Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
7576	2024-07-29 13:51	svhostc.exe ae3dd2f4488753b690ca17d555147aba Malicious Library UPX Http API HTTP Internet API AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Telegram AutoRuns Code Injection Checks debugger buffers extracted unpack itself Tofsee Windows ComputerName DNS		2	4	8.2	M	56	ZeroCERT

7577	2024-07-29 13:51	Ref_BA0929399122_pdf.js 117bc3a7fa3309e3f443ea02c267f1d4 VirusTotal Malware VBScript AutoRuns suspicious privilege buffers extracted wscript.exe payload download Creates shortcut Creates executable files unpack itself Windows utilities sandbox evasion installed browsers check Tofsee Windows Browser ComputerName Dropper	2 Keyword trend analysis	2	1	10.0	M	21	ZeroCERT

7578	2024-07-29 13:49	ngrok.exe f02b8dabd9612d56140b7b435f70424b Malicious Library Malicious Packer UPX PE File ftp PE64 wget OS Processor Check VirusTotal Malware wscript.exe payload download unpack itself Check virtual network interfaces crashed	1 Keyword trend analysis	2		3.6		28	ZeroCERT

7579	2024-07-29 13:47	test1.exe 97de4bc04461280f11316077a41083e0 Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	60	ZeroCERT

7580	2024-07-29 13:46	CBS_applcation_details_0726020... 117bc3a7fa3309e3f443ea02c267f1d4 VirusTotal Malware VBScript AutoRuns suspicious privilege buffers extracted wscript.exe payload download Creates shortcut Creates executable files unpack itself Windows utilities sandbox evasion installed browsers check Tofsee Windows Browser ComputerName Dropper	2 Keyword trend analysis	2	1	10.0	M	21	ZeroCERT

7581	2024-07-29 13:45	main.exe e3e1f7fa42dd68f410bb885f0aefe5e3 Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself				2.0	M	64	ZeroCERT

7582	2024-07-29 13:42	clip64.dll 7d257e3bb8441810561e09092162df73 Amadey Generic Malware Malicious Library UPX PE File DLL PE32 OS Processor Check VirusTotal Malware Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	1	1	3.6	M	57	ZeroCERT

7583	2024-07-29 13:42	random.exe a45cd34dab56ce2f61232c79a750374d RedLine stealer Generic Malware EnigmaProtector UPX Malicious Library Code injection Anti_VM AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Checks Bios Detects VMWare AppData folder malicious URLs VMware anti-virtualization human activity check installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	3 Keyword trend analysis	4	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Packed Executable Download SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	18.6	M	40	ZeroCERT

7584	2024-07-29 13:39	wd.exe d65f5982c1f1f2967fdd91b7f21a5696 Generic Malware Malicious Library Malicious Packer ASPack UPX DllRegisterServer dll PE File PE32 MZP Format OS Processor Check DLL JPEG Format VirusTotal Malware AutoRuns suspicious privilege Creates executable files unpack itself AppData folder sandbox evasion Tofsee Windows Advertising Google ComputerName DNS DDNS crashed keylogger	3 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download	9	2	8.2	M	70	ZeroCERT

7585	2024-07-29 13:38	sa.exe b78d38577f3a1ba9178e7fab5e5bddf6 Antivirus UPX PE File .NET EXE PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware AutoRuns suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Windows ComputerName DNS keylogger		2		6.8	M	59	ZeroCERT

7586	2024-07-29 13:38	3-1.exe 3482f7d0b7c1a3eeca3874bc9a1397ce Generic Malware Malicious Library ASPack UPX Malicious Packer Socket ScreenShot Escalate priviledges PWS SMTP SSL DNS Dynamic Dns Internet API persistence KeyLogger AntiDebug AntiVM DllRegisterServer dll PE File PE32 MZP Format OS Processor Check JPEG For VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities AppData folder malicious URLs sandbox evasion Tofsee Windows Browser Advertising Google ComputerName DNS DDNS crashed keylogger	3 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download	13 Info www.dropbox.com(162.125.80.18) - mailcious drive.usercontent.google.com(142.250.206.193) - mailcious freedns.afraid.org(69.42.215.252) docs.google.com(172.217.25.174) - mailcious xred.mooo.com() - mailcious smtp.163.com(103.129.252.45) 103.129.252.45 162.125.80.18 - mailcious 142.250.71.129 142.250.196.238 38.147.172.248 - mailcious 45.33.6.223 69.42.215.252	3	16.6	M	69	ZeroCERT

7587	2024-07-29 13:36	beyondtransfer.exe 99f875d6395b7697228e9cbc8533fdc7 .NET framework(MSIL) PE File .NET EXE PE32 Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS	1 Keyword trend analysis	1	4	5.6	M	58	ZeroCERT

7588	2024-07-29 13:34	win10.exe 7fa42ffc17069589fd85c3ea2b46a57c Generic Malware Malicious Library Malicious Packer UPX DllRegisterServer dll PE File PE32 MZP Format OS Processor Check DLL JPEG Format VirusTotal Malware AutoRuns Check memory Creates executable files unpack itself AppData folder Tofsee Windows Advertising Google ComputerName DNS DDNS crashed keylogger	3 Keyword trend analysis Info http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download	10 Info drive.usercontent.google.com(142.250.206.193) - mailcious docs.google.com(142.250.76.142) - mailcious www.dropbox.com(162.125.80.18) - mailcious freedns.afraid.org(69.42.215.252) xred.mooo.com() - mailcious 162.125.80.18 - mailcious 38.147.172.248 - mailcious 69.42.215.252 172.217.31.14 142.251.222.193	2	9.2	M	68	ZeroCERT

7589	2024-07-29 13:32	cred.dll d696e4ee5dac5d3e4b5073359224fcdc Generic Malware Malicious Library UPX Antivirus PE File DLL PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency powershell suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process sandbox evasion installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	3	1	10.0	M	54	ZeroCERT

7590	2024-07-29 13:29	ef.exe 94b423329b05b002507c36396870bb25 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware DNS		2		2.2	M	64	ZeroCERT