Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8656	2023-09-14 13:39	convert-pdf-359.js 5e554b41294605c0d114677cb3aec892 Generic Malware UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows	1 Keyword trend analysis	5			7.2			ZeroCERT

8657	2023-09-14 13:34	c4f68ba4.exe f4d73b7bcfcdc85f236054d09e6ad097 UPX Malicious Library PE File PE32 OS Processor Check VirusTotal Malware unpack itself					1.8		32	ZeroCERT

8658	2023-09-14 13:29	F.exe be5d8aca3a377e02a7effcdc07029afd AgentTesla RedLine Infostealer UltraVNC UPX Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	5		12.2	M	48	ZeroCERT

8659	2023-09-14 13:25	doclam20230813.exe cb8d2cb4372947471ba2f6a7bc3a9c35 PWS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	3	1		16.8	M	47	ZeroCERT

8660	2023-09-14 08:04	docnic20230913.exe 4b4b3b837140b27b5e762b8e89c70238 PWS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	3	1		15.6	M		ZeroCERT

8661	2023-09-14 08:02	docyo20230813.exe ab928fbd4830f07cf7ac488dca1e746d PWS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger	2 Keyword trend analysis	5	1		16.2	M		ZeroCERT

8662	2023-09-14 07:59	docdav20230813.exe 3588601a591bb350581fa5a106db731f PWS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	3	1		15.6			ZeroCERT

8663	2023-09-14 07:57	docjosh20230813.exe eac56810ae04fc2704b1b89559841ee3 PWS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	3	1		16.8		45	ZeroCERT

8664	2023-09-14 07:55	docrw20230913.exe 5f9584f6c166a954bdd76b21217bf837 PWS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	3	1		16.8		47	ZeroCERT

8665	2023-09-14 07:54	docmax20230813.exe edbe2f8eda4005da44e877b8c2c99163 PWS AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces suspicious process Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger	2 Keyword trend analysis	3	1		16.8		45	ZeroCERT

8666	2023-09-14 07:51	foto5445.exe 0a0d272e135bf0aa2379f588b2391c84 RedLine stealer Gen1 Emotet RedLine Infostealer Browser Login Data Stealer UPX Malicious Library .NET framework(MSIL) Confuser .NET Escalate priviledges ScreenShot persistence PWS AntiDebug AntiVM PE File PE32 OS Processor Check CAB .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealc Stealer Windows Update Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1	1	20.0	M	36	ZeroCERT

8667	2023-09-14 07:50	Mar.exe 55f845c433e637594aaf872e41fda207 UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check PDB					0.2	M		ZeroCERT

8668	2023-09-14 07:48	pub1.exe 655655e9b1744d3fc9c5772e7be8a48d UPX Malicious Library PE File PE32 OS Processor Check VirusTotal Malware unpack itself					1.6	M	29	ZeroCERT

8669	2023-09-14 07:48	CB.exe f89a7590147ed0c19e142705acf490af RedLine Infostealer UltraVNC UPX Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	5		12.2		40	ZeroCERT

8670	2023-09-14 07:46	Services.exe e962e5b9badb08fa227761855fedf45f UPX Malicious Library VMProtect PE File PE32 VirusTotal Malware Remote Code Execution					2.4		61	ZeroCERT