Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8926	2023-09-04 09:37	Amadey.exe 5f7b99739158d0b321c6c1e673365956 Malicious Library UPX Malicious Packer OS Processor Check PE File PE32 VirusTotal Malware PDB Check memory Windows utilities suspicious process WriteConsoleW Windows					3.0		55	ZeroCERT

8927	2023-09-04 09:34	cred64.dll bb0775d62b675a99bf113a5282ee527d Browser Login Data Stealer Malicious Library UPX OS Processor Check DLL PE File PE64 VirusTotal Malware PDB					1.6	M	49	ZeroCERT

8928	2023-09-04 07:50	Meduza.exe c6068c2c575e85eb94e2299fc05cbf64 Malicious Library UPX Malicious Packer OS Processor Check PE File PE64 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic Windows utilities suspicious process IP Check installed browsers check Tofsee Ransomware Windows Browser Email ComputerName Trojan Banking DNS		3	3		13.8	M	32	ZeroCERT

8929	2023-09-04 07:48	infolive_setup.exe 22b68c2a1c11338ab377d6767ebe31b2 Gen1 Emotet Generic Malware WinRAR Malicious Library UPX Antivirus Downloader Admin Tool (Sysinternals etc ...) OS Processor Check PE File PE32 MSOffice File DLL DllRegisterServer dll CAB MZP Format Lnk Format GIF Format ftp VirusTotal Malware PDB Check memory Creates shortcut Creates executable files RWX flags setting unpack itself suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check ComputerName Remote Code Execution crashed					4.8	M	12	ZeroCERT

8930	2023-09-04 07:46	KiffAppU1.exe 878666961d42fe694fd4fbea9c121580 Generic Malware PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.4	M	29	ZeroCERT

8931	2023-09-04 07:45	chrome.exe 4dc922beacbbd78690a084e451fe420e Generic Malware Malicious Library PE File PE32 PDB Remote Code Execution					0.8	M		ZeroCERT

8932	2023-09-04 07:43	winlog.exe 062fe47e8efc9041880ed273eda7c8f3 UPX MPRESS PE File PE64 VirusTotal Malware crashed					2.0	M	41	ZeroCERT

8933	2023-09-04 07:41	VBA65-KB974945-x86-EN.exe b88cc7ba6a01daf0de338ee2c656864e Emotet Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX Antivirus PE File PE32 PE64 CAB OS Processor Check .NET EXE VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key crashed					7.8		42	ZeroCERT

8934	2023-09-04 07:41	i.exe 145788636ed26bce28ca5d65cd05d138 Malicious Packer PE File PE32 VirusTotal Malware unpack itself DNS		1			3.6		59	ZeroCERT

8935	2023-09-04 07:33	http://94.26.226.51/panel/new_... Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM VirusTotal Malware malicious URLs					2.0			guest

8936	2023-09-03 08:30	lnvoice_1882936796.js 311659f38280eeeee131b4a2381cfa91 Generic Malware Antivirus powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis				4.8			ZeroCERT

8937	2023-09-02 18:57	rockas.exe 98628dba1be12d83b13f1b2bd25d85b6 Amadey RedLine stealer Emotet Malicious Library .NET framework(MSIL) UPX Malicious Packer MPRESS PWS ScreenShot AntiDebug AntiVM PE File PE32 PE64 .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder WriteConsoleW installed browsers check Kelihos Tofsee Stealer Windows Browser ComputerName Trojan DNS Cryptographic key Software crashed	7 Keyword trend analysis Info http://95.214.27.254/getfile/msedge.exe - rule_id: 36103 http://95.214.27.254/getfile/winlog.exe - rule_id: 36102 http://5.42.65.80/4t.exe - rule_id: 36127 http://5.42.65.80/softtool.exe http://95.214.27.254/getfile/taskhost.exe http://5.42.65.80/alldata.exe http://5.42.65.80/8bmeVwqx/index.php - rule_id: 36023	6	17 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET INFO Executable Download from dotted-quad Host ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING SUSPICIOUS winlog.exe in URI Probable Process Dump/Trojan Download ET MALWARE Possible Kelihos.F EXE Download Common Structure ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response	4	19.6	M	48	ZeroCERT

8938	2023-09-02 18:53	axb.exe 8f66a9149d62c7a6c8a5e1256c9343eb Malicious Library UPX OS Processor Check PE File PE64 VirusTotal Malware Creates executable files DNS crashed		1			3.8	M	30	ZeroCERT

8939	2023-09-02 18:48	lolcaljefosijfoesnofiegoiesgno... 63cdb37e2bf2928a36eafe3705d30284 AntiDebug AntiVM MSOffice File VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		4.4		14	ZeroCERT

8940	2023-09-02 18:48	lSk9TNygAAlight.exe 7fc12805bd6af1082f3689b424eb3f4c NSIS Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Software crashed keylogger		2	2		8.6	M	33	ZeroCERT