Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	Player
7126	2023-11-14 08:08	taskeng.exe 8cd79908aa72e2f763392a9fe45b46db Malicious Library UPX PE32 PE File OS Processor Check WMI ComputerName					1.0	M	ZeroCERT

7127	2023-11-14 08:06	WinSCP-6.1.2-Setup.exe 17c8b1be1c8c7812785bbb6defd10b87 Malicious Library UPX PE32 PE File OS Processor Check unpack itself Windows DNS crashed		1			2.2	M	ZeroCERT

7128	2023-11-14 08:05	ummanew.exe 57e0cde42e1f91a39c73cdb17f48f03e Generic Malware NSIS Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File .NET EXE PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Wor Malware Check memory Checks debugger Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware Windows DNS crashed		1			7.2	M	ZeroCERT

7129	2023-11-14 08:04	TrueCrypt_tvCfZF.exe 95357230a99689a58f8d89c1acdc6bf2 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 crashed					0.6	M	ZeroCERT

7130	2023-11-14 08:04	traffico.exe f1510fe47cc99552fcf94ddf5dc7a615 Malicious Library Malicious Packer PE32 PE File Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	4		5.0	M	ZeroCERT

7131	2023-11-14 08:02	newmar.exe 0099a99f5ffb3c3ae78af0084136fab3 Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Malware AutoRuns Malicious Traffic Check memory Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1			4.8	M	ZeroCERT

7132	2023-11-14 08:01	Rjiyeslhtb.exe 41c3a1be867a689a3c4c2e95e2c40023 UPX PE File PE64 Check memory Checks debugger unpack itself					1.2	M	ZeroCERT

7133	2023-11-14 07:58	wininit.exe e746086f470668fe6cfc3da407fdd032 Formbook Generic Malware .NET framework(MSIL) Antivirus PWS DNS AntiDebug AntiVM PE32 PE File .NET EXE FormBook Malware download Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	6 Keyword trend analysis Info http://www.chonggonzalez.com/bp31/ http://www.zloomux.com/bp31/ http://www.chonggonzalez.com/bp31/?4hIPNx=i8xMAsplts1fVWIwWOiZyKMG3HcPF0/pv9lT+CaFwPb7cSw7ejwLK6p2kEZsPcoFVhe8fhoh&nfut_l=xPJx_6jp&sql=1 http://www.zloomux.com/bp31/?4hIPNx=vvPW/2Pd5QHeIEBGm8G0+Ony9yXqUyBfOyFfBG0rKYjwD4sgiUzqNaP2HxjG8nxDdvZI64Qs&nfut_l=xPJx_6jp&sql=1 http://www.smartagriafrica.info/bp31/?4hIPNx=OJ1wdLQJPVHT7VM7DL9mTUJRAG8pTY12NlK6t8ps5ocpXXUVXYvRwMmTQlbyJ47ya7gchoZP&nfut_l=xPJx_6jp&sql=1 http://www.smartagriafrica.info/bp31/	7	1		11.0	M	ZeroCERT

7134	2023-11-14 07:58	unsecapp.exe 754ce856887cc1da00e95d45c5163075 AgentTesla Confuser .NET PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Browser Email ComputerName Software crashed keylogger	1 Keyword trend analysis	3	2		11.2	M	ZeroCERT

7135	2023-11-14 06:13	unk.exe ca42b110a0926f8aa00abd2500d520cb Malicious Library UPX PE File PE64 OS Processor Check PDB Remote Code Execution					1.0		guest

7136	2023-11-13 10:59	InstallSetup9.exe 072d5b65a446875e47dd36a8773b9971 NSIS Generic Malware Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Word 2007 fi Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware					5.0	M	ZeroCERT

7137	2023-11-13 10:59	HTMLBrowserIEhistorycleaner.vb... e5a6ec94e45fa3bb3f6076256ccf05a2 Generic Malware Antivirus PowerShell powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	4 Keyword trend analysis	5	2	1	8.6		ZeroCERT

7138	2023-11-13 10:58	build.exe 90dd1720cb5f0a539358d8895d3fd27a Vidar Gen1 Generic Malware Malicious Library UPX Malicious Packer AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware Telegram MachineGuid Code Injection Malicious Traffic Check memory WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Stealer Windows Browser Email ComputerName DNS Software	9 Keyword trend analysis Info http://5.75.246.163/softokn3.dll http://5.75.246.163/vcruntime140.dll http://5.75.246.163/msvcp140.dll http://5.75.246.163/freebl3.dll http://5.75.246.163/mozglue.dll http://5.75.246.163/sqlite3.dll http://5.75.246.163/ http://5.75.246.163/nss3.dll https://steamcommunity.com/profiles/76561199568528949 - rule_id: 38188	5	11 Info ET INFO TLS Handshake Failure ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	1	11.8	M	ZeroCERT

7139	2023-11-13 10:56	InstallSetup1.exe 92907b257d087fa3e9fa0a72dc15772e Gen1 NSIS Generic Malware Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File DLL PNG Format OS Processor Check ZIP Format JPEG Format PE64 BMP Format DllRegisterServer dll CHM Format icon CAB MZP Format Browser Info Stealer Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Ransomware Browser					5.4	M	ZeroCERT

7140	2023-11-13 10:53	download cf4151b638a71c1cd8b36edf4476579e Generic Malware PE32 PE File .NET EXE PDB Check memory Checks debugger unpack itself ComputerName					1.6	M	ZeroCERT