Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9061	2023-11-07 11:30	tuc19.exe a8c3b73f59bdf41eb250cba92fa934f1 Gen1 Emotet Generic Malware Malicious Library UPX Confuser .NET Malicious Packer PE File PE32 MZP Format DLL OS Processor Check CHM Format PE64 DllRegisterServer dll suspicious privilege Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName crashed					4.0	M		ZeroCERT

9062	2023-11-07 11:30	tuc19.exe 63b908a7f395bb899f1d4afbbc472d1e Gen1 Emotet Generic Malware Malicious Library UPX Confuser .NET Malicious Packer PE File PE32 MZP Format DLL OS Processor Check CHM Format PE64 DllRegisterServer dll suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities AppData folder WriteConsoleW Windows ComputerName crashed					4.2	M		ZeroCERT

9063	2023-11-07 11:24	setup294.exe a05ee0fea78a297e1a4182ce9d5cd8a4 Malicious Library AntiDebug AntiVM PE File PE32 DLL Code Injection Check memory Checks debugger Creates executable files unpack itself AppData folder					4.0			ZeroCERT

9064	2023-11-07 11:03	syncUpd.exe a1fd31c9149678ba7c05e3adad8ac568 Malicious Library UPX PE File PE32 OS Processor Check unpack itself					0.8			ZeroCERT

9065	2023-11-07 10:59	File.rar f990fd3d664b4a2cd89a21cb6e2a9911 PrivateLoader Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Malware c&c Microsoft Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself suspicious TLD IP Check PrivateLoader Tofsee Stealc Stealer Windows Discord Browser RisePro DNS Downloader plugin	62 Keyword trend analysis Info http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911 http://157.90.152.131/9ea41fac0af12ade12ae478b6c25112b http://jaimemcgee.top/2a7743b8bbd7e4a7/softokn3.dll http://jaimemcgee.top/2a7743b8bbd7e4a7/msvcp140.dll http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://45.129.14.83/ch.exe - rule_id: 37431 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7mQSCiCXPXX6dRJCYyN_6SMF.exe&platform=0009&osver=5&isServer=0 http://jaimemcgee.top/40d570f44e84a454.php http://94.142.138.131/api/firegate.php - rule_id: 32650 http://91.92.243.151/api/tracemap.php - rule_id: 37889 http://157.90.152.131/ http://94.142.138.131/api/firecom.php - rule_id: 36179 http://jaimemcgee.top/2a7743b8bbd7e4a7/vcruntime140.dll http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://185.172.128.69/latestumma.exe http://stim.graspalace.com/order/tuc19.exe http://176.113.115.84:8080/4.php - rule_id: 34795 http://jaimemcgee.top/2a7743b8bbd7e4a7/freebl3.dll http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab http://jaimemcgee.top/2a7743b8bbd7e4a7/mozglue.dll http://apps.identrust.com/roots/dstrootcax3.p7c http://www.maxmind.com/geoip/v2.1/city/me http://jaimemcgee.top/2a7743b8bbd7e4a7/nss3.dll http://157.90.152.131/getfiles.zip http://jaimemcgee.top/2a7743b8bbd7e4a7/sqlite3.dll https://sun6-21.userapi.com/c236331/u26060933/docs/d11/19c8da91767e/Risepro.bmp?extra=EwSSGzoAfy65GGSvZoW0Ph4KCtfnD5CJ-1u-khJCbN0uxDNn5vNuDAZaJ062NR0l9b6fIdcxu5_fWGeZra_Co2jUpbbfKnN7da75BE-JQqXJESVDc3dX5d4gxqJEeVS6pTXFFfmTxgRtA_-G https://db-ip.com/demo/home.php?s=175.208.134.152 https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://sun6-22.userapi.com/c909418/u26060933/docs/d3/31f5159f58be/11M.bmp?extra=q7yy_WjSO4crX0JQqA0zrRgVKPA_BwhFITi3TkpiBNuBN76H24ifVVzGLVsXACZVJPMeewShQ3SYQq6fit-5m7yQlm5ukIqknODXs8Vp9JEzWjDpr3rUNgeRdS81CpnvMoQd5ItqRXAv6AhZ https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb https://vk.com/doc26060933_667308364?hash=p1GNfmBszTx4xyiyMmHgD2G6gamnOS6Qs3qnmrPFKHD&dl=o2oV7mrCcgrmkinSseauvXVuXZ6QwvOSPW95WlRGhv4&api=1&no_preview=1#test22 https://api.ip.sb/ip https://fdjbgkhjrpfvsdf.online/setup294.exe - rule_id: 37897 https://fdjbgkhjrpfvsdf.online/setup294.exe https://iplogger.com/2lhi52 https://sun6-20.userapi.com/c237031/u26060933/docs/d15/cc14cf618ad2/32ssh7832haf.bmp?extra=fwty-u7t3kuVDKn2Ab1i7boHK4AyOko_2OhckURSgZjMwMr1LMRzcDeu6ldvQCwfDuTH4EEUK6o17LKRsfTQtZt7FslDGR2y6GbdZCCcOp_WNzQ6CUda5D8--pR4RgBxlwovfJ0hDyZTvl6g https://sun6-22.userapi.com/c909218/u26060933/docs/d39/2b5c05ade136/PL_Client.bmp?extra=da599MOTGK0smGFDrYCbIOwnAESK93Bdw8XDZy_0vK13817g4Qsr6AWGWEf5TNMs8D67QVgYFb6fgHXsdA6lLB0kHdsNHYl2LuiA4Cchiwv-echVwulM9pvREF7eyP8R_tYUW-AEg4HMRDmJ https://sun6-20.userapi.com/c909518/u26060933/docs/d43/8987a58e0def/test031123.bmp?extra=LNcfpMmfQ4e1XyE-H-_EewnV5I3alPEAz1GiWT87qEkNNONXDFPJA59B4EdjSf6xHMjU6n27oNDeC6LkauW6gTJWelqIO0xD_w5qx4fnSi4e_urLm5ugwEHcpUfEvxKkJYlSyUrW7_Rggxqw https://db-ip.com/ https://iplis.ru/1Gemv7. https://vk.com/doc26060933_667421028?hash=j3Z25EXZmCIGuFo5YGWwnsvj9inMRrAWT9JdWCHuPks&dl=6wFoCNqOG7czMxkdXxPFPbkcj5eJ4YPZMxmedR2cQPc&api=1&no_preview=1#maff https://vk.com/doc26060933_667265534?hash=QrZOxyJfddotURGFHUaHcRtzBrPYFYi92QMrQaABFRL&dl=YGWXjzH1s6k62LlpR6zC3pzzD02Frvfpv4JhBLkPKVH&api=1&no_preview=1 https://msdl.microsoft.com/download/symbols/index2.txt https://iplis.ru/1Gemv7.mp3 https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=pKXD9T2Ja0HGIo5e8%2Fcvv0Yc9fVtfZRjyHGIX36WiAw%3D&spr=https&se=2023-11-08T02%3A35%3A45Z&rscl=x-e2eid-f67a0683-dccd4cc8-9426d7ad-4812ef6a-session-8414ebf2-89984859-8b4ebbb8-4b169b42 https://sun6-21.userapi.com/c235031/u26060933/docs/d60/17553397c370/BotClients.bmp?extra=-v4zcNPz1jW9QCJnnz9JVzDnTCKGRuMlTveecae_unmKfC9kkvBIvc2-te4xySL_yWe5nnd_YxV37ErLEFEIq7sRTyCvImhVEvmEOPxoun1R7sPoot0d8T6T-hCuuHgaJPUBO994jw7jL9uK https://vk.com/doc26060933_667404716?hash=N6wI3Dlu78zPmfalwE3rKRJ5FgIIyxAz1ZSoOw7ouQH&dl=0VFQn4zxEraMQuKRozZh3ZwLpQ7M6m03jjzYZOUAFTs&api=1&no_preview=1#1 https://dzen.ru/?yredirect=true https://sun6-20.userapi.com/c909328/u26060933/docs/d21/2cc2e6a109e1/crypted.bmp?extra=9329IUX2R9ECqwn1fgB2PsRHAwQiQF5IfXGz4Zcmshfj4-Cj0fSAuhRKbvx9FrgziFPry0eDKAetw1594ZxN3J8BTfYgczRhpTltfTyzn7_w9u923JOSl6UEO6RWfLQLPDaqGx3wAzBNy5bf https://api.2ip.ua/geo.json https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=CW2TdsX3u%2FEQJoPaUT23mMNV3SioEW9ghTlKz0cDkKQ%3D&spr=https&se=2023-11-08T02%3A12%3A02Z&rscl=x-e2eid-ca1ed09a-9ce84dbe-b0dda930-7b12b38c-session-42f81510-df9e406c-a337da90-7f880c70 https://vk.com/doc26060933_667379359?hash=RBD5wFZgphBd3Ltpr4zpvlKC5PFFn4lKiLxULYoChgD&dl=BKPDJrFBQ4b0FMpKZWHc5lZ9DL91O9orwTtaREbcz98&api=1&no_preview=1#rise10 https://sun6-21.userapi.com/c235031/u26060933/docs/d9/bc2848036729/RisePro.bmp?extra=SP1QdjCI8oU_xuYoIIuZttGFNgWH7AbE6JwtZ38DSR0pO-h7FoRCvnKkufqlmQ46-FAtSfPZhinV1S-bj-wfjvlOR9IAT1ozrONeI06QH8DZwg9_d29MnpwcitMyaiN5iQdqTV0kMpewNZlg https://vk.com/doc26060933_667364987?hash=BHX3WK0Px3UZYC6KUcanvJ8pCPk0aSa1CJ1a0crl1aL&dl=Y5COLZGRCC7rDCjMPJPVPA4Y0k1NZaZCa4v1PlcGmn8&api=1&no_preview=1 https://steamcommunity.com/profiles/76561199566884947 https://vk.com/doc26060933_667359908?hash=yQKoVWnfjFhzr903ZjYqRdETfhHRvOA3tdbWxY3zKzD&dl=zw8EgRqlD4zpJ6OqofPR0yVWnKxxgpXEHD0enFFWN4c&api=1&no_preview=1#risepro https://sun6-21.userapi.com/c235031/u26060933/docs/d17/db2aaaddfe32/WWW11_32.bmp?extra=LvgMZ5BcJibniVvg_xQUErj_9kLnqOtcusmOUyUjOIXbjkKeGQ7pW-CoV7IrznBP2wJiu4NzODsIVN7qO0IUK8lgpYQX9G5kXyxutFPWFhIaYYMu_JdxGjVFCbYekkWVqM3_yu14LtRG8yAR https://iplis.ru/1Gem https://sso.passport.yandex.ru/push?uuid=98d9fd1b-f887-410d-b8db-d30bf2bd21b5&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://iplis.ru/1	93 Info stim.graspalace.com(104.21.20.155) www.maxmind.com(104.18.145.235) db-ip.com(104.26.5.15) vanaheim.cn(158.160.73.47) - mailcious www.download.windowsupdate.com(23.199.34.11) ipinfo.io(34.117.59.81) yandex.ru(5.255.255.77) jaimemcgee.top(193.106.175.190) dzen.ru(62.217.160.2) medfioytrkdkcodlskeej.net(91.215.85.209) - malware learn.microsoft.com(23.36.221.172) api.2ip.ua(104.21.65.24) steamcommunity.com(104.76.78.101) - mailcious iplogger.org(148.251.234.83) - mailcious twitter.com(104.244.42.1) msdl.microsoft.com(204.79.197.219) cdn.discordapp.com(162.159.135.233) - malware sun6-20.userapi.com(95.142.206.0) - mailcious api.db-ip.com(104.26.4.15) ironhost.io(172.67.193.129) telegram.org(149.154.167.99) stun3.l.google.com(142.251.2.127) walkinglate.com(172.67.212.188) - malware api.ip.sb(104.26.13.31) iplogger.com(172.67.194.188) - mailcious gons09fc.top(212.113.122.87) - malware zexeq.com(201.110.235.204) - malware server3.localstats.org(185.82.216.111) t.me(149.154.167.99) - mailcious vsblobprodscussu5shard10.blob.core.windows.net(20.150.79.68) fdjbgkhjrpfvsdf.online(104.21.87.5) iplis.ru(172.67.147.32) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious sun6-22.userapi.com(95.142.206.2) - mailcious bd178ff8-29e6-47f2-a804-23d45a4bfa60.uuid.localstats.org(185.82.216.111) vsblobprodscussu5shard58.blob.core.windows.net(20.150.79.68) vk.com(87.240.129.133) - mailcious sso.passport.yandex.ru(213.180.204.24) api.myip.com(172.67.75.163) 194.169.175.128 - mailcious 162.159.133.233 - malware 104.18.145.235 93.186.225.194 - mailcious 62.217.160.2 104.244.42.1 - suspicious 104.26.5.15 5.255.255.70 157.90.152.131 - mailcious 149.154.167.99 - mailcious 104.21.65.24 91.215.85.209 - mailcious 45.129.14.83 - malware 104.21.12.138 185.82.216.111 204.79.197.219 23.40.45.69 185.173.38.57 194.49.94.41 - mailcious 172.67.193.43 212.113.122.87 - malware 85.209.11.85 - mailcious 194.49.94.48 - malware 34.117.59.81 158.160.73.47 176.113.115.84 - mailcious 148.251.234.83 172.67.147.32 194.33.191.60 194.169.175.118 - mailcious 23.33.32.64 91.92.243.151 - mailcious 185.172.128.69 - malware 104.21.57.237 - mailcious 172.253.117.127 14.33.209.147 20.150.38.228 121.254.136.9 194.49.94.97 - malware 23.67.53.17 104.26.9.59 104.26.4.15 104.21.87.5 95.142.206.2 - mailcious 95.142.206.1 - mailcious 95.142.206.0 - mailcious 45.15.156.229 - mailcious 104.21.23.184 - malware 213.180.204.24 104.26.13.31 193.106.175.190 - malware 80.66.75.77 - mailcious 104.76.78.101 - mailcious 94.142.138.131 - mailcious	57 Info ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) SURICATA Applayer Mismatch protocol both directions ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET DROP Spamhaus DROP Listed Traffic Inbound group 19 ET DNS Query to a .top domain - Likely Hostile ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a .top domain ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET HUNTING Possible EXE Download From Suspicious TLD ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET HUNTING Suspicious services.exe in URI ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO TLS Handshake Failure ET INFO EXE - Served Attached HTTP ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO Observed Telegram Domain (t .me in TLS SNI) ET MALWARE Redline Stealer Activity (Response) ET INFO Dotted Quad Host ZIP Request ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET MALWARE Win32/Stealc Requesting browsers Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Stealc Requesting plugins Config from C2 ET MALWARE Win32/Stealc Active C2 Responding with plugins Config ET MALWARE Win32/Stealc Submitting System Information to C2 ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET INFO Observed Discord Domain in DNS Lookup (discordapp .com) ET INFO Observed Discord Domain (discordapp .com in TLS SNI) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)	10 Info http://zexeq.com/test2/get.php http://45.15.156.229/api/tracemap.php http://45.129.14.83/ch.exe http://45.15.156.229/api/firegate.php http://94.142.138.131/api/firegate.php http://91.92.243.151/api/tracemap.php http://94.142.138.131/api/firecom.php http://94.142.138.131/api/tracemap.php http://176.113.115.84:8080/4.php https://fdjbgkhjrpfvsdf.online/setup294.exe	7.2	M		ZeroCERT

9066	2023-11-07 10:13	bRoC.exe 07807c652283c997837c931b41c45f24 PE File PE32 .NET EXE VirusTotal Malware Tofsee	1 Keyword trend analysis	3	1		1.6		53	ZeroCERT

9067	2023-11-07 10:12	aww.exe 3d74ec695d023d5a66cb239354445734 Malicious Library Malicious Packer PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5		6.4	M	48	ZeroCERT

9068	2023-11-07 10:12	Runtime.exe bcbbef1fa9490ce2337f1bd74480e428 PE File PE64 VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					2.2		23	ZeroCERT

9069	2023-11-07 09:52	SFT.zip 882e1e40bd642dac255ec144e37e06d0 ZIP Format Malware Malicious Traffic DNS	2 Keyword trend analysis	3	2		1.4			guest

9070	2023-11-07 09:46	EHSU.zip 056f1e5e64d6246b96f5fa6b3322f3e1 ZIP Format Malware Malicious Traffic DNS	2 Keyword trend analysis	3	2		1.4			guest

9071	2023-11-07 09:22	owenzx.exe 8311a1beb1bde04ce733fba1f436bad6 Formbook PWS AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself ComputerName	1 Keyword trend analysis	3	1	1	9.0	M	24	ZeroCERT

9072	2023-11-07 07:58	InstallSetup2.exe ad27582b0ebc76918e74b90d1cbff760 NPKI HermeticWiper NSIS Generic Malware Suspicious_Script Malicious Library UPX Antivirus Malicious Packer Admin Tool (Sysinternals etc ...) Anti_VM Javascript_Blob PE File PE32 PNG Format JPEG Format OS Processor Check ZIP Format icon BMP Format PE64 CAB Malware Check memory Creates executable files unpack itself AppData folder AntiVM_Disk VM Disk Size Check Ransomware					5.0	M		ZeroCERT

9073	2023-11-07 07:58	IGCC.exe a3bb5280d95d7c638240975925c013ac AgentTesla Generic Malware Antivirus PWS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		2	4		14.4	M		ZeroCERT

9074	2023-11-07 07:56	Protected.exe a22595ce0f38b327951c42e18ad3eaaf Formbook Raccoon Stealer Generic Malware UPX Admin Tool (Sysinternals etc ...) AntiDebug AntiVM PE File PE32 FormBook Malware download Malware Buffer PE suspicious privilege Code Injection Malicious Traffic buffers extracted RWX flags setting unpack itself	3 Keyword trend analysis Info http://www.girls-at-a.click/rc2i/?8pgH7lkH=E/1tO4wckFnUj5r6Mek1MK6qxqh+MNpqxX62qUo/yHILb4RDko+mEDIRwUXasmHYtjE3r6zq&2db=X4XDHTl0 http://www.frigologs.net/rc2i/?8pgH7lkH=JMuXra6KLloehiIxah32YYIrpkp4yqFQBWLG4SlpgDQ2uypTth0DZqxKn0UMZge3bEIRVVry&2db=X4XDHTl0 http://www.susanlwhite.com/rc2i/?8pgH7lkH=MaOYfyBNes/ubUN0ufXoKAAMFsk0xNTDfGl/3JxviWmCwgRY/0dIDwWxnHwhgmI11BxwuOlp&2db=X4XDHTl0	7	2		5.6	M		ZeroCERT

9075	2023-11-07 07:53	damianozx.exe 7cfd00516e3d24c4b1227d6754f0aafa PWS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName DNS Software crashed		2	4		10.0	M		ZeroCERT