Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8731	2023-11-27 10:05	a.ps1 d80666f445b6a86fbf383d69186a2cae Generic Malware Antivirus VirusTotal Malware Check memory Creates executable files unpack itself Windows DNS Cryptographic key					2.4		10	ZeroCERT

8732	2023-11-27 10:02	traff.html 1741302811bd4ccf06fe466aa79a7c4f Suspicious_Script_Bin AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			ZeroCERT

8733	2023-11-27 09:39	balotek2.1.exe cf52e32f7257ad06e9436c2090585f55 NSIS Malicious Library UPX PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	4 Keyword trend analysis Info http://www.earthdatascape.com/t2ti/?tXxh=kstlMeg9IcwzJYyFLKGxy4q3LInO5BAGxn+RlyiQLQgBmQ7dbCQPEHLv7OQh7nVjyOSdc9Py&U48Hj=Nte0PL1048jDrzg http://www.merelweb.com/t2ti/?tXxh=BOOThCPjnUM7lSCFBnH2BimjClSgW0h7VqsAOgTwhlCUKhxaVw8OFbF4wmCxnm287AtkZOd7&U48Hj=Nte0PL1048jDrzg http://www.studio352events.com/t2ti/?tXxh=8VRVJ2RxNdqDCe39p/mzazLWBvMIpzi1TvcwnZg1FNPprXhJpJwCdr2o+lwBqF61wTFgCK1+&U48Hj=Nte0PL1048jDrzg http://www.office-honu.com/t2ti/?tXxh=tZ9f+xkGPYGlMQD6QUQgW7Bu5011mP3F3RfKADEubwWsw8RZnTP/abNvRo2Y4yuWOfFkav01&U48Hj=Nte0PL1048jDrzg	8	1		4.2	M	48	ZeroCERT

8734	2023-11-27 09:38	UnityLibManager.exe 1cf04f58323fc1139560daee9b3d1831 Gen1 RedLine stealer NSIS Downloader Generic Malware Malicious Library UPX Malicious Packer Javascript_Blob Anti_VM PE32 PE File ftp DLL PE64 OS Processor Check MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files RWX flags setting unpack itself Check virtual network interfaces AppData folder IP Check Ransomware crashed		1			6.2		1	ZeroCERT

8735	2023-11-27 09:38	amd.exe f4ba796f39305262e65d0ebd9d0ee33e Amadey Themida Packer Malicious Library UPX Admin Tool (Sysinternals etc ...) .NET framework(MSIL) PWS Anti_VM AntiDebug AntiVM PE32 PE File DLL OS Processor Check .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VirtualBox Detects VMWare Check virtual network interfaces suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check SectopRAT Windows Browser Backdoor ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed Downloader	2 Keyword trend analysis	5	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Arechclient2 Backdoor CnC Init ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	23.8	M	60	ZeroCERT

8736	2023-11-27 09:36	PsExec.exe 9f26f723df0ce1ad3e928f983dffc61e Malicious Library .NET framework(MSIL) UPX PE32 PE File MZP Format JPEG Format DLL .NET EXE VirusTotal Malware AutoRuns Check memory Checks debugger Creates executable files unpack itself AppData folder Tofsee Windows Advertising Google ComputerName DNS DDNS crashed keylogger	1 Keyword trend analysis	7	2		8.8	M	63	ZeroCERT

8737	2023-11-27 09:34	windows_amd64.exe 42da12e3d8a9fc15574df76234e52b57 UPX PE File PE64 VirusTotal Malware Check virtual network interfaces DNS		1	1		3.6	M	41	ZeroCERT

8738	2023-11-27 09:33	client.exe 0170f9a9cf779fefa88e3a93dd551712 Malicious Library Malicious Packer Antivirus UPX PE File PE64 ftp OS Processor Check WriteConsoleW					1.4	M		ZeroCERT

8739	2023-11-27 09:31	updater.exe 2ef140966b38a9c3025a123423e36667 Gen1 RedLine stealer NSIS Downloader Generic Malware Malicious Library UPX Malicious Packer Anti_VM Javascript_Blob PE32 PE File ftp DLL OS Processor Check PE64 MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself AppData folder Ransomware					3.2		3	ZeroCERT

8740	2023-11-27 09:30	hv.exe 36bd43b2792ce1ea475f91074eb2ef61 Admin Tool (Sysinternals etc ...) .NET framework(MSIL) UPX Malicious Library PE32 PE File .NET EXE DLL OS Processor Check VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder Windows Cryptographic key crashed					8.2		15	ZeroCERT

8741	2023-11-27 09:30	axx.exe 37ef17ae6a134a55482b0d84126d2ab8 Malicious Library PE File PE64 VirusTotal Malware RWX flags setting DNS		1			3.2	M	52	ZeroCERT

8742	2023-11-27 09:27	64_6666.exe dbfe72085ba54253275429f078307fbd PE File PE64 VirusTotal Malware					2.4	M	59	ZeroCERT

8743	2023-11-27 09:26	demon.exe 73053ed899ed813b3113ad2a588b446d Generic Malware Malicious Packer PE File PE64 VirusTotal Malware unpack itself					2.6	M	48	ZeroCERT

8744	2023-11-27 09:25	build.exe 4ae6e509138d9525ca9d01c477958d4e Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself					1.8	M	40	ZeroCERT

8745	2023-11-26 13:58	updates.exe 2b5eca0c8dcfd123b1790a137feb4146 Browser Login Data Stealer NetWire RAT Malicious Library Malicious Packer UPX PE File PE64 PE32 OS Processor Check Lnk Format GIF Format VirusTotal Malware AutoRuns Check memory Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName DNS DDNS		1	1		6.0	M	51	ZeroCERT