Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7906	2023-10-09 12:30	allergy list.exe 8fd84942190cf91e2182d552b3df80f8 PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW ComputerName DNS		1			2.4		1	ZeroCERT

7907	2023-10-09 12:29	Reservation information (date,... 9809cc75b12ebaa98003f8288978f3b3 Malicious Library UPX PE File PE32 ftp Check memory Tofsee		2	2		0.2			ZeroCERT

7908	2023-10-09 12:27	obcliKg.dll b52920a62d824d538812f9fb8bf563c4 .NET DLL PE File DLL PE32 VirusTotal Malware PDB					0.6		1	ZeroCERT

7909	2023-10-08 18:36	netTimer.exe e674688f489f2e6dcfdf18af1ac37858 UPX Malicious Packer PE File PE64 VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself anti-virtualization ComputerName					4.8	M	32	ZeroCERT

7910	2023-10-08 18:34	opportunitytoolprer.exe dfacf11cff37d089fdb939534d1680e3 Gen1 Emotet Malicious Library PE File PE64 CAB VirusTotal Malware Buffer PE AutoRuns PDB Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces Windows ComputerName Remote Code Execution DNS Cryptographic key	1 Keyword trend analysis	1			8.2	M	43	ZeroCERT

7911	2023-10-08 18:32	lnstalIer.exe 0e10ea38b2c0569203a5f46efdec60dc Raccoon Gen1 Generic Malware UPX Malicious Packer Admin Tool (Sysinternals etc ...) Malicious Library Http API ScreenShot PWS HTTP Internet API AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Malware RecordBreaker Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder sandbox evasion installed browsers check Stealer Windows Browser DNS Cryptographic key	9 Keyword trend analysis Info http://45.15.156.141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://45.15.156.141/ - rule_id: 37100 http://45.15.156.141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://45.15.156.141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://45.15.156.141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll http://45.15.156.141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll http://45.15.156.141/fbac3c131ccbd261bd179f2d83792c65 http://45.15.156.141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://45.15.156.141/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll	1	11 Info ET MALWARE Win32/RecordBreaker CnC Checkin M1 ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING Possible Generic Stealer Sending System Information	1	14.6	M	49	ZeroCERT

7912	2023-10-08 18:31	MILAHAJOBFFO2308200014BLONEYSH... 1def66d61d9e9ef7d54fd2ff792d7f76 .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		2	4		13.4		53	ZeroCERT

7913	2023-10-08 12:04	cafiii.jpg eb52f4c919c1466d334996cbc02f64ab ZIP Format VirusTotal Malware DNS		1			2.4	M	23	ZeroCERT

7914	2023-10-08 12:04	ReklamX.ps1 199882d42a35596fdc6ae9c8098d8368 Generic Malware Antivirus VirusTotal Malware Check memory unpack itself Windows Cryptographic key					1.4		17	ZeroCERT

7915	2023-10-08 12:04	ReklamX.ps1 17ca355294ec4a7f4d58438aa2d5689a Generic Malware Antivirus VirusTotal Malware Check memory unpack itself Windows Cryptographic key					1.6		21	ZeroCERT

7916	2023-10-08 12:02	ss47.exe 6e45986a505bed78232a8867b5860ea6 Generic Malware UPX Malicious Packer PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution	1 Keyword trend analysis	2	2		2.0		43	ZeroCERT

7917	2023-10-08 10:49	zoeg4a5.exe 637dbce64106ecb582f119403822e138 Malicious Library UPX Malicious Packer PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution	1 Keyword trend analysis	2	2		2.0	M	43	ZeroCERT

7918	2023-10-08 10:47	x_loader.exe 28008ae8515c137603e3cb0a14c38795 UPX PE File PE64 OS Processor Check VirusTotal Malware					1.0	M	25	ZeroCERT

7919	2023-10-08 10:47	two0710.exe f646c097913ec9dc3897ec3b5e452919 Malicious Library PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	4		7.8	M	43	ZeroCERT

7920	2023-10-08 10:45	Lopbf.exe 5399d7a2060eca17c4c1648fd6b09505 UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Buffer PE Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	1	1		6.4		50	ZeroCERT