Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9706	2023-08-07 08:50	ChromeSetup.exe 4268288fb3dbf0b63cf0836a4201135d Malicious Library PE File PE32 PDB Remote Code Execution					1.2	M		ZeroCERT

9707	2023-08-07 08:45	key.exe 8d3c4b58a9943431b824df429088f51e Suspicious_Script_Bin UPX OS Processor Check .NET EXE PE File PE32 suspicious privilege MachineGuid Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					2.6	M		ZeroCERT

9708	2023-08-07 08:45	RunPEx64.exe d9242e75177504019e7c8a78b0f705f2 UPX Malicious Library OS Processor Check PE File PE32 PDB Tofsee Discord DNS	1 Keyword trend analysis	2	3		0.2	M		ZeroCERT

9709	2023-08-07 08:43	ChromeSetup.exe 934834b62d84d90afd7bb755aa12ad81 LokiBot Socket PWS DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer LokiBot Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware c&c PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs AntiVM_Disk VM Disk Size Check installed browsers check Browser Email ComputerName DNS Software	1 Keyword trend analysis	1	7 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Checkin ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2 ET MALWARE LokiBot Fake 404 Response		13.8	M	47	ZeroCERT

9710	2023-08-07 08:43	6dWHunZZcpnEo.exe 11de7138a9df2d5bbfeb112f8d20f2df Malicious Library PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself DNS		1			3.2	M	42	ZeroCERT

9711	2023-08-07 08:41	demon.x64.exe 9f395db62d14a0ef40d90404de9e6a9c Generic Malware PE64 PE File VirusTotal Malware Malicious Traffic unpack itself Sliver DNS	2 Keyword trend analysis	1	1		3.4	M	43	ZeroCERT

9712	2023-08-07 08:40	demon.dll c9e6e4d394d7452b79351028c4da0cac Generic Malware DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself DNS		1			2.4	M	40	ZeroCERT

9713	2023-08-07 08:38	BRRR.exe 353479441f9bc398f6fe46feb7740985 Themida Packer UPX Malicious Library Anti_VM .NET EXE PE File PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check SectopRAT Windows Browser Backdoor ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed		1	1		11.0	M	42	ZeroCERT

9714	2023-08-07 08:38	demosyscalls.exe e3f125e7cc88a1c53cc68e1bcb273191 Generic Malware PE64 PE File VirusTotal Malware Malicious Traffic unpack itself Sliver DNS	2 Keyword trend analysis	1	1		4.0	M	43	ZeroCERT

9715	2023-08-07 08:36	foto5566.exe c5f81f9b7d05d70a0a105b06fc16ce31 Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	3 Keyword trend analysis	2	11 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO Dotted Quad Host DLL Request ET MALWARE Redline Stealer Activity (Response) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2	3	16.0	M		ZeroCERT

9716	2023-08-07 08:36	demon1.dll e9d5c93dddcbd74935f1532560ae89e8 Generic Malware DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself					1.4	M	23	ZeroCERT

9717	2023-08-07 08:36	fotod250.exe 08141df58f30575861b2c703dc47c3a9 Gen1 Emotet Amadey SmokeLoader RedLine Infostealer RedLine stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer .NET framework(MSIL) Confuser .NET AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader	7 Keyword trend analysis Info http://77.91.68.1/smo/du.exe http://77.91.68.61/rock/index.php - rule_id: 35495 http://77.91.68.1/new/foto5566.exe http://77.91.68.61/rock/Plugins/clip64.dll - rule_id: 35516 http://77.91.68.1/new/fotod250.exe http://77.91.68.61/rock/Plugins/cred64.dll - rule_id: 35515 http://77.91.68.3/fuzz/faman.exe	4	15 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO Executable Download from dotted-quad Host ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Redline Stealer Activity (Response) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	3	18.4	M		ZeroCERT

9718	2023-08-07 08:35	winPEASx64_ofs.exe 13876e0c6728fb1cbefe79fcc7315e70 North Korea Generic Malware UPX Malicious Packer Antivirus OS Processor Check PE64 PE File MachineGuid Check memory Checks debugger unpack itself ComputerName					1.2	M		ZeroCERT

9719	2023-08-07 08:32	wininit.exe 87c5e0323049fb19c46cba988f525038 NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Malware AppData folder DNS		1			2.4	M	41	ZeroCERT

9720	2023-08-07 08:30	Rendestene.exe 7418044f00199e4add2a6460ce07d884 NSIS Suspicious_Script_Bin UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows DNS crashed		1			4.2	M	41	ZeroCERT