Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8431	2023-12-14 08:04	PC_Cleaner.exe 84326112ddead59fca719ef1d7d87685 Emotet Sality Generic Malware Malicious Library UPX Antivirus Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File ftp MZP Format OS Processor Check Lnk Format GIF Format DllRegisterServer dll URL Format DLL PE64 BMP Format Browser Info Stealer VirusTotal Malware Check memory Checks debugger Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder AntiVM_Disk anti-virtualization VM Disk Size Check installed browsers check Tofsee Browser ComputerName DNS crashed	1 Keyword trend analysis	9	2	8.4	M	11	ZeroCERT

8432	2023-12-14 08:03	pdf.exe 5fd002676f224c376302680812079254 UPX AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3	9.8	M		ZeroCERT

8433	2023-12-14 08:01	int.exe 9af7c42f197794370d28ec2454ff4b6e Malicious Packer Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Malicious Library Http API ScreenShot AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder suspicious TLD sandbox evasion installed browsers check Ransomware Lumma Stealer Windows Browser ComputerName Firmware DNS Cryptographic key crashed	3 Keyword trend analysis	8	9 Info ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tirechinecarpett .pw) ET DNS Query to a .pw domain - Likely Hostile ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (musclefarelongea .pw) ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET INFO HTTP Request to a .pw domain ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fanlumpactiras .pw) ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (freckletropsao .pw) ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ownerbuffersuperw .pw)	15.4	M	50	ZeroCERT

8434	2023-12-14 08:00	abux.exe 34793ade11411172d60e1eacf6c92bfd AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs suspicious TLD Tofsee Browser Email ComputerName DNS Software crashed	1 Keyword trend analysis	3	3	13.4	M	45	ZeroCERT

8435	2023-12-14 07:58	NTPDRAPE.exe 6ae58a1b3f242ea4259e97c6539a618a Emotet Malicious Library UPX PE32 PE File DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder				2.6	M	2	ZeroCERT

8436	2023-12-14 07:58	BEST-13-12-2023v1.exe 4bc1bd277770c8da36c5d31968a0e977 Generic Malware Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware crashed				0.8	M	16	ZeroCERT

8437	2023-12-13 20:13	paste.ps1 baeee25ebf0efeec414dce64b9e7aca7 XMRig Miner Generic Malware Antivirus Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Cryptocurrency Miner Malware Cryptocurrency powershell Buffer PE suspicious privilege Check memory buffers extracted WMI Creates executable files unpack itself Windows utilities Auto service powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Firmware DNS Cryptographic key	2 Keyword trend analysis	3	5	11.8	M	19	ZeroCERT

8438	2023-12-13 18:31	wlanext.exe 342e0ad16ed51c7f353ecc0378ea02d3 Generic Malware Malicious Library UPX Antivirus PE32 PE File Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed				7.6	M	23	ZeroCERT

8439	2023-12-13 18:26	microsoftdecidedtoupdateentire... 911181c9ce56b902706424dfcc600236 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted exploit crash Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.2	M	34	ZeroCERT

8440	2023-12-13 17:22	microsoftcachedelete.vbs a69d043d32d4ac372b3901a54dc231d9 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	8.4		5	ZeroCERT

8441	2023-12-13 17:22	microsoftdecided.vbs 191f2509a2a2ee5ca560be4cf1baccd7 Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key	3 Keyword trend analysis	3	1	8.4		5	ZeroCERT

8442	2023-12-13 17:20	dll_vbe.jpg.exe 4d8026468c5829b38f6d265643085c2a Generic Malware Antivirus PE32 PE File DLL .NET DLL VirusTotal Malware PDB				0.6		8	ZeroCERT

8443	2023-12-13 17:19	Rump_vbs.jpg.exe 3c63488040bb51090f2287418b3d157d PE32 PE File DLL .NET DLL PDB				0.2			ZeroCERT

8444	2023-12-13 17:11	Microsoftdecidedtoupdateentire... abd08657ab33f8d1fb76b2757c0253b2 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted RWX flags setting exploit crash Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2	4.6	M	35	ZeroCERT

8445	2023-12-13 17:08	Master_data.exe d4e13b3431540c5d7b3b8bd98ee4ae9d Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Malicious Library Http API ScreenShot PWS AntiDebug AntiVM PE32 PE File .NET EXE DLL OS Processor Check Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion installed browsers check Ransomware Lumma Stealer Windows Browser ComputerName Firmware Cryptographic key crashed	1 Keyword trend analysis	2	2	15.4		41	ZeroCERT