Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8371	2023-12-15 08:34	CoercedPotato.exe e76d2ce3cec82cced91f06a8eb3294bb UPX PE File PE64 OS Processor Check PDB				0.2	M		ZeroCERT

8372	2023-12-15 08:34	build.exe fc887357dde165e9b08b72b2202d5ca2 UPX PE File PE64 suspicious process WriteConsoleW				0.6	M		ZeroCERT

8373	2023-12-15 08:32	zjq.exe 7426f45e80013988c47df9618e9e147c MinGW GCC PE File PE64					M		ZeroCERT

8374	2023-12-15 08:32	pdf.exe 578806cb25a3a08cd45c057bb6dad5f2 UPX AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3	9.8	M		ZeroCERT

8375	2023-12-15 08:30	NovaFree.exe 8866dbe499087e8f36e22e1eb91e09ef PE File PE64 MachineGuid Check memory Checks debugger unpack itself DNS		1		2.0	M		ZeroCERT

8376	2023-12-15 08:30	iox.exe 9db2d314dd3f704a02051ef5ea210993 Malicious Library Malicious Packer UPX PE File PE64 WriteConsoleW				1.0	M		ZeroCERT

8377	2023-12-15 08:28	Go.exe dcf8c8ef55fd294027997128de155b9f Generic Malware Malicious Library Malicious Packer UPX PE File PE64 AutoRuns Auto service Windows Remote Code Execution		13 Info spa.gotohttp.com(152.32.197.201) usw.gotohttp.com(43.130.10.102) hk.gotohttp.com(47.241.41.42) def.gotohttp.com(43.130.10.102) tk.gotohttp.com(103.143.72.251) eu.gotohttp.com(43.131.61.143) use.gotohttp.com(49.51.102.118) 47.241.41.42 152.32.197.201 43.130.10.102 103.143.72.251 43.131.61.143 49.51.102.118		2.0			ZeroCERT

8378	2023-12-15 08:27	nigown.exe 0d3e8be0c416afaf2e91728f83b2953b Formbook .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows Browser Email ComputerName Cryptographic key Software crashed				9.6	M	26	ZeroCERT

8379	2023-12-15 00:58	20231130_portascura.pcap.gpg be201cf1a218dfd736745db4a590bcee AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Windows Browser Email ComputerName keylogger				4.0			guest

8380	2023-12-15 00:53	20231130_portascura.pcap.gpg be201cf1a218dfd736745db4a590bcee AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

8381	2023-12-15 00:50	testo_portascura_profArciero ef2feac4f0ad45ab1c2d69478ff1a23a Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check VirusTotal Malware crashed				0.6		2	guest

8382	2023-12-14 19:32	statem_pdf.exe 55461180284dcdf6ad0f3edaf8d68307 Client SW User Data Stealer browser info stealer Generic Malware Google Chrome User Data Downloader Malicious Library WinRAR UPX Http API PWS Code injection Create Service Socket DGA ScreenShot Escalate priviledges Steal credential Sniff Audio HTTP DNS Bi Browser Info Stealer VirusTotal Malware PDB Code Injection Checks debugger Creates executable files exploit crash unpack itself Check virtual network interfaces malicious URLs installed browsers check Exploit Browser Remote Code Execution DNS crashed		1		9.6	M	38	ZeroCERT

8383	2023-12-14 19:24	Delivery_Info.jar 3fba07cd88c0e3e2ca5de99fa15b4878 Malicious Library UPX MSOffice File ZIP Format PE32 PE File DLL OS Processor Check JPEG Format Malware download NetWireRC VirusTotal Email Client Info Stealer Malware AutoRuns Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Windows Java Email ComputerName DNS crashed	1 Keyword trend analysis	9	2	9.0	M	19	ZeroCERT

8384	2023-12-14 19:21	fol3.exe 7e407251c6c0cc328bd4c3bfbe0fc4a4 Malicious Packer UPX PE File PE64 VirusTotal Malware buffers extracted RWX flags setting Check virtual network interfaces DNS		1		4.2	M	35	ZeroCERT

8385	2023-12-14 19:21	wai5.exe f66bfc5ab54885f007da2c63908ff0bf Malicious Packer PE File PE64 VirusTotal Malware buffers extracted RWX flags setting Check virtual network interfaces DNS		3		4.4	M	22	ZeroCERT