Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9616	2023-10-13 01:00	Password_exe.txt 0bfc8082533654edacb07337a575b119 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

9617	2023-10-13 01:00	LBB_PS1.ps1 9e1efd43fcb4cde660f44c7dde33c673 Generic Malware Antivirus Check memory unpack itself Windows Cryptographic key					0.8			guest

9618	2023-10-13 00:59	LBB.exe 58ea73145bc83846a9beccfb54ef3b02 BlackMatter Ransomware PE File PE32 unpack itself					1.0			guest

9619	2023-10-13 00:59	LBB_Rundll32_pass.dll 7a19d7814274b8d46f79369bdbf21626 PE File DLL PE32					0.6			guest

9620	2023-10-13 00:59	LBB_ReflectiveDll_DllMain.dll 8e4835042e8de50cddd5a48491340c19 BlackMatter Ransomware PE File DLL PE32					0.4			guest

9621	2023-10-13 00:58	LBB_pass.exe a7edf0c15f22c442ab77d767eb98f112 PE File PE32					0.6			guest

9622	2023-10-13 00:57	1.exe 2a7e0b5e83cb9e08b28371b945901da8 Downloader Malicious Library UPX Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE64 OS Processor Check buffers extracted unpack itself malicious URLs Ransomware Tor					2.2		51	guest

9623	2023-10-13 00:35	dovidka.chm 2556a9e1d5e9874171f51620e5c5e09a Generic Malware AntiDebug AntiVM CHM Format Lnk Format VirusTotal Malware AutoRuns MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files RWX flags setting unpack itself WriteConsoleW Windows					8.4		38	guest

9624	2023-10-12 14:55	difficultspecificprores.exe 01b925b499a5bc1e9d7a2f93d8ac0c65 Lumma Gen1 Emotet Malicious Library Http API ScreenShot Internet API AntiDebug AntiVM PE File PE64 CAB PNG Format JPEG Format Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files RWX flags setting unpack itself Windows utilities Check virtual network interfaces sandbox evasion Tofsee Ransomware Lumma Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key	2 Keyword trend analysis	5	8 Info ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO TLS Handshake Failure ET DNS Query to a .pw domain - Likely Hostile ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration ET INFO HTTP Request to a .pw domain ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In	2	17.4	M	28	ZeroCERT

9625	2023-10-12 14:54	clientPower.exe 96a2d507409c68e291e2d473a2d35ae0 Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 MZP Format OS Processor Check VirusTotal Malware unpack itself sandbox evasion Remote Code Execution crashed					3.0		19	ZeroCERT

9626	2023-10-12 14:30	setup.7z dc335f7c742fffb1ea6ec8bb3fd69ad7 Escalate priviledges PWS KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates executable files unpack itself					2.0			ZeroCERT

9627	2023-10-12 10:34	Bur_Oil_Company.zip 7981e2f467362b08d22fad773e24df3b ZIP Format Malware download VirusTotal Malware Malicious Traffic Lumma Stealer	1 Keyword trend analysis	2	2		1.6		1	ZeroCERT

9628	2023-10-12 10:25	client_x86.exe 2b199211ed7ddd31f0a5f0c651f44457 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware buffers extracted unpack itself sandbox evasion Browser ComputerName		2			3.8		7	ZeroCERT

9629	2023-10-12 10:18	realonerealone.txt.exe c5be9c39afdf0da89b281f61e8f5e721 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE Browser Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName crashed					3.6		36	ZeroCERT

9630	2023-10-12 10:18	hta_nostartup.jpg.exe 1a707baa6ca6f2f3cead89aa09d10bc0 Malicious Library UPX .NET DLL PE File DLL PE32 OS Processor Check VirusTotal Malware PDB					1.4		26	ZeroCERT