Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9121	2023-11-05 12:36	TrueCrypt_UeKmSb.exe 91dbace5bc17870685f7f8d87fad9965 Generic Malware Malicious Library UPX Malicious Packer PE File PE64 crashed					0.2			ZeroCERT

9122	2023-11-05 12:34	cred64.dll 87afe769b56545d60ae5e27f11be382c Malicious Library UPX PE File DLL PE64 OS Processor Check Browser Info Stealer FTP Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Malicious Traffic Checks debugger unpack itself Windows utilities sandbox evasion installed browsers check Windows Browser DNS Software	1 Keyword trend analysis	1			6.2			ZeroCERT

9123	2023-11-05 12:34	plink.exe 7e559dc4e162f6aaee6a034fa2d9c838 Malicious Library PE File PE32 FTP Client Info Stealer WriteConsoleW DNS Software		1			1.4			ZeroCERT

9124	2023-11-05 12:32	clip64.dll 2697c66fd4cdba6a908f3bbf389a6459 Amadey Malicious Library UPX PE File DLL PE32 OS Processor Check Malware PDB Malicious Traffic Checks debugger unpack itself DNS	1 Keyword trend analysis	1			2.6			ZeroCERT

9125	2023-11-05 12:32	timeSync.exe e67f6890ecc3d419311c14902dfbc16b Malicious Library UPX PE File PE32 OS Processor Check unpack itself					0.8			ZeroCERT

9126	2023-11-04 13:25	downloCHANGEDad (6).dat 90070f88cb56609b83cd8e9a07e4a7c5 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			guest

9127	2023-11-04 11:05	Word_.doc 75d7d706c41a6eb2d5a5161a24733999 VBA_macro Generic Malware MSOffice File exploit crash unpack itself Exploit crashed					2.4			ZeroCERT

9128	2023-11-04 10:58	1 d6570471a25a38b388336d0fad177057 UPX Downloader PE File PE32 VirusTotal Malware Check memory crashed					1.6		5	ZeroCERT

9129	2023-11-04 10:53	1 2dc7034a89baf7a87c7423ae0e685a7e UPX Downloader PE File PE32 VirusTotal Malware Check memory crashed					1.6		6	ZeroCERT

9130	2023-11-04 10:53	TEST32.exe 993c85b5b1c94bfa3b7f45117f567d09 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check Browser Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Check memory buffers extracted IP Check installed browsers check Tofsee Ransomware Browser Email ComputerName Trojan Banking DNS		3	5		12.0		56	ZeroCERT

9131	2023-11-04 10:52	build2.exe 1199c88022b133b321ed8e9c5f4e6739 RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key		1			4.2		62	ZeroCERT

9132	2023-11-04 10:44	Word_.doc 75d7d706c41a6eb2d5a5161a24733999 VBA_macro Generic Malware MSOffice File VirusTotal Malware RWX flags setting exploit crash unpack itself Exploit DNS crashed		1			4.0		18	ZeroCERT

9133	2023-11-04 10:42	hn-1 a04b173e5b0cb462684e646d91b14683 Malicious Library Downloader PE File DLL PE32 Malware download VirusTotal Malware Malicious Traffic Checks debugger Creates executable files unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check GameoverP2P Zeus Windows DNS Downloader	1 Keyword trend analysis	1	9 Info SURICATA HTTP Request abnormal Content-Encoding header ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE OneLouder EXE download possibly installing Zeus P2P ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP		4.8		55	ZeroCERT

9134	2023-11-04 10:41	vah50.exe 03f92deb14398467ee6f9ac147c5b97a Amadey RedLine stealer Gen1 Emotet Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PWS ScreenShot AntiDebug AntiVM PE File PE32 CAB OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Email Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealc Stealer Windows Update Browser Email ComputerName Remote Code Execution DNS Cryptographic key Software crashed	4 Keyword trend analysis	3	12 Info ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	4	24.2	M		ZeroCERT

9135	2023-11-04 10:38	d-6 82eae0084a91983e3730b537982b0d82 Malicious Library UPX Downloader PE File DLL PE32 JPEG Format ZIP Format Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger Creates executable files RWX flags setting unpack itself AppData folder sandbox evasion Windows Browser ComputerName DNS Downloader	4 Keyword trend analysis	2	6 Info ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE JS/WSF Downloader Dec 08 2016 M7 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE - Served Attached HTTP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)		8.6		26	ZeroCERT