Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9841	2023-10-06 07:58	trafico.exe 5aac2b17c8da70fd4386a66974d5206c Malicious Library PE File PE32				0.6	M		ZeroCERT

9842	2023-10-06 07:58	legend.exe ef2de4a8a06f86867f6e460e88919515 NSIS Malicious Library UPX PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed		2	4	6.6	M		ZeroCERT

9843	2023-10-06 07:56	audiodg.exe b04c242731d9afd15433f4e2d8049f35 .NET framework(MSIL) PE File PE32 .NET EXE Check memory Checks debugger unpack itself				1.2	M		ZeroCERT

9844	2023-10-06 07:54	EpPDrE.exe 85d3d194ec107f5b92a7d9e6a9d06ef0 Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File PE64 OS Processor Check crashed				0.2	M		ZeroCERT

9845	2023-10-06 07:54	HTML.exe b080010f26154310dc09d7154d6a898c LokiBot Admin Tool (Sysinternals etc ...) .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		2	4	11.8	M		ZeroCERT

9846	2023-10-06 07:52	vlc.exe e30cd25b2b31a0c5f19f9c3f5818b242 RedLine stealer UPX AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 19 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)	9.8	M		ZeroCERT

9847	2023-10-06 07:52	dorime.exe a889a7cca1cbb0680532b62569d9e362 LokiBot UPX .NET framework(MSIL) Socket PWS DNS AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check Browser Info Stealer LokiBot Malware download FTP Client Info Stealer Email Client Info Stealer Malware c&c Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself malicious URLs installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	1 Keyword trend analysis	1	5 Info ET MALWARE LokiBot User-Agent (Charon/Inferno) ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2 ET MALWARE LokiBot Request for C2 Commands Detected M1 ET MALWARE LokiBot Request for C2 Commands Detected M2	12.4	M		ZeroCERT

9848	2023-10-06 07:49	audiodg.exe fca38d9f17a13f01c024777d8b81ccf4 PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Browser Email ComputerName Software crashed				9.6	M		ZeroCERT

9849	2023-10-06 07:49	2-3-0_2023-10-05_14-14.exe 56e563840a12f6725c08c20577b1e1fe Malicious Library UPX PE File PE32 OS Processor Check PDB				0.6	M		ZeroCERT

9850	2023-10-05 18:37	LPG.txt.exe 19ec1b3fe77ac2bb9b4019ecf20cfc5b UPX Malicious Packer .NET framework(MSIL) PE File PE32 .NET EXE Malware download NetWireRC VirusTotal Malware IP Check RAT	1 Keyword trend analysis	4	2	2.0		60	ZeroCERT

9851	2023-10-05 17:20	Oni_Fortnite_Cheat.exe b6bc88989728f250b472d036a6b87a2a Emotet Gen1 Generic Malware Malicious Library UPX Malicious Packer PE File PE64 OS Processor Check DLL ZIP Format ftp DllRegisterServer dll VirusTotal Malware Check memory Creates executable files Windows utilities Ransomware Windows crashed				3.0	M	31	ZeroCERT

9852	2023-10-05 17:16	file.exe db271fe34507c6229439100abf5458f1 RedLine stealer Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5	12.0	M	31	ZeroCERT

9853	2023-10-05 17:14	assistant.exe b7ae64240c4a5098002454038cdfbb73 UPX Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Malicious Library Socket ScreenShot Steal credential DNS AntiDebug AntiVM PE File PE32 .NET EXE OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs AntiVM_Disk sandbox evasion anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Cryptographic key	1 Keyword trend analysis	5	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)	14.8	M	16	ZeroCERT

9854	2023-10-05 17:14	server1.exe 2902f7ba556f9db5f304640552c51284 task schedule UPX Confuser .NET AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself				7.0	M	59	ZeroCERT

9855	2023-10-05 17:04	audiogse.exe fc22fadc862dd0a5b07210a9255025b0 NSIS Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed				4.0	M	40	ZeroCERT