Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8446	2023-12-13 17:07	microsoftdecidedtoupdateentire... 911181c9ce56b902706424dfcc600236 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted RWX flags setting exploit crash Exploit crashed					3.2	M	34	ZeroCERT

8447	2023-12-13 08:38	fred.exe ffc9aa77bbf6df5309e1c24d43ff10f4 Loki LokiBot Formbook Socket PWS DNS AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs suspicious TLD installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	2	9 Info ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response	1	13.4	M		ZeroCERT

8448	2023-12-13 08:36	autorun.exe e603e2abda021b58c29868700301275a Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)		6.0	M		ZeroCERT

8449	2023-12-12 11:46	osu.rar e55e4be58bfb9cb11cc67ae3670e4f35 AntiDebug AntiVM VirusTotal Email Client Info Stealer Malware suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					4.6		43	guest

8450	2023-12-12 10:54	GoogleCrashHandler64.exe c87e0ff27716ffd84d540965e457773e EnigmaProtector UPX PE32 PE File MZP Format PE64 VirusTotal Malware suspicious privilege Checks debugger WMI Creates executable files unpack itself Windows utilities Detects VMWare suspicious process sandbox evasion WriteConsoleW VMware Windows ComputerName crashed					8.2	M	21	ZeroCERT

8451	2023-12-12 10:48	Microsoftunderstandverywellhow... 108879c398ff1a9e9e7fae2ee5d94099 MS_RTF_Obfuscation_Objects RTF File doc Malware download Remcos VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	2 Keyword trend analysis	5	6 Info ET JA3 Hash - Remcos 3.x TLS Connection ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.6	M	34	ZeroCERT

8452	2023-12-12 08:07	Builder.exe d49ec8360f618f61d91701143e475fbc Malicious Library ASPack UPX PE32 PE File OS Processor Check .NET EXE PDB Check memory Checks debugger Creates executable files unpack itself AppData folder Remote Code Execution					2.4	M		ZeroCERT

8453	2023-12-12 08:05	wlanext.exe 0b96e8a9f710917f8ebbeba13040e308 NSIS Generic Malware Malicious Library UPX Antivirus PE32 PE File powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process Windows ComputerName Cryptographic key crashed					6.0	M		ZeroCERT

8454	2023-12-12 08:02	toolspub2.exe 05193c12562beb5de5f05ae6816c976f Malicious Library AntiDebug AntiVM PE32 PE File Malware PDB Code Injection Checks debugger buffers extracted unpack itself					6.0	M		ZeroCERT

8455	2023-12-12 08:00	gpupdate.exe d03630dc968aae232a10fc0507727977 CobaltStrike Malicious Library Malicious Packer UPX PE File PE64 OS Processor Check PDB crashed					0.8	M		ZeroCERT

8456	2023-12-12 07:58	wlanext.exe a759e8c16420ac111730b3d85455c256 Generic Malware .NET framework(MSIL) Antivirus PE32 PE File .NET EXE powershell PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key		2			7.8	M		ZeroCERT

8457	2023-12-12 07:57	wlanext.exe 4f3e829290915b518cdb7493604c0426 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Generic Malware Google Chrome User Data Downloader .NET framework(MSIL) Antivirus ScreenShot Create Service Socket Escalate priviledges PWS Sniff Audio DNS Internet API KeyLogger AntiDebu Browser Info Stealer Remcos Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Windows Browser Email ComputerName Cryptographic key	1 Keyword trend analysis	4	1		14.2	M		ZeroCERT

8458	2023-12-12 07:55	tuc2.exe 5e4649e7981b23161038a1b93c755420 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL DllRegisterServer dll OS Processor Check PE64 wget ZIP Format Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS crashed		1			4.6	M		ZeroCERT

8459	2023-12-12 07:54	olehps.exe 91d23595c11c7ee4424b6267aabf3600 RedLine stealer .NET framework(MSIL) UPX Confuser .NET PE32 PE File .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Family Activity (Response)		5.0	M		ZeroCERT

8460	2023-12-12 07:53	ama.exe 294593fcb93a6d6694c9670e86e649bf Amadey UPX Malicious Library .NET framework(MSIL) PWS AntiDebug AntiVM PE32 PE File JPEG Format DLL PE64 OS Processor Check .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Buffer PE AutoRuns MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed Downloader	4 Keyword trend analysis	5	9 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request ET MALWARE Amadey Bot Activity (POST) M1 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	1	18.6	M		ZeroCERT