Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8461	2023-12-12 07:52	cp.exe 7603117e8e1611e887b8c6fccbdb9d4e Downloader Malicious Library VMProtect UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE32 PE File AutoRuns Code Injection Check memory Creates executable files unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName DNS		2			6.2	M		ZeroCERT

8462	2023-12-12 07:49	newtot.exe a5ceb6c604029a5ade96a97169f1ec1d Malicious Library PE32 PE File PDB unpack itself Remote Code Execution					1.2	M		ZeroCERT

8463	2023-12-12 07:47	Client.exe 74bae7aac1e952c4aacda6e5861bdea5 Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE32 PE File .NET EXE OS Processor Check Check memory Checks debugger unpack itself					0.8			ZeroCERT

8464	2023-12-12 07:47	ucdutchzx.exe 723bccfa9d5be24b8a064f547cf1c039 AgentTesla .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Browser Email ComputerName Software crashed		2	2		10.8			ZeroCERT

8465	2023-12-12 07:45	traffico.exe d46d968df6c8596c4a2dd2e19bd3dadb Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		5.0	M		ZeroCERT

8466	2023-12-11 20:03	microsoftunderstandhowimportan... c4cde68e89e1c045c73591c40eeb439f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	5	2		4.6		31	guest

8467	2023-12-11 20:01	tuc3.exe dbd9b2c45d72217c313af17fa3f86680 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check DllRegisterServer dll PE64 wget ZIP Format Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					4.6	M		ZeroCERT

8468	2023-12-11 20:00	setup294.exe f6817fb73608c56fbae10d7189621efd Malicious Library AntiDebug AntiVM PE32 PE File DLL VirusTotal Malware Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder					5.0	M	46	ZeroCERT

8469	2023-12-11 19:57	redbull.bat 584774c57fe962e5fb91969c76dbb8e6 Generic Malware Downloader Antivirus Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.2	M	4	ZeroCERT

8470	2023-12-11 19:55	DDPbinzx.exe 5ce14bfd38a170d9347b7a83bd3f2538 PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.6	M	53	ZeroCERT

8471	2023-12-11 19:55	deluxe_crypted.exe d7f80ac5e408c10c0f6d953a08b8db74 Malicious Library UPX PE32 PE File OS Processor Check Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory buffers extracted Collect installed applications suspicious TLD sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Firmware DNS	1 Keyword trend analysis	3	4		8.8	M	53	ZeroCERT

8472	2023-12-11 19:54	MedicinesViews.exe d0b882c07526d97ef91eccf153e31a4b Suspicious_Script_Bin Hide_EXE Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug VirusTotal Malware Buffer PE suspicious privilege Code Injection Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities AppData folder malicious URLs sandbox evasion WriteConsoleW Windows ComputerName DNS		3			9.0	M	45	ZeroCERT

8473	2023-12-11 19:53	autorun.exe 5d5ec23ea161feec9ef9e619dfe2d2d4 Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check Check memory Checks debugger unpack itself Windows DNS Cryptographic key		1			2.8	M		ZeroCERT

8474	2023-12-11 19:52	SoftwareMeetup.exe cbf9b27a8f0e0694c727f4365776b745 Raccoon Gen1 Suspicious_Script_Bin Downloader Malicious Library UPX Malicious Packer Http API ScreenShot Escalate priviledges PWS HTTP Code injection Internet API KeyLogger Create Service Socket DGA Steal credential Hijack Network Sniff Audio DNS persiste Browser Info Stealer Malware download Malware RecordBreaker Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications AppData folder malicious URLs sandbox evasion WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS crashed	9 Keyword trend analysis Info http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll http://5.42.64.45/eaf08ca3e93323672f845af593b238c0 http://5.42.64.45/ - rule_id: 38686 http://5.42.64.45/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll	2	11 Info ET MALWARE Win32/RecordBreaker CnC Checkin M1 ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response ET INFO Dotted Quad Host DLL Request ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET HUNTING Possible Generic Stealer Sending System Information	1	14.6	M	44	ZeroCERT

8475	2023-12-11 19:52	tuc5.exe 63b2f4831b7af85aea9e507f772a8e11 Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format DLL OS Processor Check DllRegisterServer dll PE64 wget ZIP Format Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName crashed					4.2	M		ZeroCERT