Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9871	2023-07-31 17:49	zdkecjb7.exe 2eb21acbab653f9007db89469ca991c9 Generic Malware UPX Malicious Library Antivirus Anti_VM AntiDebug AntiVM OS Processor Check PE File PE32 PowerShell VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself suspicious process WriteConsoleW IP Check Tofsee Windows ComputerName DNS Cryptographic key crashed	7 Keyword trend analysis Info http://www.microsoft.com/ http://ip-api.com/json/?fields=query,status,countryCode,city,timezone http://46.29.235.84/clpr/OWUsN2UsODMsOWIsOWUsODIsOTAsOTEsNjQsN2Ys http://pastebin.com/raw/r0KhEEzi - rule_id: 35402 http://pastebin.com/raw/r0KhEEzi https://pastebin.com/raw/r0KhEEzi - rule_id: 35401 https://pastebin.com/raw/r0KhEEzi	10	3	2	14.4		55	ZeroCERT

9872	2023-07-31 17:48	2cba948feb9c53fce4409f0079aec6... 2ba9f5ca1088bc21fb1e37e1e77140ba UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.2		46	ZeroCERT

9873	2023-07-31 17:46	damianozx.doc c998eab4dc1b884c6dba9eba84412a21 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		5.0		32	ZeroCERT

9874	2023-07-31 17:45	crypted33.exe daa00fb3403beb7639d582aa16345615 UPX Malicious Library Malicious Packer PWS SMTP AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)		11.4		43	ZeroCERT

9875	2023-07-31 17:41	a3e34cb.exe 57794b001e1e8c4917aaa864268fec36 Themida Packer UPX Malicious Library VMProtect PE File PE32 .NET EXE DLL PE64 Browser Info Stealer Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check SectopRAT Windows Browser Backdoor ComputerName Firmware DNS Cryptographic key crashed	4 Keyword trend analysis	7	6 Info ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Arechclient2 Backdoor CnC Init		16.4	M	27	ZeroCERT

9876	2023-07-31 17:40	IE_Network_protocol.exe cef984ffee5314e72aee4366945e20a5 Confuser .NET .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself DNS		1			6.2		31	ZeroCERT

9877	2023-07-31 17:40	safer.dll 56a1858c7fcfe98b43e5f8913e937017 UPX Malicious Library OS Processor Check DLL PE64 PE File PDB					0.4			ZeroCERT

9878	2023-07-31 17:39	damianoszx.exe 36fd277db8b1414e29fd47877bfe28f1 AgentTesla PWS KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		10.0		29	ZeroCERT

9879	2023-07-31 17:38	000000000000000%23%23%23%23%23... 92bb79c8468691d39e3750967f235588 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware buffers extracted exploit crash unpack itself Exploit DNS crashed		2			4.6		29	ZeroCERT

9880	2023-07-31 17:35	QUAREUD.exe ab05b6b799e6bca232fdb7005c085e05 Malicious Library PE64 PE File VirusTotal Malware Check memory Checks debugger unpack itself					1.8		18	ZeroCERT

9881	2023-07-31 17:35	blinkzx.exe 24064073cb8d91a8ae77aee762ef1c1d .NET framework(MSIL) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName DNS		1			4.0		50	ZeroCERT

9882	2023-07-31 17:32	32123212.exe 9bd1cc9b027a4420d6e4f780c50af93c Generic Malware UPX Obsidium protector Malicious Library Malicious Packer Antivirus OS Processor Check PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed	2 Keyword trend analysis	4	1		7.0		16	ZeroCERT

9883	2023-07-31 17:30	shell-x64.exe 5885c6b29fb1e8ec086f384413cdd608 PE64 PE File VirusTotal Malware DNS crashed		1			3.6	M	58	ZeroCERT

9884	2023-07-31 17:30	KGQUA.exe d0c51c2447ac3268679d6ca5605404ad LokiBot task schedule Downloader Malicious Library PWS DNS ScreenShot KeyLogger Create Service Socket P2P DGA Steal credential Http API Escalate priviledges Sniff Audio HTTP Code injection Internet API FTP AntiDebug AntiVM PE64 PE File VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process suspicious TLD WriteConsoleW Windows ComputerName DNS Cryptographic key		1	1		11.0	M	22	ZeroCERT

9885	2023-07-31 17:27	stage2.ps1 2241ec09de2ce9e2c235dc85399d5b79 Generic Malware Antivirus powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key crashed	1 Keyword trend analysis				4.6			ZeroCERT