Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7771	2023-10-13 00:57	1.exe 2a7e0b5e83cb9e08b28371b945901da8 Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE64 OS Processor Check buffers extracted unpack itself malicious URLs Ransomware Tor					2.2		51	guest

7772	2023-10-13 00:35	dovidka.chm 2556a9e1d5e9874171f51620e5c5e09a Generic Malware AntiDebug AntiVM CHM Format Lnk Format VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself WriteConsoleW Windows					8.4		38	guest

7773	2023-10-12 14:55	difficultspecificprores.exe 01b925b499a5bc1e9d7a2f93d8ac0c65 Lumma Gen1 Emotet Malicious Library Http API ScreenShot Internet API AntiDebug AntiVM PE File PE64 CAB PNG Format JPEG Format Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces sandbox evasion Tofsee Ransomware Lumma Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key	2 Keyword trend analysis	5	8 Info ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET DNS Query to a .pw domain - Likely Hostile ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET INFO HTTP Request to a .pw domain ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In	2	17.4	M	28	ZeroCERT

7774	2023-10-12 14:54	clientPower.exe 96a2d507409c68e291e2d473a2d35ae0 Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 MZP Format OS Processor Check VirusTotal Malware unpack itself sandbox evasion Remote Code Execution crashed					3.0		19	ZeroCERT

7775	2023-10-12 14:30	setup.7z dc335f7c742fffb1ea6ec8bb3fd69ad7 Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates executable files unpack itself					2.0			ZeroCERT

7776	2023-10-12 10:34	Bur_Oil_Company.zip 7981e2f467362b08d22fad773e24df3b ZIP Format Malware download VirusTotal Malware Malicious Traffic Lumma Stealer	1 Keyword trend analysis	2	2		1.6		1	ZeroCERT

7777	2023-10-12 10:25	client_x86.exe 2b199211ed7ddd31f0a5f0c651f44457 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware buffers extracted unpack itself sandbox evasion Browser ComputerName		2			3.8		7	ZeroCERT

7778	2023-10-12 10:18	realonerealone.txt.exe c5be9c39afdf0da89b281f61e8f5e721 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed					3.6		36	ZeroCERT

7779	2023-10-12 10:18	hta_nostartup.jpg.exe 1a707baa6ca6f2f3cead89aa09d10bc0 Malicious Library UPX .NET DLL PE File DLL PE32 OS Processor Check VirusTotal Malware PDB					1.4		26	ZeroCERT

7780	2023-10-12 10:05	blalalalalalalala.hta b4acf9fdc9a290176583bbab576c4c20 Generic Malware Antivirus Hide_URL AntiDebug AntiVM PowerShell VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut RWX flags setting unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1		10.6		16	ZeroCERT

7781	2023-10-12 10:04	VoiceAI_Full.exe 645dc5a09c9ad492b4740406029c7804 Gen1 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check .NET DLL DLL PE32 ftp PNG Format DllRegisterServer dll ZIP Format icon NetWireRC VirusTotal Malware Check memory Creates executable files AppData folder Ransomware RAT					3.4		2	ZeroCERT

7782	2023-10-12 09:41	sus.exe 0b8c9e7e25dd7ecc2adff3da91def1c1 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware PDB Code Injection buffers extracted					6.8	M	23	ZeroCERT

7783	2023-10-12 09:39	nalo.exe 5378a31424e3903963c32adb09f3280e RedLine stealer Malicious Library UPX .NET framework(MSIL) Confuser .NET ASPack AntiDebug AntiVM PE File PE32 OS Processor Check .NET EXE DLL Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	6 Info ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response	1	16.8	M	22	ZeroCERT

7784	2023-10-12 09:38	rengad.exe 1d8335d00f69c2d195ef13993c862af1 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB					1.6	M	38	ZeroCERT

7785	2023-10-12 09:28	bQ6W.exe 9fdbcb969104691f259c6841e4e69be9 Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0		54	ZeroCERT