Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8341	2023-09-25 08:24	AndroidManifest.xml 082c3d5ed605937fcae03387673b37e6 Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest

8342	2023-09-25 08:24	AndroidManifest.xml 082c3d5ed605937fcae03387673b37e6 Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.2			guest

8343	2023-09-25 08:23	DebugProbesKt.bin 26e4a87d5450c027450ee547f1fb2d45 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

8344	2023-09-25 07:45	g.exe ddffc2d90d856636988bf603f0383d9e Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB Check memory unpack itself Tofsee ComputerName		3	2		1.6	M	3	ZeroCERT

8345	2023-09-25 07:44	nsi85.exe d9b7a38415b5b12303bf061c9c3d4452 RedLine stealer Gen1 Emotet task schedule Malicious Library UPX PWS Http API HTTP Internet API AntiDebug AntiVM PE File PE32 CAB Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Redline Stealer Activity (Response)	1	17.6	M		ZeroCERT

8346	2023-09-25 07:41	foto7447.exe da23352a594c97e931832f1ece7e3b1e RedLine stealer Gen1 Emotet task schedule Malicious Library UPX Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 CAB Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Redline Stealer Activity (Response)	1	14.8	M		ZeroCERT

8347	2023-09-25 07:39	kus.exe 073e99375099253a97c86d972a82b344 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Malware Code Injection buffers extracted					5.8			ZeroCERT

8348	2023-09-25 07:39	s1.exe 9103d5d5d8ecaec5b6cb5eb72770d326 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.4	M	26	ZeroCERT

8349	2023-09-24 11:24	tanos.exe 717b7bb4871f297308de3412fa4a6df8 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check DLL PDB Code Injection unpack itself suspicious process AppData folder Remote Code Execution					2.8			ZeroCERT

8350	2023-09-24 11:21	exto.exe 9379586a4b035658785cc87c8292d6df task schedule Malicious Library UPX Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Malware Code Injection Malicious Traffic buffers extracted unpack itself Stealc Browser DNS	1 Keyword trend analysis	1	2	1	7.2	M		ZeroCERT

8351	2023-09-24 11:19	foto7447.exe 9e031f946e78b6ce0af495a760ef67e7 RedLine stealer Gen1 Emotet Browser Login Data Stealer task schedule Malicious Library UPX ASPack Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 CAB DLL OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	6 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1	1	16.0	M	47	ZeroCERT

8352	2023-09-24 11:19	kus.exe 04513f64dd4834354625e24e2b0b44c7 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Malware Code Injection buffers extracted					7.0			ZeroCERT

8353	2023-09-23 20:10	gate4.exe 8a6554c54d9040abfbbaa853c9abce67 Malicious Library UPX PE File PE64 VirusTotal Malware unpack itself Windows crashed					3.2		23	ZeroCERT

8354	2023-09-23 20:08	download 823b5fcdef282c5318b670008b9e6922 Generic Malware PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.8		45	ZeroCERT

8355	2023-09-23 20:07	s5.exe 1476bccbd7569058dc7ddcaeacc23b3c Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.6		31	ZeroCERT