Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8161	2023-09-30 13:06	exbo.exe 14b9d9e187fdb2f9deb0a9361a4f408d Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Malware download VirusTotal Malware Code Injection Malicious Traffic buffers extracted unpack itself Stealc Browser DNS crashed	1 Keyword trend analysis	1	2	1	8.2	M	34	ZeroCERT

8162	2023-09-30 13:05	asca1ex1234.exe ab42dd45f0015269d23c14792397617f Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware					1.6	M	38	ZeroCERT

8163	2023-09-30 13:05	UMM2.exe 16e1b0fb578bc6d4eb28a5389a8436dd PE File PE32 .NET EXE VirusTotal Malware Buffer PE PDB Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key		1			4.0	M	19	ZeroCERT

8164	2023-09-30 13:04	Amadey.exe aebaf57299cd368f842cfa98f3b1658c Amadey Browser Login Data Stealer Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 OS Processor Check DLL JPEG Format PE64 Malware download Amadey VirusTotal Malware AutoRuns PDB Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW installed browsers check Interception Windows Browser ComputerName DNS crashed	4 Keyword trend analysis	1	6 Info ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Amadey Bot Activity (POST) M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download		10.0	M	55	ZeroCERT

8165	2023-09-30 13:04	toolspub1.exe 0da78f6ac7f81956c6b3b73aa43ef60d Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware PDB					2.6	M	33	ZeroCERT

8166	2023-09-30 13:03	foto1221.exe 99e05ed844344417fbf1594c67054ebe RedLine stealer Gen1 Emotet RedLine Infostealer Browser Login Data Stealer Malicious Library UPX .NET framework(MSIL) Confuser .NET AntiDebug AntiVM PE File PE32 CAB .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)	1	17.2	M	51	ZeroCERT

8167	2023-09-30 13:01	WinDhcp.exe d381d9db9cbd1b60afdfb4f05e52a775 PE File PE64 VirusTotal Malware					1.2	M	21	ZeroCERT

8168	2023-09-30 12:59	herom.exe 38682480c0a22cc8e025f23d78bab140 Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder WriteConsoleW					2.8	M	16	ZeroCERT

8169	2023-09-30 12:59	RBY1.exe d6a782cd2e4b92e06bbc8204013f3d68 PE File PE32 .NET EXE VirusTotal Malware Buffer PE PDB Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key crashed					4.0		36	ZeroCERT

8170	2023-09-30 12:58	Services.exe b9a096baebdf8e44368e9724da8e56dd Malicious Library UPX PE File PE32 PE64 Malware download VirusTotal Malware AutoRuns MachineGuid Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW IP Check PrivateLoader Tofsee Windows ComputerName DNS crashed	8 Keyword trend analysis Info http://193.42.32.118/api/firecom.php - rule_id: 36700 http://171.22.28.226/download/WWW14_64.exe http://193.42.32.118/api/tracemap.php - rule_id: 36180 http://www.maxmind.com/geoip/v2.1/city/me https://sso.passport.yandex.ru/push?uuid=ad269c5f-9769-4a8d-84e7-2d5be64d35f7&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://dzen.ru/?yredirect=true https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://db-ip.com/	20 Info db-ip.com(104.26.4.15) ipinfo.io(34.117.59.81) twitter.com(104.244.42.193) telegram.org(149.154.167.99) www.maxmind.com(104.18.146.235) yandex.ru(77.88.55.88) api.db-ip.com(172.67.75.166) dzen.ru(62.217.160.2) sso.passport.yandex.ru(213.180.204.24) 149.154.167.99 - mailcious 193.42.32.118 - mailcious 172.67.75.166 62.217.160.2 104.18.146.235 213.180.204.24 171.22.28.226 - malware 34.117.59.81 104.26.5.15 5.255.255.70 104.244.42.129 - suspicious	8 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	2	10.8	M	37	ZeroCERT

8171	2023-09-30 12:57	birza.exe 53df0c8b56120e03e1657e366720ecd9 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET PE File PE32 .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)		6.2	M	56	ZeroCERT

8172	2023-09-30 12:57	kus.exe acf39b9c0b1f3c9addd5dd50a8773a28 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware Code Injection buffers extracted crashed					8.0	M	38	ZeroCERT

8173	2023-09-30 12:54	clip64.dll e913b0d252d36f7c9b71268df4f634fb Amadey Malicious Library UPX Admin Tool (Sysinternals etc ...) PE File DLL PE32 OS Processor Check VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	55	ZeroCERT

8174	2023-09-28 08:41	westcompetitiveresspro.exe 41ca6ed3ff003e205d7dae915c20eb59 Gen1 Emotet Malicious Library UPX PE File PE64 CAB VirusTotal Malware AutoRuns PDB Creates executable files Windows Remote Code Execution					3.0		12	ZeroCERT

8175	2023-09-28 08:40	ly4893.txt.exe ed55b32151792a117b9c9bfe439734cc Malicious Library UPX Malicious Packer PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger		2	4		6.4		55	ZeroCERT