Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10141	2023-09-25 17:13	conhost.exe c853a830fa2530a233e4a1eaf84b4273 Malicious Library UPX PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself crashed					2.4	M	45	ZeroCERT

10142	2023-09-25 17:11	docdimt20230925.exe d151945da40824dc4231b193fe65b4fc PWS KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder Windows Browser Email ComputerName Cryptographic key Software crashed keylogger					13.6			ZeroCERT

10143	2023-09-25 17:10	docutc20230925.exe aa9dd2c152d86d81236ad564d3c2a078 Malicious Library UPX Malicious Packer PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		5	5		14.6	M		ZeroCERT

10144	2023-09-25 17:09	dochus20230925.exe 363044c48c8d035c08cddcdb22bb0838 PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		4	5		15.0			ZeroCERT

10145	2023-09-25 17:07	docdad20230925.exe a2144ec73f793ed49255c96839a7a1f6 PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder IP Check Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	1 Keyword trend analysis	4	4		17.0		41	ZeroCERT

10146	2023-09-25 17:07	saham.apk 2678ce7e43d9ef7dd7e06d5feeea532e ZIP Format VirusTotal Malware					0.6	M	14	ZeroCERT

10147	2023-09-25 17:05	docrw20230925.exe be1b63ef6abc588245cdf4f346b26154 Malicious Library UPX Malicious Packer .NET framework(MSIL) PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	1 Keyword trend analysis	8	8 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup SURICATA Applayer Detect protocol only one direction ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)		16.6	M		ZeroCERT

10148	2023-09-25 17:05	docjhny20230925.exe eaf2b6671ec5dded98f2a7fe6aa603c7 Malicious Library UPX Malicious Packer PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		5	5		14.6	M		ZeroCERT

10149	2023-09-25 17:03	docnic20230925.exe 010ef94907f5876e46be0ed87689fde9 Malicious Library UPX PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger		5	4		15.2			ZeroCERT

10150	2023-09-25 17:02	app.apk ec39111f60fb5de68e7efeefdada41ee ZIP Format VirusTotal Malware					0.8	M	20	ZeroCERT

10151	2023-09-25 17:01	svchost.exe a92a908cae30b9b020244bedf61a1dd4 Downloader UPX MPRESS Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug AntiVM PE File PE32 VirusTotal Malware AutoRuns Code Injection Check memory Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows ComputerName Remote Code Execution Firmware crashed					10.8	M	56	ZeroCERT

10152	2023-09-25 17:01	zor40.exe 437a676b457457da6e8333831398bb32 RedLine stealer Gen1 Emotet Malicious Library UPX PWS AntiDebug AntiVM PE File PE32 CAB Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response)	1	17.8	M	47	ZeroCERT

10153	2023-09-25 16:36	dropper.com c2b61e9642308cb0e7d12d6b7a101d7c Gen1 Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware PDB Check memory crashed					1.2		5	ZeroCERT

10154	2023-09-25 16:07	eae04e28d321627908712bb23d1d47... eae04e28d321627908712bb23d1d4799 Malicious Library UPX Malicious Packer PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger unpack itself Browser Email ComputerName Software crashed					4.4		56	ZeroCERT

10155	2023-09-25 16:01	sorets.exe b5a8f349a7cd1fd600ea613181769116 Malicious Library UPX PE File PE32 OS Processor Check unpack itself Remote Code Execution					0.6			ZeroCERT