Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8266	2023-09-25 17:01	svchost.exe a92a908cae30b9b020244bedf61a1dd4 Downloader UPX MPRESS Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows ComputerName Remote Code Execution Firmware crashed					10.8	M	56	ZeroCERT

8267	2023-09-25 17:01	zor40.exe 437a676b457457da6e8333831398bb32 RedLine stealer Gen1 Emotet Malicious Library UPX PWS AntiDebug AntiVM PE File PE32 CAB Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)	1	17.8	M	47	ZeroCERT

8268	2023-09-25 16:36	dropper.com c2b61e9642308cb0e7d12d6b7a101d7c Gen1 Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB Check memory crashed					1.2		5	ZeroCERT

8269	2023-09-25 16:07	eae04e28d321627908712bb23d1d47... eae04e28d321627908712bb23d1d4799 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed					4.4		56	ZeroCERT

8270	2023-09-25 16:01	sorets.exe b5a8f349a7cd1fd600ea613181769116 Malicious Library UPX PE File PE32 OS Processor Check unpack itself Remote Code Execution					0.6			ZeroCERT

8271	2023-09-25 10:24	charles.exe 1bd78136fa8b9e9e63fde92829a9743d PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	1 Keyword trend analysis	4	4		15.2		38	ZeroCERT

8272	2023-09-25 10:21	docjoh20230925.exe f8050d0af7ac48aacab3cc8fead40277 WebCam KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key keylogger					11.2		31	ZeroCERT

8273	2023-09-25 10:19	collar.exe 795d3334576dc4a7e2b480e62c57fb6c WebCam KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AntiVM_Disk VM Disk Size Check Windows ComputerName Cryptographic key keylogger					11.2	M	35	ZeroCERT

8274	2023-09-25 10:19	docgen20230925.exe 72f02b6a2b8fd2a73ae8715fcc2323ca Malicious Library UPX PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		5	5		14.6			ZeroCERT

8275	2023-09-25 10:17	docdav20230923.exe 31c0fb555469b0836b447b2e71c8fd74 PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	1 Keyword trend analysis	4	4		15.2	M	32	ZeroCERT

8276	2023-09-25 10:11	out.msi 7758d5af5470ac0005fed5ec83c5ab2a Malicious Library MSOffice File CAB OS Processor Check Malware download VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check DarkGate Stealer ComputerName DNS Downloader	1 Keyword trend analysis	1	2		4.6		40	ZeroCERT

8277	2023-09-25 09:52	c.exe 6c3f60e6c4f557e093d8605eb5661e68 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					2.0	M	31	ZeroCERT

8278	2023-09-25 09:51	i.txt.exe a44cd9ea69e9e6ac198c56460cd912e9 Downloader Socket Internet API AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Detects VirtualBox Windows DNS Cryptographic key keylogger		1			11.2		56	ZeroCERT

8279	2023-09-25 09:49	com.wag.walker_2.59.0.apk 24c0f3369b739b64510d3d5b704a5115 ZIP Format Word 2007 file format(docx)								guest

8280	2023-09-25 09:14	androidx.compose.ui_ui-viewbin... b2d7f14c5810c3ee6b519c317297190e Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest