Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9121	2023-08-25 07:35	igfxEM.exe d6762b332a9dd90253e60a6e5c894e07 .NET framework(MSIL) UPX PWS SMTP KeyLogger AntiDebug AntiVM OS Processor Check PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName Software crashed				8.6	M		ZeroCERT

9122	2023-08-25 07:35	newbin.exe 00cdf04e6c1e56772e0181de92a6beb8 Malicious Library UPX Malicious Packer PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser Email ComputerName Software crashed		2	2	4.0	M		ZeroCERT

9123	2023-08-25 03:42	22F74C18B0CF37129F45F5A3D76F6F... 1485439baee7be05bb37aaea9b4ea332 RedLine stealer Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Anti_VM OS Processor Check ftp crashed				0.2			guest

9124	2023-08-25 02:54	22F74C18B0CF37129F45F5A3D76F6F... 1485439baee7be05bb37aaea9b4ea332 RedLine stealer Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) Anti_VM OS Processor Check ftp crashed				0.2			guest

9125	2023-08-24 18:21	rock.exe 1f848adb44112bc76b1a4f80b53e8f4b Malicious Library UPX Malicious Packer AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Check PE64 Malware download Amadey VirusTotal Malware AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName Trojan DNS	5 Keyword trend analysis	4	13 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET HUNTING SUSPICIOUS winlog.exe in URI Probable Process Dump/Trojan Download ET INFO Packed Executable Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Amadey Bot Activity (POST) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	14.6	M	47	ZeroCERT

9126	2023-08-24 18:18	wowo2.exe 07bb4ac965ff0962bcb0b86a2cf075de Generic Malware Malicious Library UPX Malicious Packer PE File .NET EXE PE32 OS Processor Check PE64 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself AppData folder Tofsee	1 Keyword trend analysis	2	2	4.6	M	52	ZeroCERT

9127	2023-08-24 18:15	igfxEM.exe 6b3f8aebb9c04645c6d8979552bd2225 .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Browser Email ComputerName Software crashed				10.0	M	31	ZeroCERT

9128	2023-08-24 18:14	igfxEM.exe 203b77e03c015bb3e23cf818bf31827a PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Software crashed keylogger	1 Keyword trend analysis	5	3	13.4	M	40	ZeroCERT

9129	2023-08-24 18:11	ifgxEM.exe 4f500332f579994a734dea2262ca357c PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself				5.6	M	45	ZeroCERT

9130	2023-08-24 18:11	wininit.exe 840006dac67d23b7725020c8441a6a4b Confuser .NET PE File .NET EXE PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself DNS		1		6.4	M	54	ZeroCERT

9131	2023-08-24 18:09	evil.exe 5fee7558a82d7be17c24d0cd2930df41 Malicious Packer PE File PE32 VirusTotal Malware unpack itself DNS		1		3.6	M	54	ZeroCERT

9132	2023-08-24 18:09	igfxEM.exe 4a93dc1595f4ea25da27413bc373819a PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows		2	2	3.4	M	38	ZeroCERT

9133	2023-08-24 18:07	BelgiumchainAGRO.exe 58627a894535d0d34fc6a4e1f35609e7 Generic Malware UPX Admin Tool (Sysinternals etc ...) Antivirus Http API HTTP Code injection Internet API AntiDebug AntiVM OS Processor Check PE File .NET EXE PE32 VirusTotal Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process AppData folder WriteConsoleW Windows ComputerName DNS Cryptographic key		1		15.4	M	49	ZeroCERT

9134	2023-08-24 18:06	smss.exe c7aca6c178763fb39b67af30247bb22b LokiBot .NET framework(MSIL) Socket PWS DNS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1		14.2	M	48	ZeroCERT

9135	2023-08-24 18:04	repairtool.exe 6a1f3c92dd6011d36b4387e8928db8ed Malicious Library UPX AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Code Injection Checks debugger buffers extracted unpack itself				7.4	M	54	ZeroCERT