Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9091	2023-08-25 19:26	lolMiner.exe 03ab160d92dd13e549a778a844d008b4 PE File PE64 VirusTotal Malware Checks debugger					2.2	M	44	ZeroCERT

9092	2023-08-25 18:53	http://cdn.tim.ticdn.it Downloader Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PNG Format MSOffice File JPEG Format Code Injection ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	2		6.0			guest

9093	2023-08-25 18:40	QuiteRAT.exe c027d641c4c1e9d9ad048cda2af85db6 Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware Checks debugger Check virtual network interfaces	1 Keyword trend analysis	2			3.0		46	ZeroCERT

9094	2023-08-25 18:27	a15pupoq0.exe 554a40726167555954ffb9331b339ddc LokiBot Malicious Library UPX PWS AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces Tofsee Ransomware Windows Browser ComputerName Software	1 Keyword trend analysis	2	1		11.8	M	49	ZeroCERT

9095	2023-08-25 18:27	2.exe d5eb2ad29761398ed7bcaf3648265ea1 Confuser .NET PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName DNS		2			5.0	M	48	ZeroCERT

9096	2023-08-25 18:26	super.exe 3d7e315d68b9e21a5515158144d4c589 Malicious Library UPX Malicious Packer AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check PE64 Malware download Amadey VirusTotal Cryptocurrency Miner Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Kelihos Windows ComputerName DNS CoinMiner	1 Keyword trend analysis	7	11 Info ET MALWARE Possible Kelihos.F EXE Download Common Structure ET INFO Executable Download from dotted-quad Host ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)	1	14.0	M	43	ZeroCERT

9097	2023-08-25 18:25	finally.exe 9dc8d8fddf5c5ef3d8adac9b0146558a RedLine Infostealer RedLine stealer .NET framework(MSIL) UPX Confuser .NET OS Processor Check PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)		7.4	M	50	ZeroCERT

9098	2023-08-25 18:23	PM_INJECT.exe 7ec73c3cdb2ab4d8ead126d75d8e75e6 UPX OS Processor Check PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself					1.4	M	16	ZeroCERT

9099	2023-08-25 18:22	RazerSynapse.exe 8dbfd9f45c20a8827b0285ede7fa3701 RedLine Infostealer RedLine stealer .NET framework(MSIL) UPX Confuser .NET OS Processor Check PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)		6.2	M	40	ZeroCERT

9100	2023-08-25 18:21	Install.exe 3813559c9eeac4f4dc8b7b322b695007 Gen1 Generic Malware Malicious Library UPX Malicious Packer OS Processor Check PE File PE64 VirusTotal Malware Check memory Tofsee		2	2		0.8	M	2	ZeroCERT

9101	2023-08-25 18:20	NMK9938.exe c573e900611f78a87d128236180d56db Confuser .NET PE File .NET EXE PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Check virtual network interfaces ComputerName DNS		1			5.0	M	48	ZeroCERT

9102	2023-08-25 18:18	6a8ifVD8qEneo.exe 5c4eb96caa0fc3642fb5656644241eac Malicious Library PWS SMTP KeyLogger AntiDebug AntiVM PE File PE64 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2		9.8	M	30	ZeroCERT

9103	2023-08-25 18:18	Encrypted123.exe a0eb9e7e92218a18f3033667f414551b Malicious Library UPX Malicious Packer Socket Http API ScreenShot Code injection Internet API Anti_VM AntiDebug AntiVM OS Processor Check PE File PE64 DLL VirusTotal Malware Code Injection Checks debugger buffers extracted Creates executable files DNS		1			8.6	M	39	ZeroCERT

9104	2023-08-25 18:18	installs.exe b5740976a2285bcd92c4625eec726684 DGA Http API HTTP ScreenShot Internet API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Firmware crashed	3 Keyword trend analysis	2	1		14.8	M	29	ZeroCERT

9105	2023-08-25 18:16	signed.exe ec8952a8dcbbfaa1fb6fda23df851402 Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware PDB					1.8	M	45	ZeroCERT