Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9241	2023-08-21 18:02	quxy6fclw12k00.exe d68e9b7fed1efde41c7447daf1ec32ae RedLine stealer Generic Malware task schedule Malicious Library UPX Antivirus AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files RWX flags setting unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	5 Keyword trend analysis Info https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys - rule_id: 34841 https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys https://pastebin.com/raw/PTNbBX9V - rule_id: 34840 https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe - rule_id: 21519 https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe - rule_id: 21520	7	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	4	19.6	M	25	ZeroCERT

9242	2023-08-21 17:59	dcr2.exe ac1f2fe1cd36ff5c4c6bfea58a6a3959 Malicious Library .NET framework(MSIL) UPX Malicious Packer Antivirus OS Processor Check PE File .NET EXE PE32 VirusTotal Malware Check memory Checks debugger unpack itself DNS		3			2.6		56	ZeroCERT

9243	2023-08-21 17:59	winPEASx64.exe d2a9d9e182178473cbd9f1e018f93efa North Korea Generic Malware UPX Malicious Packer Antivirus OS Processor Check PE File PE64 VirusTotal Malware PDB MachineGuid Check memory Checks debugger WMI unpack itself Windows utilities Check virtual network interfaces AntiVM_Disk WriteConsoleW anti-virtualization VM Disk Size Check Windows ComputerName					5.2		50	ZeroCERT

9244	2023-08-21 17:55	vip-book.pdf.lnk 2684b795956953dd9dc655520799752a Generic Malware Malicious Library AntiDebug AntiVM Lnk Format GIF Format OS Processor Check CAB MSOffice File VirusTotal Malware suspicious privilege Code Injection buffers extracted Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW DNS	2 Keyword trend analysis	10	4		5.8		15	ZeroCERT

9245	2023-08-21 17:52	book.pdf.lnk 0185e0fc2f505312001e1a65e6783908 Generic Malware Malicious Library AntiDebug AntiVM Lnk Format GIF Format OS Processor Check CAB MSOffice File VirusTotal Malware suspicious privilege Code Injection buffers extracted Creates shortcut Creates executable files unpack itself suspicious process WriteConsoleW DNS	2 Keyword trend analysis	8	4		5.8		14	ZeroCERT

9246	2023-08-21 17:50	cmd.exe 975b45b669930b0cc773eaf2b414206f Gen1 Generic Malware Malicious Library UPX Malicious Packer OS Processor Check PE File PE64 PDB Remote Code Execution					0.6			ZeroCERT

9247	2023-08-21 13:40	payload.dll aa9991d405f0742d592ca9a3c193a931 UPX Malicious Packer OS Processor Check PE File DLL PE64 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.2		46	yjw

9248	2023-08-21 13:29	payload.dll aa9991d405f0742d592ca9a3c193a931 UPX Malicious Packer OS Processor Check PE File DLL PE64 VirusTotal Malware PDB					1.4		46	yjw

9249	2023-08-21 13:25	payload.dll aa9991d405f0742d592ca9a3c193a931 UPX Malicious Packer OS Processor Check PE File DLL PE64 VirusTotal Malware PDB Checks debugger unpack itself					2.0		46	yjw

9250	2023-08-21 13:22	payload.dll aa9991d405f0742d592ca9a3c193a931 UPX Malicious Packer OS Processor Check PE File DLL PE64 VirusTotal Malware PDB					1.4		46	yjw

9251	2023-08-21 13:21	sqlite3.dll 1f44d4d3087c2b202cf9c90ee9d04b0f UPX PE File DLL PE32								yjw

9252	2023-08-21 11:36	atom.xml.ps1 10c35a153964be038c491a2b26495803 Generic Malware Antivirus VirusTotal Malware powershell AutoRuns Check memory heapspray Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	2 Keyword trend analysis				5.2	M	3	ZeroCERT

9253	2023-08-21 10:29	EHJ.vbs 99fc9081b995d728ad1fc66971f42e5e Generic Malware Antivirus Hide_URL PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW Windows ComputerName Cryptographic key	3 Keyword trend analysis	3			9.2	M	20	ZeroCERT

9254	2023-08-21 10:27	1.exe 961751858d8b74b2dec9d4f165a0a8c0 Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware PDB					2.2	M	50	ZeroCERT

9255	2023-08-21 10:24	RuntimeBroker.exe bd0ffc2e1a9f0f13c8778fbe043af0b7 Malicious Library UPX OS Processor Check PE File PE32 VirusTotal Malware PDB					2.2	M	52	ZeroCERT