Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
9871	2023-10-05 07:45	svchost.exe e9724f79d09583b45931d5040f02eb35 Themida Packer Generic Malware Downloader Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API persistence FTP KeyLogger P2P AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process WriteConsoleW VMware anti-virtualization Windows ComputerName Firmware DNS crashed		1		10.6	M	51	ZeroCERT

9872	2023-10-05 07:45	conhost.exe 61783b2ff3dd193f54e4b5e01a43841d Malicious Library UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed				1.8	M	15	ZeroCERT

9873	2023-10-05 07:43	LqnVyMOS2osNsx5.exe d7f3266975644f3797964e044e5b8d5f Generic Malware Malicious Library UPX .NET framework(MSIL) ASPack PE File PE32 .NET EXE OS Name Check OS Memory Check OS Processor Check Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AgentTesla suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk IP Check VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	7	3	13.4	M	38	ZeroCERT

9874	2023-10-05 07:43	3.exe 845b889989bad720eb796775536f36a1 RedLine stealer Malicious Library UPX ScreenShot PWS AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5	11.0		41	ZeroCERT

9875	2023-10-04 17:36	OIUIII0IUII0Ioioioi0ioi0iouuui... 130b68050fb2c995533b651154d8b472 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic exploit crash unpack itself Tofsee Exploit DNS crashed	2 Keyword trend analysis	4	2	4.2	M	30	ZeroCERT

9876	2023-10-04 17:35	Audiodgs.exe 87f2675413083ecd0838603682509718 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed				11.8	M	47	ZeroCERT

9877	2023-10-04 17:34	fxGriSJETFWX26o.exe ae5fd5f483713e5490441825333644fc PE File PE32 .NET EXE VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself				2.0	M	33	ZeroCERT

9878	2023-10-04 17:33	Audiodgs.exe 26e4291f7b01ed40adc50972f2f8c5c2 PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself				2.6	M	46	ZeroCERT

9879	2023-10-04 17:32	LPG.txt.exe 2e626d1c6e856072eddc5ffcb6af674c AgentTesla Malicious Library UPX PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram suspicious privilege Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		4	6 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING Telegram API Domain in DNS Lookup ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	5.4		57	ZeroCERT

9880	2023-10-04 17:32	eCVXk3pYsYhZNlI.exe e16678adff0c94c5c107ff9e3672a6c9 Emotet Gen1 Generic Malware Malicious Library UPX PE File PE32 .NET EXE JPEG Format DLL OS Name Check OS Memory Check OS Processor Check MZP Format PE64 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder AntiVM_Disk IP Check VM Disk Size Check installed browsers check Tofsee Windows Browser Email ComputerName DNS DDNS Software crashed keylogger	2 Keyword trend analysis	4	3	12.2	M		ZeroCERT

9881	2023-10-04 17:32	9UFv05EkjiW3qlA.exe 8830f7efe68fddb04c438f9aa1de2dba Emotet Generic Malware Malicious Library UPX Admin Tool (Sysinternals etc ...) Malicious Packer PE File PE32 .NET EXE OS Processor Check PE64 VirusTotal Malware Buffer PE Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder ComputerName crashed	1 Keyword trend analysis	2		5.4	M	44	ZeroCERT

9882	2023-10-04 15:25	invoice.pdf.exe e8c158e6c3ebf4a4ed03721dd541a7ef Generic Malware Malicious Library UPX Malicious Packer Antivirus AntiDebug AntiVM PE File PE32 VirusTotal Malware powershell suspicious privilege MachineGuid Code Injection Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				8.6		46	ZeroCERT

9883	2023-10-04 15:25	invoice.pdf 13ed7470a064793e361df8e92ef48a5f PDF ZIP Format Windows utilities Windows	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip			1.4			ZeroCERT

9884	2023-10-04 14:19	41.xll 26637ccedca5d00512d1bf78b9ad8348 PE File DLL PE64 MachineGuid Check memory Checks debugger suspicious process WriteConsoleW crashed	1 Keyword trend analysis			1.8			ZeroCERT

9885	2023-10-04 14:19	4I.xll b33c17701e564f148250e540bcf58c96 PE File DLL PE64 MachineGuid Check memory Checks debugger unpack itself suspicious process WriteConsoleW crashed	1 Keyword trend analysis			2.2			ZeroCERT