Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8011	2023-10-05 07:51	KqxxD43gE6ehqZb.exe d3fc0eb99a8edffaf0a4c9a66ed91777 Generic Malware Malicious Library UPX PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check JPEG Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla suspicious privilege Malicious Traffic Checks debugger unpack itself Check virtual network interfaces IP Check installed browsers check Windows Browser Email ComputerName DNS DDNS Software crashed keylogger	2 Keyword trend analysis	4	3	10.4	M	56	ZeroCERT

8012	2023-10-05 07:51	file.exe 9f528babec87d802acab810f56b9e534 RedLine stealer Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5	11.0	M	47	ZeroCERT

8013	2023-10-05 07:51	rjFcwBLmZM9M3y7.exe 5d4392b56aa4ebac400bbe86fe5d0767 Gen1 Generic Malware Malicious Library UPX Malicious Packer Downloader .NET framework(MSIL) PE File PE32 .NET EXE icon DLL OS Processor Check BMP Format Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk sandbox evasion IP Check VM Disk Size Check Ransomware Browser ComputerName	2 Keyword trend analysis	4	3	9.4	M	41	ZeroCERT

8014	2023-10-05 07:49	50_2023-10-04_13-27.exe 1a341a36cd0d3e3ab04a1898194fba3a Malicious Library UPX PE File PE32 OS Processor Check PDB Remote Code Execution				0.8	M		ZeroCERT

8015	2023-10-05 07:48	FocFoaRhEf4vkFl.exe ccec9f6516e38c852b1df13c836e5430 UPX .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE PNG Format MSOffice File JPEG Format VirusTotal Malware MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Check virtual network interfaces Tofsee Windows Exploit Browser ComputerName DNS crashed	1 Keyword trend analysis	6	2	9.4	M	41	ZeroCERT

8016	2023-10-05 07:47	XZJ7pcVdxODBwEr.exe 43793501051282b49746c790640bcf31 Emotet Generic Malware Malicious Library UPX Downloader Malicious Packer Anti_VM PE File PE32 .NET EXE JPEG Format OS Name Check OS Memory Check OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk IP Check VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS DDNS Software crashed keylogger	2 Keyword trend analysis	5	3	13.6	M	43	ZeroCERT

8017	2023-10-05 07:45	svchost.exe e9724f79d09583b45931d5040f02eb35 Themida Packer Generic Malware Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName Firmware DNS crashed		1		10.6	M	51	ZeroCERT

8018	2023-10-05 07:45	conhost.exe 61783b2ff3dd193f54e4b5e01a43841d Malicious Library UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed				1.8	M	15	ZeroCERT

8019	2023-10-05 07:43	LqnVyMOS2osNsx5.exe d7f3266975644f3797964e044e5b8d5f Generic Malware Malicious Library UPX .NET framework(MSIL) ASPack PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk IP Check VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	7	3	13.4	M	38	ZeroCERT

8020	2023-10-05 07:43	3.exe 845b889989bad720eb796775536f36a1 RedLine stealer Malicious Library UPX ScreenShot PWS AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5	11.0		41	ZeroCERT

8021	2023-10-04 17:36	OIUIII0IUII0Ioioioi0ioi0iouuui... 130b68050fb2c995533b651154d8b472 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2	4.2	M	30	ZeroCERT

8022	2023-10-04 17:35	Audiodgs.exe 87f2675413083ecd0838603682509718 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed				11.8	M	47	ZeroCERT

8023	2023-10-04 17:34	fxGriSJETFWX26o.exe ae5fd5f483713e5490441825333644fc PE File PE32 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.0	M	33	ZeroCERT

8024	2023-10-04 17:33	Audiodgs.exe 26e4291f7b01ed40adc50972f2f8c5c2 PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.6	M	46	ZeroCERT

8025	2023-10-04 17:32	LPG.txt.exe 2e626d1c6e856072eddc5ffcb6af674c AgentTesla Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		4	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Telegram API Domain in DNS Lookup ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	5.4		57	ZeroCERT