Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9751	2023-09-15 17:34	expo.exe f94bf3a0e3733958d4973ef664f78927 UPX Malicious Library AntiDebug AntiVM PE File PE32 OS Processor Check Malware download VirusTotal Malware PDB Malicious Traffic unpack itself Stealc Browser DNS	1 Keyword trend analysis	1	2	1	4.2	M	38	ZeroCERT

9752	2023-09-15 17:32	deluxe_crypted.exe 5200fbe07521eb001f145afb95d40283 UPX Malicious Library PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5		6.8	M	27	ZeroCERT

9753	2023-09-15 17:32	StrikeNet.exe f2c62f2ee6aa94509c39557a628534a1 .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					4.8	M	38	ZeroCERT

9754	2023-09-15 17:30	obizx.exe fef91e48e37387cc64762de33c5dd522 .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger		4	4		12.8		16	ZeroCERT

9755	2023-09-15 17:30	ZmYfQBiw.exe 4eccb4065ef0b815cd77fe425adf4aef UPX PE File PE64 VirusTotal Malware crashed					2.2	M	45	ZeroCERT

9756	2023-09-15 17:28	Rocks.exe a64a886a695ed5fb9273e73241fec2f7 Amadey UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check PE64 Malware download Amadey VirusTotal Malware AutoRuns PDB Malicious Traffic Check memory Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS	2 Keyword trend analysis	4	11 Info ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Amadey Bot Activity (POST) ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	10.4	M	60	ZeroCERT

9757	2023-09-15 17:28	macapa.pdf ecda023859fe1b0449dc23140267b39c ZIP Format VirusTotal Malware DNS		1			1.0		7	ZeroCERT

9758	2023-09-15 17:27	esgla2i5.exe 2273152b5565d0d47b6c59cb5099dc76 UPX Malicious Library PE File PE64 VirusTotal Malware PDB unpack itself Tofsee Remote Code Execution	1 Keyword trend analysis	2	2		1.8		38	ZeroCERT

9759	2023-09-15 08:01	PolymodXT.exe#test_rise_sharp 686c33f353aaa476f68a8e124cf1d6af UPX Malicious Library Malicious Packer .NET framework(MSIL) PE File PE32 .NET EXE OS Processor Check ZIP Format PNG Format DLL Browser Info Stealer Malware download Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder IP Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Cryptographic key	2 Keyword trend analysis	4	6 Info ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)		10.8	M		ZeroCERT

9760	2023-09-15 07:58	167.exe 215db96eeac70244addf2c1578245399 UPX Malicious Library PE File PE32 OS Processor Check PDB Remote Code Execution					0.8			ZeroCERT

9761	2023-09-15 07:56	s1.exe 1d6a742534494f66081d5b70f44f6695 UPX Malicious Library PE File PE32 OS Processor Check PDB Remote Code Execution					0.8	M		ZeroCERT

9762	2023-09-15 07:54	c.exe c2ce41232bcd0237adee4dc075136551 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET PE File PE32 .NET EXE OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5		5.0			ZeroCERT

9763	2023-09-15 07:53	r.exe 7eec2626da27debbdef59bcb7427f8a4 Suspicious_Script_Bin Downloader UPX Malicious Library .NET framework(MSIL) Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM PE File PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Remote Code Execution					7.0			ZeroCERT

9764	2023-09-15 07:52	desktopditor.exe 297dc90d62648d3f034db5ebb2e583f7 UPX Malicious Library Admin Tool (Sysinternals etc ...) PE File PE32 OS Processor Check PDB Check memory Tofsee Remote Code Execution		3	2		0.6			ZeroCERT

9765	2023-09-15 07:50	timeSync.exe 8816dec1704461c24f7575c00f7f86d4 UPX Malicious Library PE File PE32 OS Processor Check PDB Remote Code Execution					0.8	M		ZeroCERT