Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8596	2023-09-16 14:09	upd.exe 4ea30635eed2b533a725480e326257ce RedLine stealer Downloader UPX Malicious Library MPRESS Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PE File PE32 OS Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW VMware anti-virtualization installed browsers check Kelihos Tofsee Stealer Windows Browser ComputerName Trojan Firmware DNS Cryptographic key Software crashed	2 Keyword trend analysis	4	11 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Possible Kelihos.F EXE Download Common Structure ET HUNTING Suspicious svchost.exe in URI - Possible Process Dump/Trojan Download		20.0	M	34	ZeroCERT

8597	2023-09-16 14:09	PO_88392_Specifications.js 825eb25f2a710a4052d0b21dfa2ad77a Generic Malware Antivirus powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis				4.8			ZeroCERT

8598	2023-09-16 14:09	minerxd.exe 0e9cc5c2145bae2f6ab41f186dac87d1 PE File PE64 ftp VirusTotal Malware DNS		1			2.2	M	46	ZeroCERT

8599	2023-09-16 14:07	1.exe e0ce28aad08a3286e1832c9677049bbb RedLine stealer Suspicious_Script_Bin Generic Malware UPX Malicious Library Antivirus PWS AntiDebug AntiVM BitCoin PE File PE32 OS Processor Check VirusTotal Malware Buffer PE PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder sandbox evasion WriteConsoleW human activity check Windows ComputerName Remote Code Execution DNS Cryptographic key	2 Keyword trend analysis	1			15.4	M	45	ZeroCERT

8600	2023-09-16 14:07	lnvoice#72993.js c30210ad2757650d770fe2cbe1f92034 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	3 Keyword trend analysis				5.2		2	ZeroCERT

8601	2023-09-16 14:06	u1S4ZLAEvK7pLe4neo.exe fcc631505adee1c8b0d922049de0c493 Generic Malware .NET framework(MSIL) Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell Buffer PE PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					12.4	M	32	ZeroCERT

8602	2023-09-16 14:05	promot_s.msi 96d99e6c2e7c358b9d663595d3af5f27 Generic Malware Malicious Library CAB MSOffice File OS Processor Check VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check Tofsee ComputerName	2 Keyword trend analysis	7	1		4.2	M	4	ZeroCERT

8603	2023-09-16 14:04	igccu.exe 7792584e7661ad0c5fee992337ebf3bd NSIS UPX Malicious Library PE File PE32 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed					4.0	M	48	ZeroCERT

8604	2023-09-15 19:12	promot_s.msi 96d99e6c2e7c358b9d663595d3af5f27 Generic Malware Malicious Library CAB MSOffice File OS Processor Check VirusTotal Malware Buffer PE suspicious privilege Check memory Checks debugger buffers extracted unpack itself AntiVM_Disk VM Disk Size Check Tofsee ComputerName	2 Keyword trend analysis	7	1		4.2		3	ZeroCERT

8605	2023-09-15 18:38	IMG_2021_07_11_536734643256_sq... d08f9a6a665c0f7de85a106adfbcef0d Create Service Escalate priviledges AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware suspicious privilege Code Injection Creates shortcut unpack itself Tofsee Discord DNS	1 Keyword trend analysis	2	3		2.6		6	ZeroCERT

8606	2023-09-15 18:00	AYReport_EN.exe ec333982af0977d8af5a4984792a4385 PhysicalDrive Generic Malware UPX Malicious Library ASPack Malicious Packer .NET framework(MSIL) Anti_VM PE File PE32 .NET EXE OS Processor Check VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder ComputerName	1 Keyword trend analysis	3			5.8		47	ZeroCERT

8607	2023-09-15 17:37	hkcmd.exe 3950dff062247d4ac80e50a52313f198 Formbook NSIS UPX Malicious Library PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	4 Keyword trend analysis Info http://www.zhperviepixie.com/sy22/?8pM0A2PH=hdFL0kwy0tP2Sq5zkMkXOvLbydzGG5NDjXbLdYDkA/+zwUFtuqh4YP0DuyJcd4UMQHwk1geg&Cda4=inCHhv7P - rule_id: 35635 http://www.docomo-mobileconsulting.com/sy22/?8pM0A2PH=lVM1xi/uUQcXVrGb3v1MnIj4JTU8QNZxAwtnBLuxN6GTboe8PABHdOr2nABXcw5/boXeCr4R&Cda4=inCHhv7P - rule_id: 35906 http://www.sarthaksrishticreation.com/sy22/?8pM0A2PH=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&Cda4=inCHhv7P - rule_id: 35905 http://www.vaskaworldairways.com/sy22/?8pM0A2PH=0xwPlKA6nfVb2/YVENf+IWv5xvicy/R8paHQQCrWR7ymRnci8vQj1/jQPH6Z9LiVJHGqShyE&Cda4=inCHhv7P - rule_id: 35942	9 Info www.uadmxqby.click() - mailcious www.vaskaworldairways.com(71.33.149.60) - mailcious www.docomo-mobileconsulting.com(91.195.240.109) - mailcious www.zhperviepixie.com(167.172.228.26) - mailcious www.sarthaksrishticreation.com(119.18.49.69) - mailcious 167.172.228.26 - mailcious 91.195.240.109 - mailcious 119.18.49.69 - mailcious 71.33.149.60	1	4	4.2	M	40	ZeroCERT

8608	2023-09-15 17:34	expo.exe f94bf3a0e3733958d4973ef664f78927 UPX Malicious Library AntiDebug AntiVM PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Malicious Traffic unpack itself Stealc Browser DNS	1 Keyword trend analysis	1	2	1	4.2	M	38	ZeroCERT

8609	2023-09-15 17:32	deluxe_crypted.exe 5200fbe07521eb001f145afb95d40283 UPX Malicious Library PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5		6.8	M	27	ZeroCERT

8610	2023-09-15 17:32	StrikeNet.exe f2c62f2ee6aa94509c39557a628534a1 .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					4.8	M	38	ZeroCERT