-10 17:49	authenticator.exe 1560d6506f8e57432427df2bc4263f12 Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check PNG Format Browser Info Stealer Malware download FTP Client Info Stealer NetWireRC Malware suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check SectopRAT Windows Browser Backdoor ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis	1	3	1	8.0			ZeroCERT

6974	2024-08-10 17:47	setup.exe 05ed8d4bc0c2d438ff0c376e508b84ef Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File PE32 PowerShell powershell suspicious privilege Code Injection Check memory Checks debugger WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Checks Bios powershell.exe wrote suspicious process WriteConsoleW anti-virtualization Windows ComputerName Cryptographic key					11.0	M		ZeroCERT

6975	2024-08-10 17:46	WE.exe c3810dc34fb0dd806c01d2a15617e343 Generic Malware Malicious Library PWS KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 PNG Format Browser Info Stealer Malware download FTP Client Info Stealer NetWireRC Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check SectopRAT Windows Browser Backdoor ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis	2	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)		15.0			ZeroCERT