Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7606	2024-07-27 15:02	iamtotalnewpersontogetmebackwi... 25a6c39dbc117a7596c857dbec4e5d93 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1			4.8	M	40	ZeroCERT

7607	2024-07-27 15:02	funtogetbacktomeforgetbacktoge... f179217f7e89dea23f1a01c29fc61659 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed	1 Keyword trend analysis	1			4.6	M	38	ZeroCERT

7608	2024-07-27 14:59	createdgoodthingstogetmebackth... 9f63ee5ef179cfcf56619e1c9d44447a MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic exploit crash unpack itself Exploit DNS crashed	1 Keyword trend analysis	1			4.6	M	38	ZeroCERT

7609	2024-07-27 14:59	creamthingstohappenedgetmeback... e03f3290788de4d7a103f16b780b3cce MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit DNS crashed		1			5.2	M	37	ZeroCERT

7610	2024-07-27 14:57	pi.exe 1e8a2ed2e3f35620fb6b8c2a782a57f3 Generic Malware Downloader Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer UPX PE File PE32 Malware download VirusTotal Malware AutoRuns Malicious Traffic Checks debugger ICMP traffic Disables Windows Security Windows DNS	5 Keyword trend analysis	23 Info www.update.microsoft.com(20.72.235.82) 109.74.69.43 146.70.157.241 189.189.144.10 139.228.82.249 185.215.113.66 - malware 189.155.227.203 188.253.78.49 94.26.222.31 37.255.117.80 46.161.246.13 91.218.161.58 85.174.56.227 178.155.39.80 188.211.107.239 82.194.10.4 151.233.235.104 178.88.82.240 146.70.80.37 178.89.227.41 20.109.209.108 95.181.135.151 46.100.58.92	2	5	9.2	M	65	ZeroCERT

7611	2024-07-27 14:52	❉?????????????????????????????... 30d99024fb26c365e71bcdd860205eb4 AntiDebug AntiVM MSOffice File VirusTotal Malware MachineGuid Code Injection wscript.exe payload download Creates executable files exploit crash unpack itself Windows utilities suspicious process suspicious TLD Tofsee Windows Exploit DNS crashed		2	5		8.2		7	ZeroCERT

7612	2024-07-27 12:44	buildred.exe 4e0235942a9cde99ee2ee0ee1a736e4f RedLine stealer RedlineStealer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		7.6	M	54	ZeroCERT

7613	2024-07-27 12:43	ldx111.exe 01519db4280c18b8ccd58235bf5a4048 .NET framework(MSIL) PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted RWX flags setting unpack itself suspicious process WriteConsoleW Windows Cryptographic key					11.2	M	33	ZeroCERT

7614	2024-07-27 12:42	InfluencedNervous.exe 1b0fe9739ef19752cb12647b6a4ba97b Generic Malware Suspicious_Script_Bin Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					6.2		33	ZeroCERT

7615	2024-07-27 12:41	PharmaciesDetection.exe 569720e2c07b1d34bac1366bf2b1c97a Generic Malware Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 OS Proces VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder sandbox evasion WriteConsoleW Windows ComputerName					6.6		12	ZeroCERT

7616	2024-07-27 12:39	build2.exe 410e91a252ffe557a41e66a174cd6dcb Generic Malware Malicious Library PE File PE64 VirusTotal Malware Check memory unpack itself					1.8		22	ZeroCERT

7617	2024-07-27 12:39	22per2.php.vbs ed24c6df34810458f7e9967058404512 Generic Malware Antivirus OS Processor Check Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.0			ZeroCERT

7618	2024-07-27 12:39	random.exe e04afeeb6bb46b372bc1d7c2e2f25ead Generic Malware EnigmaProtector Malicious Library UPX Code injection AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Checks Bios Detects VMWare AppData folder malicious URLs VMware anti-virtualization installed browsers check Tofsee Ransomware Windows Exploit Browser ComputerName DNS crashed	1 Keyword trend analysis	4	8 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		18.0	M	38	ZeroCERT

7619	2024-07-27 12:38	22per.php.vbs 1f7c3d5b07e8e81501762bc87a897d96 Generic Malware Antivirus OS Processor Check Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.0			ZeroCERT

7620	2024-07-27 12:36	aaa.exe 1318fbc69b729539376cb6c9ac3cee4c Downloader Malicious Library Admin Tool (Sysinternals etc ...) UPX PE File PE32 DNS		1			2.0			ZeroCERT