Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
9991	2023-10-01 17:21	2023.exe.exe 027a60b4337dd0847d0414aa8719ffec Aurora Stealer Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware ICMP traffic DNS		1			4.4	M	58	ZeroCERT

9992	2023-10-01 17:18	Umm2.exe 2a2e7e3b0c0aee191ade0c57516abf99 PE File PE32 .NET EXE VirusTotal Malware Buffer PE PDB Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key					3.6	M	26	ZeroCERT

9993	2023-10-01 17:18	Umm.exe e38c7f0fa1a4d8ffc18742eb0df40048 PE File PE32 .NET EXE VirusTotal Malware Buffer PE PDB Check memory Checks debugger buffers extracted unpack itself Windows ComputerName Cryptographic key					4.2	M	26	ZeroCERT

9994	2023-10-01 17:17	borilpokonta2.1.exe ff5073e7ca0e1ec86ee0268f040af237 NSIS Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory Creates executable files unpack itself AppData folder crashed					4.0	M	52	ZeroCERT

9995	2023-10-01 16:48	AC.pdf.lnk 80c2dde809389cff2dbb6c4bc7b26e9d Generic Malware AntiDebug AntiVM Lnk Format GIF Format Malware Code Injection Malicious Traffic Creates shortcut unpack itself suspicious process WriteConsoleW DNS crashed	1 Keyword trend analysis	1	2		4.0			ZeroCERT

9996	2023-10-01 16:48	5BL.pdf.lnk f99a611041175e3d94c2d68a8aa4b90b Generic Malware AntiDebug AntiVM Lnk Format GIF Format Malware Code Injection Malicious Traffic Check memory Creates shortcut unpack itself suspicious process WriteConsoleW DNS crashed	1 Keyword trend analysis	1	2		4.2			ZeroCERT

9997	2023-10-01 16:47	0ETT.pdf.lnk eb895053a7bee85c754348f1eea7b020 Generic Malware AntiDebug AntiVM Lnk Format GIF Format Malware Code Injection Malicious Traffic Creates shortcut suspicious process WriteConsoleW DNS	1 Keyword trend analysis	1	2		3.4			ZeroCERT

9998	2023-09-30 13:49	47f036f9996df7d9d5809b698fd41f... 47f036f9996df7d9d5809b698fd41f75 Malicious Library UPX Antivirus .NET framework(MSIL) Malicious Packer PE File PE32 .NET EXE OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.0		55	ZeroCERT

9999	2023-09-30 13:47	tiworker.exe b51f67297d5dd494ed1acecf85c989f8 Formbook NSIS Malicious Library UPX PE File PE32 FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	4 Keyword trend analysis Info http://www.funwarsztat.com/sy22/?x4rXkXCP=CDtdPYcE26NN/Lh6rpX6TL7KDn7jwiiUYTi0Hy7RVwWXAZEPuz0NUNjW/3QemKZGBVrgMz80&CdTHh=Cj6t http://www.dryadai.com/sy22/?x4rXkXCP=T4nku/U6fUoiT4V699ActYtDMjyavvK02m+fxEC1q0+DSMs1WUMajGSqA4Kum2DGC179VQvP&CdTHh=Cj6t - rule_id: 36541 http://www.sarthaksrishticreation.com/sy22/?x4rXkXCP=++s7hqRnDFs/g5YbNhmDQGydnZIcmR65wuKS6+wpOQxc/+r74UhYv08VjUB0PTEo7NuOximl&CdTHh=Cj6t - rule_id: 35905 http://www.alcmcyu.com/sy22/?x4rXkXCP=HJcnt9shjuyeuMnZ8QWG9PRz+SaAKZLp97hCM6mnnpBn/SSeG+yBNrNPh/yBSnbTf5L809Cn&CdTHh=Cj6t	9 Info www.03ss.vip() - mailcious www.sarthaksrishticreation.com(119.18.49.69) - mailcious www.alcmcyu.com(45.196.82.124) www.funwarsztat.com(185.253.212.22) www.dryadai.com(3.64.163.50) - mailcious 3.64.163.50 - mailcious 185.253.212.22 - mailcious 119.18.49.69 - mailcious 45.196.82.124 - mailcious	1	2	4.2	M	57	ZeroCERT

10000	2023-09-30 13:47	betterconsiderableresspro.exe 99fe507e16e1bc59c788bce2d138b9f4 Gen1 Emotet Malicious Library UPX PE File PE64 CAB PE32 .NET EXE VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows Remote Code Execution		2	1		4.6		14	ZeroCERT

10001	2023-09-30 13:47	bestunderstandingresspro.exe c64258c1d7fef95b76f9aca64d707ac7 Gen1 Emotet Malicious Library UPX PE File PE64 CAB VirusTotal Malware AutoRuns PDB Creates executable files Windows Remote Code Execution					3.0		14	ZeroCERT

10002	2023-09-30 13:45	prosperzx.exe 98b5d1281fc45604bb645cd9eea268b4 Formbook .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself	2 Keyword trend analysis	4	1		8.6	M	49	ZeroCERT

10003	2023-09-30 13:43	3231322212.exe 6419a1e59348225baafa1b58ed611fc9 Downloader UPX .NET framework(MSIL) Create Service Socket DGA Http API ScreenShot Escalate priviledges Steal credential PWS Sniff Audio HTTP DNS Code injection Internet API FTP KeyLogger P2P SMTP AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Collect installed applications suspicious process WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)		15.2	M	35	ZeroCERT

10004	2023-09-30 13:40	calc2.exe 02c0527b5d7ae4a6e5fb3176b3edef66 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware PDB DNS		1			2.2	M	36	ZeroCERT

10005	2023-09-30 13:38	rankobazx.exe 4849feb37691a61269212d9d323e6f79 UPX .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger unpack itself					5.4	M	37	ZeroCERT