Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8491	2023-12-11 19:34	wlanext.exe b488be4699206f2c9c43c007f190816f AgentTesla .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName crashed					9.2	M	50	ZeroCERT

8492	2023-12-11 19:32	SynapseExploit.exe 2cd9b5d48c0904c90537d3eb0f1becad RedLine stealer XMRig Miner Emotet Suspicious_Script_Bin Generic Malware task schedule Downloader Malicious Library UPX Malicious Packer Antivirus .NET framework(MSIL) Obsidium protector Create Service Socket DGA Http API ScreenShot Escalate priviledges Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Kelihos Tofsee Stealer Windows Browser ComputerName Trojan DNS Cryptographic key Software crashed	3 Keyword trend analysis	6	11 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Possible Kelihos.F EXE Download Common Structure ET HUNTING Suspicious svchost.exe in URI - Possible Process Dump/Trojan Download	1	22.8	M	55	ZeroCERT

8493	2023-12-11 19:31	1701788303-crptmnr.exe 2360d77f2544609bde963256309a4437 Hide_EXE UPX PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Checks debugger unpack itself Windows Cryptographic key					5.4	M	51	ZeroCERT

8494	2023-12-11 19:31	sleeps.exe 716c27c08649ad5319ef1c41950c1c82 Malicious Packer PE32 PE File .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.4	M	54	ZeroCERT

8495	2023-12-11 19:29	injector%20resou%E2%80%AEnls..... 51584394f75ed4494c7bfabe52820d42 Generic Malware Antivirus PE32 PE File .NET EXE VirusTotal Malware powershell PDB suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					6.0	M	35	ZeroCERT

8496	2023-12-11 19:27	soft.exe 1836716b2f372522b52f865d74f59dc7 Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB Code Injection					4.0	M	48	ZeroCERT

8497	2023-12-11 19:27	InstallSetup9.exe 9277e82030f3f80d2acb91ca8a2e21bb NSIS Generic Malware Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM PE32 PE File PNG Format OS Processor Check ZIP Format JPEG Format BMP Format CHM Format DLL icon PE64 CAB MZP Format MSOffice File Word 2007 fi VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself AppData folder AntiVM_Disk IP Check VM Disk Size Check Tofsee Ransomware Windows DNS	4 Keyword trend analysis	6	9 Info ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup (ipify .org)		9.0	M	44	ZeroCERT

8498	2023-12-11 19:27	storeunderstanding.exe 93ee667d08153cc820c6f46b6f2dc4cf UPX PE File PE64 OS Processor Check VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces DNS		1			4.2	M	43	ZeroCERT

8499	2023-12-11 19:25	setup.exe 37f331d70abb19b2512a24e943680f69 Malicious Library PE32 PE File VirusTotal Malware WMI Creates executable files RWX flags setting Checks Bios anti-virtualization ComputerName					4.2	M	49	ZeroCERT

8500	2023-12-11 19:23	tbbhts.exe e1095986637973f78a0a8f38f18b4190 UPX PE32 PE File VirusTotal Malware unpack itself crashed					3.0	M	53	ZeroCERT

8501	2023-12-11 19:22	Application.exe dc9d29d62659c29eb6edd2295ad0c4ce Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Email Client Info Stealer Malware Malicious Traffic WMI Checks Bios anti-virtualization Email ComputerName DNS	1 Keyword trend analysis	3			6.2	M	28	ZeroCERT

8502	2023-12-11 19:21	DLL%20Injector%20Resou%E2%80%A... b6d15bc82d811c30d7e9633402bee9c2 Malicious Packer PE File PE64 VirusTotal Malware MachineGuid Check virtual network interfaces Tofsee crashed DoTNet	1 Keyword trend analysis	3	2		3.8	M	42	ZeroCERT

8503	2023-12-11 19:20	cred64.dll b5cdfc4ca11aa7705c605fd93538a310 Malicious Library UPX PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Malicious Traffic Checks debugger unpack itself Windows utilities sandbox evasion installed browsers check Windows Browser DNS Software	1 Keyword trend analysis	1			7.4	M	47	ZeroCERT

8504	2023-12-11 19:18	Controlbackup.exe 294deb3dae4f4f961bf3888733b20ef5 Emotet Gen1 Generic Malware Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware Check memory unpack itself ComputerName Remote Code Execution					2.2	M	17	ZeroCERT

8505	2023-12-11 19:18	notepad.exe 1b89434edfa3a2a42b84a396ce4cb4b1 Generic Malware Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Antivirus UPX PE File PE64 VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process Windows ComputerName Cryptographic key					3.6	M	9	ZeroCERT