Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	VT	Player
9091	2023-11-06 10:53	mnr.exe 6584c57539dd7f05013ecd3806683fb4 UPX Malicious Packer PE File PE64 OS Processor Check suspicious privilege MachineGuid Check memory Checks debugger unpack itself anti-virtualization ComputerName				3.8		ZeroCERT

9092	2023-11-06 10:17	lq0bp.vbs ea41f9bee135305e27c09f8de3737b15 Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			6.0	11	ZeroCERT

9093	2023-11-06 10:00	timeSync.exe cf5cb731825863750c4b86a3df164db7 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself				2.0	32	ZeroCERT

9094	2023-11-06 09:59	1 b6be80abf1b338d6b1b11462aa4b86b4 UPX Downloader PE File PE32 VirusTotal Malware crashed				1.6	10	ZeroCERT

9095	2023-11-06 09:57	mstsc.exe 1ec8db165fd00337acf3097ce1105055 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself DNS		1		2.6	52	ZeroCERT

9096	2023-11-06 09:55	x-1 d963ef1ca1c2ee60eaf77d1c394e9564 Malicious Library UPX Downloader PE File DLL PE32 JPEG Format ZIP Format Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself sandbox evasion Windows Browser ComputerName DNS Downloader	4 Keyword trend analysis	2	6 Info ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/WSF Downloader Dec 08 2016 M7 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	8.4	33	ZeroCERT

9097	2023-11-06 09:54	agodzx.exe c65810b74dedc88ca0256ecb11a927cb UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself DNS		1		6.0	51	ZeroCERT

9098	2023-11-06 09:52	MKiJjiii77.exe 5aefabd29d2955e7c86c5c6a24f2502b LokiBot Confuser .NET PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Windows Browser Email ComputerName Software crashed keylogger		2	2	10.8	41	ZeroCERT

9099	2023-11-06 09:52	nonnyzx.exe a7871243c89d91c612b5611003531e30 UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.6	53	ZeroCERT

9100	2023-11-06 09:51	d-7 802cf804f8e94474c805d2fba97c2f41 Malicious Library Downloader UPX AntiDebug AntiVM PE File DLL PE32 JPEG Format ZIP Format Malware download VirusTotal Malware Code Injection Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself Windows utilities suspicious process sandbox evasion Windows Browser ComputerName DNS Downloader	4 Keyword trend analysis	2	5	8.2	37	ZeroCERT

9101	2023-11-06 09:51	defounderzx.exe 2ed10c1ecb18c82e28180b08eb96fbc2 LokiBot .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Windows Discord Browser Email ComputerName DNS crashed keylogger	1 Keyword trend analysis	2	3	12.6	44	ZeroCERT

9102	2023-11-06 09:49	amday.exe 3e478dcc2a01b6115012627f06045690 Themida Packer Downloader UPX Malicious Packer VMProtect Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Hijack Network Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM Malware download Amadey VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process AppData folder malicious URLs WriteConsoleW VMware anti-virtualization Windows ComputerName Remote Code Execution Firmware DNS crashed Downloader	3 Keyword trend analysis	5	5 Info ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	16.2	28	ZeroCERT

9103	2023-11-06 09:48	Output.exe f5c18dc1c7bb825ab9355fcf0772f398 UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself ComputerName DNS		1		2.2	12	ZeroCERT

9104	2023-11-06 09:45	governorzx.exe 45ab39f2cc353535047f5a5d4e8bcbd1 LokiBot PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed		4	6 Info ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup SURICATA Applayer Detect protocol only one direction ET MALWARE AgentTesla Exfil Via SMTP	12.4	47	ZeroCERT

9105	2023-11-06 09:43	MMkNn.exe 576ea37ddee70b9062761e4bcc0c6a64 RedLine Infostealer UltraVNC Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows DNS Cryptographic key crashed	1 Keyword trend analysis	3	5 Info ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Observed File Transfer Service SSL/TLS Certificate (transfer .sh)	4.0	55	ZeroCERT