Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7006	2024-08-10 12:55	66b5ace3a06b0_dozkey.exe 1971d66193a4acc5be2af2c1d34c2d4d Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Generic Malware Malicious Library .NET framework(MSIL) UPX ASPack Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	2 Keyword trend analysis	5	3	1	15.6	M	23	ZeroCERT

7007	2024-08-10 12:54	reverse_shell.exe b880278dc937d923300f7223aeb1a5b8 Malicious Packer UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			4.0	M	67	ZeroCERT

7008	2024-08-10 12:53	VLC3.exe a7f1b43bb75327181bf5535f6eab329d Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces malicious URLs Tofsee Windows DNS Cryptographic key	2 Keyword trend analysis	4	2	2	14.4	M	32	ZeroCERT

7009	2024-08-10 12:52	Alg.exe 12418163d74668e2670547aa5e56e2eb Generic Malware Malicious Library ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS Downloader	1 Keyword trend analysis	1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		11.0	M	20	ZeroCERT

7010	2024-08-10 12:50	file.exe e530d19a769bcd90ec3e92ebf08d68e9 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					6.0	M	44	ZeroCERT

7011	2024-08-10 12:50	sahost.exe 9cef532829a4ca2cf13279ac134873d8 NSIS Generic Malware Malicious Library UPX Antivirus PE File PE32 DLL PE64 PNG Format VirusTotal Malware powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.4	M	20	ZeroCERT

7012	2024-08-10 12:48	L.exe 4ff433f0799c034ab1a01866254ce759 UPX PE File PE32 VirusTotal Malware					1.2	M	53	ZeroCERT

7013	2024-08-10 12:48	66b5ac957cc65_crypta.exe 6faf304cc49ec71e06409e5965296025 Generic Malware Malicious Library .NET framework(MSIL) UPX ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					7.4	M	18	ZeroCERT

7014	2024-08-10 12:46	66b6233d1594d_output_32.exe 9da747c6ceb04d35517c628b52078780 Generic Malware Malicious Library .NET framework(MSIL) Antivirus Socket Escalate priviledges DNS Internet API AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key					9.6	M	18	ZeroCERT

7015	2024-08-10 12:45	sahost.exe 5eb52fbf91e71fa3bf26da56915db7d9 NSIS Generic Malware Malicious Library UPX Antivirus PE File PE32 DLL PE64 PNG Format VirusTotal Malware powershell suspicious privilege Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.2	M	13	ZeroCERT

7016	2024-08-10 12:44	Installer.exe 772fe24df16e39503662dae6a21f3ddb Generic Malware Antivirus PE File .NET EXE PE32 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key		1			6.0	M	38	ZeroCERT

7017	2024-08-10 12:43	WC.exe 5d02e21a087c56c1678ebc116ddaeec0 Generic Malware Malicious Library Antivirus AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		13.0	M	36	ZeroCERT

7018	2024-08-10 12:42	runtime.exe 7adfc6a2e7a5daa59d291b6e434a59f3 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName					5.2	M		ZeroCERT

7019	2024-08-10 12:41	crt.exe 407a2a4a7a9136842729bfa95ac73238 Emotet Gen1 Malicious Library UPX PE File PE32 MZP Format PE64 DLL DllRegisterServer dll OS Processor Check VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder					2.2	M	8	ZeroCERT

7020	2024-08-10 12:39	TY.exe 647e8e43c97dc66c0049f96a0b7d7e21 Generic Malware Malicious Library ScreenShot AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows DNS	1 Keyword trend analysis	1	5 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		11.4	M	47	ZeroCERT