Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8266	2023-12-22 08:24	crypted.exe 42464d83d6f8b2ce1a88cf6c7c721c09 RedLine stealer Malicious Library Admin Tool (Sysinternals etc ...) UPX ScreenShot PWS AntiDebug AntiVM PE32 PE File OS Processor Check Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key crashed		1		8.6	M		ZeroCERT

8267	2023-12-22 08:22	v1220-55000.exe 04f93f610df4d1c941ec7f64679e3039 .NET framework(MSIL) UPX Malicious Library ScreenShot AntiDebug AntiVM PE32 PE File .NET EXE DLL OS Processor Check Buffer PE PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Windows Cryptographic key crashed				8.2			ZeroCERT

8268	2023-12-22 08:22	Wzslollihv.exe 1a9c1d237843ca776d5d1d2ef84fb493 Hide_EXE UPX PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself				2.2	M	39	ZeroCERT

8269	2023-12-22 08:20	Minodeka.exe eb591336a1a8c61faf248e784166a19a Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution				2.4		56	ZeroCERT

8270	2023-12-22 08:20	setup294.exe 391487909449a0c19ea2a2ae599c8731 Malicious Library AntiDebug AntiVM PE32 PE File DLL Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder				3.6	M		ZeroCERT

8271	2023-12-22 08:18	againn.exe 24d81523b3033dddc3bf6526d86f819d Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1		5.0	M	56	ZeroCERT

8272	2023-12-22 08:17	frreebeeie.exe 2c8bf6e42f2195c8256d91f5007a1219 PE File PE64 VirusTotal Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces DNS	1 Keyword trend analysis	1		4.2	M	40	ZeroCERT

8273	2023-12-22 08:16	build_2023-12-19_21-29.exe 19c47b81c5a0b6c2791c0ff91e21e87a Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware unpack itself Windows DNS crashed		1		3.6	M	55	ZeroCERT

8274	2023-12-22 08:15	sl.exe a6f1e6b5775a94219b69a6261b36244a Malicious Library Downloader Admin Tool (Sysinternals etc ...) UPX PE32 PE File Malware download VirusTotal Malware AutoRuns Malicious Traffic Windows DNS Downloader	2 Keyword trend analysis	1	2	4.2	M	50	ZeroCERT

8275	2023-12-22 08:13	adobe.exe a056c3e2e3334be82cc40e2af20ef67b Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check PE64 DllRegisterServer dll wget ZIP Format Check memory Checks debugger Creates executable files unpack itself AppData folder ComputerName crashed				2.6			ZeroCERT

8276	2023-12-22 08:13	build2.exe e23c839edb489081120befe1e44b04db Client SW User Data Stealer LokiBot ftp Client info stealer Malicious Library UPX Http API PWS Code injection AntiDebug AntiVM PE32 PE File OS Processor Check VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Checks debugger buffers extracted WMI unpack itself malicious URLs Tofsee ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	5	3	11.0		58	ZeroCERT

8277	2023-12-22 08:13	brg.exe dff334fa8d2c701dba4139875f14c9ff Malicious Library VMProtect UPX PE32 PE File VirusTotal Malware unpack itself Remote Code Execution DNS		2		3.4		21	ZeroCERT

8278	2023-12-22 08:11	ww.exe ca582fafbbb257ccf1bf91dac47fcf4f Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution				2.2		32	ZeroCERT

8279	2023-12-22 08:08	rest.exe 7e267bec235e3a97a82cbc14780e5af1 Themida Packer Malicious Library Admin Tool (Sysinternals etc ...) UPX Anti_VM AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check PNG Format ZIP Format MSOffice File DLL JPEG Format Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting exploit crash unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder VMware anti-virtualization IP Check installed browsers check Tofsee Ransomware Windows Exploit Browser RisePro Email ComputerName Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	6	7 Info ET MALWARE [ANY.RUN] RisePro TCP (Token) ET MALWARE Suspected RisePro TCP Heartbeat Packet ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io) ET MALWARE [ANY.RUN] RisePro TCP (External IP) ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)	20.0		54	ZeroCERT

8280	2023-12-22 08:08	setup294.exe 036f715ce0e23c5993a9fbb138eaeffb Malicious Library AntiDebug AntiVM PE32 PE File DLL Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder DNS		1		4.2			ZeroCERT