Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
7981	2024-07-09 10:00	EXACT_ITEM.exe 9babf09115135e3726636ed32790bd36 Malicious Packer UPX PE File PE64 VirusTotal Malware Checks debugger					2.0	M	34	ZeroCERT

7982	2024-07-09 09:58	SCM_1.exe 00a69916c649b8f347552f045d9529ef PE File PE64 VirusTotal Cryptocurrency Miner Malware Cryptocurrency DNS		2	2		1.4	M	46	ZeroCERT

7983	2024-07-09 09:58	PsExec.exe 24a648a48741b1ac809e47b9543c6f12 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself WriteConsoleW RCE					1.8	M	2	ZeroCERT

7984	2024-07-09 09:55	inte.exe 91127bcbe51880375df489df4e711151 Malicious Library PE File PE32 VirusTotal Malware RCE					2.0	M	24	ZeroCERT

7985	2024-07-09 09:55	asdf.EXE 651962c322d049e7271543d8d2673311 Malicious Library Malicious Packer .NET framework(MSIL) PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.0	M	13	ZeroCERT

7986	2024-07-08 18:30	xplayd.hta 82a46c36da6b5ae4bd7794eb6fd9f029 Generic Malware Antivirus PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key crashed					6.6		6	ZeroCERT

7987	2024-07-08 18:28	venture45.hta e17e0242e9fe3834c192513619013b92 Generic Malware Antivirus Malicious Library .NET framework(MSIL) AntiDebug AntiVM PowerShell PE File DLL PE32 .NET DLL .NET EXE VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	4	1	17.4	M	23	ZeroCERT

7988	2024-07-08 18:04	IENETCache.hta 2c47bdda0532d55c27bcd50f34e6b8ca Generic Malware Downloader Antivirus AntiDebug AntiVM PE File DLL PE32 .NET DLL VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger wscript.exe payload download Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder Windows ComputerName DNS Cryptographic key	3 Keyword trend analysis	2	1	1	12.0		17	ZeroCERT

7989	2024-07-08 18:00	xplayd.hta 82a46c36da6b5ae4bd7794eb6fd9f029 VirusTotal Malware crashed					0.6		6	ZeroCERT

7990	2024-07-08 17:11	newbuild07.exe 9adc621f718c8e283e2b946acf914322 RedLine stealer RedlineStealer Generic Malware Malicious Library .NET framework(MSIL) UPX Malicious Packer Anti_VM PE File .NET EXE PE32 OS Processor Check PE64 DllRegisterServer dll Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis Info https://bitbucket.org/tanosx/clockbrix/downloads/Chrome_Password_Remover.exe https://bbuseruploads.s3.amazonaws.com/443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207	5	7 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 33 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		9.8		57	ZeroCERT

7991	2024-07-08 17:10	serrrr.exe 293bdbec6a256c88eb2cfb4e46e892ae Generic Malware Malicious Library Malicious Packer UPX Anti_VM PE File PE32 OS Processor Check VirusTotal Email Client Info Stealer Malware Check memory Checks debugger Windows Email					3.2		49	ZeroCERT

7992	2024-07-08 17:08	xmrig.exe c0f8959614ae06561216158d78a787e5 XMRig Miner Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware unpack itself ComputerName					2.0		57	ZeroCERT

7993	2024-07-08 17:08	Atte.exe b854f7f4b478960929e8c2ae1bd7f661 Malicious Library PE File PE64 VirusTotal Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Check virtual network interfaces WriteConsoleW Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis	2	1		7.4		45	ZeroCERT

7994	2024-07-08 17:06	test.exe d19291fc64d40d67755f8a66e43200a3 UPX PE File PE64 VirusTotal Malware					1.4		12	ZeroCERT

7995	2024-07-08 17:06	gold.exe e72e3e0f37eddc11e9003053604c7ab6 Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself crashed					2.2		55	ZeroCERT