Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
8836	2023-09-07 09:34	http://doh.dns.apple.com Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed		6	2	5.4			guest

8837	2023-09-07 09:26	clip64.dll ec41f740797d2253dc1902e71941bbdb Amadey Malicious Library UPX Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 VirusTotal Malware PDB				1.4	M	51	ZeroCERT

8838	2023-09-07 09:26	clip64.dll 2ac6d3fcf6913b1a1ac100407e97fccb Amadey Malicious Library UPX Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 VirusTotal Malware PDB				1.4	M	52	ZeroCERT

8839	2023-09-07 09:23	PaymentProofsigned.exe 302ed52d9459e06cc2d4b81de0e2295c Emotet Gen1 WinRAR Malicious Library UPX AntiDebug AntiVM OS Processor Check PE File PE32 DllRegisterServer dll JPEG Format DLL VirusTotal Malware AutoRuns PDB Code Injection Check memory Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows Remote Code Execution DNS DDNS		2	2	8.4		9	ZeroCERT

8840	2023-09-07 07:51	lega.exe 057dbdad1deb880524aa84b798e0cbe4 Gen1 Emotet RedLine Infostealer RedLine stealer Malicious Library UPX Malicious Packer .NET framework(MSIL) Confuser .NET CAB PE File PE32 OS Processor Check .NET EXE AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Disables Windows Security AppData folder AntiVM_Disk VM Disk Size Check Windows Update Remote Code Execution				6.0			ZeroCERT

8841	2023-09-07 07:46	%d0%a1hr%d0%bem%d0%b5U%d1%80d%... ab21fb252180c05311c10a70dd9d7ca3 Malicious Library UPX Malicious Packer OS Processor Check MZP Format PE File PE64 Check memory				1.4			ZeroCERT

8842	2023-09-07 07:39	31839b57a4f11171d6abc8bbc4451e... 78724fd5de931eb917b1b7780ffe8b6e Malicious Library UPX OS Processor Check PE File PE32 PDB Remote Code Execution				0.8			ZeroCERT

8843	2023-09-07 07:36	gqnz5n3uw.exe 960ad642a742e6833e4aaf3d10666b59 Malicious Library UPX PWS SMTP AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	4	9.8	M		ZeroCERT

8844	2023-09-07 07:35	DCRatBuild.exe 9da06061dc31c1f8b2c499ed8baeea41 Gen1 Malicious Library UPX AntiDebug AntiVM OS Processor Check PE File PE32 .NET EXE PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Remote Code Execution				6.6	M		ZeroCERT

8845	2023-09-07 07:34	foto7866.exe fda902ddad448638329789df2c07b8fd Gen1 Emotet Malicious Library UPX CAB PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1	11.2	M		ZeroCERT

8846	2023-09-07 07:33	fotod780.exe cbef3e310e728779c219a307e7bc945d Gen1 Emotet Browser Login Data Stealer RedLine Infostealer RedLine stealer Malicious Library UPX .NET framework(MSIL) Confuser .NET CAB PE File PE32 OS Processor Check .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)	11.2	M		ZeroCERT

8847	2023-09-07 07:33	obizx.exe c7b7429d818db00722301ef2464a966e PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger		3	2	10.8	M		ZeroCERT

8848	2023-09-07 07:30	calc2.exe 34ea458650ddb832351e5c150c9c4cb1 Malicious Library UPX OS Processor Check PE File PE32 unpack itself				1.2			ZeroCERT

8849	2023-09-07 07:30	ss41.exe 8e5651e25e0e81274e3e86b0dae11103 Malicious Library UPX Malicious Packer PE File PE64 PDB unpack itself Tofsee Remote Code Execution	1 Keyword trend analysis	2	2	0.8			ZeroCERT

8850	2023-09-06 18:43	svchost.exe fc01ca87b1829a0b40797d9b2ba9f222 PE File							guest