Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
10051	2023-07-25 07:55	lawzx.exe 68c43b3ca349cc9a76a0a0d52be2e53f .NET framework(MSIL) PWS AntiDebug AntiVM .NET EXE PE File PE32 PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted ICMP traffic unpack itself	11 Keyword trend analysis Info http://www.whiskeyrockszerofox.com/c3bm/?xUgYQBU=nNuSAcBfihI1X99P67/13Pgp29SdAd14yujLiA3/4qMvKf1JBm66EqkCeRY6BLJfqZxdZ1LrsoOPyagTeVzxE+GedNjtyl5jsuyJSgA=&eN=BHQXoV1JevPo http://www.mayhealacademy.org/c3bm/ http://www.whiskeyrockszerofox.com/c3bm/ http://www.gtma10.vip/c3bm/?xUgYQBU=krCldiLgjcApKXxkJANYaKdwxsz6cTBGq0ZIJRxCzMFoz9nWr9LtvBWMlShfMz5/mlanjumAsLmihLplv303bwd5ojKQx2PpB2/D4tI=&eN=BHQXoV1JevPo http://www.gtma10.vip/c3bm/ http://www.uvmxy3.cfd/c3bm/ http://www.uvmxy3.cfd/c3bm/?xUgYQBU=iKtCwwnToxrVTVc0dzE/GGqUTx5sq2Ru5aUrU8zs2pUtriGZzEW/tAwYZxzLsWWyUbVXWD4Wu3+2OSStEvufJYh8KZDxUo4gtyjnLig=&eN=BHQXoV1JevPo http://www.mayhealacademy.org/c3bm/?xUgYQBU=NklA+nDnf8scJKj7eA0ylHtWzQ4QRSe4QAOPaJ6HP9oz0u9hoTBJ8UDDP4cLGuYOm5pMcWsDEqSQfg6dA5ugjxrwOkNrOrO9bM+xRew=&eN=BHQXoV1JevPo http://www.sqlite.org/2017/sqlite-dll-win32-x86-3210000.zip http://www.bulkmart.xyz/c3bm/ http://www.bulkmart.xyz/c3bm/?xUgYQBU=VEz5fWJU9zaqCOxv5L0lxcWXPhTuPR5DnP9Ol727qYWIuFJr9aZEGRX+VUYhjlv4zItHH6NaVTddBSN09lyzPgveDNXUMIsMoNKyW0g=&eN=BHQXoV1JevPo	12 Info www.whiskeyrockszerofox.com(74.208.236.113) www.astericdot.com() www.uvmxy3.cfd(43.154.67.170) www.bulkmart.xyz(66.29.155.76) www.gtma10.vip(172.67.192.77) www.mayhealacademy.org(88.198.22.18) 66.29.155.76 88.198.22.18 104.21.36.97 - phishing 43.154.67.170 - mailcious 74.208.236.113 45.33.6.223		8.2	M		ZeroCERT

10052	2023-07-25 07:51	LummaC2.exe 16f2d0aa122b49bd7f7ca17eb28e5df5 UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 Browser Info Stealer Malware download Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory buffers extracted Collect installed applications sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Firmware	3 Keyword trend analysis	2	1	6.2	M		ZeroCERT

10053	2023-07-25 07:49	ChromeSetup.exe 682d6744626bc028880d22ceb3f313a2 Client SW User Data Stealer Backdoor RemcosRAT browser info stealer Google Chrome User Data Downloader Confuser .NET Create Service Socket Escalate priviledges PWS Sniff Audio DNS ScreenShot Internet API KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself DNS DDNS		2	2	8.0	M		ZeroCERT

10054	2023-07-25 07:46	electrum-4.4.5.exe b17b70f6578e1cf2874db386412e6d4f .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself				1.0	M		ZeroCERT

10055	2023-07-25 07:45	KavachAuthentication%20Updater... 2e66189aa1b6fd345a9c13124844ebbc Emotet Downloader UPX Malicious Library ASPack Malicious Packer Antivirus Create Service Socket Http API Escalate priviledges PWS HTTP DNS ScreenShot Internet API persistence KeyLogger AntiDebug AntiVM PE64 PE File BMP Format DLL JPEG Format GIF Format OS VirusTotal Malware suspicious privilege MachineGuid Code Injection Check memory Creates shortcut Creates executable files Check virtual network interfaces malicious URLs AntiVM_Disk VM Disk Size Check Windows ComputerName	1 Keyword trend analysis	2	1	6.4	M	18	ZeroCERT

10056	2023-07-25 07:42	lawzx.doc 31332915ea2a23d649e1ccb1c15c6a1c MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed				3.0	M	29	ZeroCERT

10057	2023-07-25 07:41	0x8mompdsnjum.exe c88684792ace21a20a82333f91a39251 RedLine stealer RedLine Infostealer RedlineStealer UPX Malicious Library .NET framework(MSIL) Confuser .NET PWS AntiDebug AntiVM OS Processor Check PE File PE32 .NET EXE Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		2	3	15.6	M	37	ZeroCERT

10058	2023-07-25 07:38	1.exe df53bb96de4749ce780bf8b939dc2cd5 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications Check virtual network interfaces WriteConsoleW installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	4	4	13.8		35	ZeroCERT

10059	2023-07-25 07:37	lega.exe 0cca805bb1bb946b8683dd3cfdaed406 Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk sandbox evasion WriteConsoleW VM Disk Size Check installed browsers check Tofsee Ransomware Lumma Stealer Windows Update Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	10 Keyword trend analysis Info http://5.42.92.67/norm/Plugins/clip64.dll http://5.42.92.67/norm/index.php http://5.42.92.67/norm/Plugins/cred64.dll http://5.42.92.67/lend/LummaC2.exe http://westwork-my.xyz/c2sock http://westwork-my.xyz/c2conf http://5.42.92.67/lend/ http://5.42.92.67/lend/dewrww7a1z.exe http://westwork-my.xyz/ https://bitbucket.org/development-ws/applications/downloads/setup-rc18.exe	6	16 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET INFO TLS Handshake Failure ET MALWARE Redline Stealer TCP CnC - Id1Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Amadey Bot Activity (POST) ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	18.6			ZeroCERT

10060	2023-07-25 07:36	r8LO6JsBFr.exe 39bd04b9ae7385809776dc4bad0eb9ff NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Malware download AveMaria NetWireRC Malware AutoRuns MachineGuid Check memory Creates executable files unpack itself AppData folder Windows RAT ComputerName DNS DDNS keylogger		2	4	4.2			ZeroCERT

10061	2023-07-25 07:35	build.exe 108d02f1be013a326af3975ed37bb623 Gen1 Generic Malware UPX Malicious Library Malicious Packer Anti_VM OS Processor Check PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Telegram MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Tofsee Browser Email ComputerName DNS Software	5 Keyword trend analysis	5	4	10.0	M	26	ZeroCERT

10062	2023-07-24 17:24	1907_2.zip 16c3edc2eda2d4f64a25722073791f75 ZIP Format VirusTotal Malware Malicious Traffic NetSupport	1 Keyword trend analysis	5	1	2.4	M	11	ZeroCERT

10063	2023-07-24 17:03	112.exe d301e057a599f796b6d1335a30efd1e7 UPX Malicious Library OS Processor Check PE File PE32 PE64 VirusTotal Malware PDB Creates executable files unpack itself ComputerName Remote Code Execution crashed				3.8	M	33	ZeroCERT

10064	2023-07-24 17:01	IRCIRCIRCIRCIRCIRCIRCIRCIRCIRI... 2f042067fb8016653d1a258185317509 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware VBScript Malicious Traffic buffers extracted exploit crash unpack itself Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	2	4.6	M	30	ZeroCERT

10065	2023-07-24 16:58	brg.exe eaec92233a22aeacbd96a73140b96f6f Lazarus Family Themida Packer UPX Malicious Library AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check Stealer Windows Browser ComputerName Firmware DNS Cryptographic key Software crashed		1	3	15.6	M	26	ZeroCERT