Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10231	2023-09-25 07:41	foto7447.exe da23352a594c97e931832f1ece7e3b1e RedLine stealer Gen1 Emotet task schedule Malicious Library UPX Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 CAB Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	7 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE Redline Stealer Activity (Response)	1	14.8	M		ZeroCERT

10232	2023-09-25 07:39	kus.exe 073e99375099253a97c86d972a82b344 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Malware Code Injection buffers extracted					5.8			ZeroCERT

10233	2023-09-25 07:39	s1.exe 9103d5d5d8ecaec5b6cb5eb72770d326 Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.4	M	26	ZeroCERT

10234	2023-09-24 11:24	tanos.exe 717b7bb4871f297308de3412fa4a6df8 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check DLL PDB Code Injection unpack itself suspicious process AppData folder Remote Code Execution					2.8			ZeroCERT

10235	2023-09-24 11:21	exto.exe 9379586a4b035658785cc87c8292d6df task schedule Malicious Library UPX Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 OS Processor Check Malware download Malware Code Injection Malicious Traffic buffers extracted unpack itself Stealc Browser DNS	1 Keyword trend analysis	1	2	1	7.2	M		ZeroCERT

10236	2023-09-24 11:19	foto7447.exe 9e031f946e78b6ce0af495a760ef67e7 RedLine stealer Gen1 Emotet Browser Login Data Stealer task schedule Malicious Library UPX ASPack Http API PWS HTTP Internet API AntiDebug AntiVM PE File PE32 CAB DLL OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Stealc Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	1 Keyword trend analysis	2	6 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1	1	16.0	M	47	ZeroCERT

10237	2023-09-24 11:19	kus.exe 04513f64dd4834354625e24e2b0b44c7 Malicious Library UPX AntiDebug AntiVM PE File PE32 OS Processor Check Malware Code Injection buffers extracted					7.0			ZeroCERT

10238	2023-09-23 20:10	gate4.exe 8a6554c54d9040abfbbaa853c9abce67 Malicious Library UPX PE File PE64 VirusTotal Malware unpack itself Windows crashed					3.2		23	ZeroCERT

10239	2023-09-23 20:08	download 823b5fcdef282c5318b670008b9e6922 Generic Malware PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.8		45	ZeroCERT

10240	2023-09-23 20:07	s5.exe 1476bccbd7569058dc7ddcaeacc23b3c Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware unpack itself Remote Code Execution					1.6		31	ZeroCERT

10241	2023-09-23 20:05	DigitalPulse.exe 3e74b7359f603f61b92cf7df47073d4a Generic Malware Malicious Library UPX PE File PE32 MZP Format OS Processor Check PE64 VirusTotal Malware Checks debugger unpack itself AppData folder					2.4		28	ZeroCERT

10242	2023-09-23 20:05	setup.exe 9cb4b92f6b0eef1a38d3dcf3c8ff9757 Malicious Library PE File PE32 VirusTotal Malware WMI Creates executable files RWX flags setting Checks Bios anti-virtualization ComputerName					3.8	M	24	ZeroCERT

10243	2023-09-23 19:55	LightCleaner.exe 8b04643577f8dd8fab107e1db5c3882d njRAT UPX Antivirus .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself					2.0		28	ZeroCERT

10244	2023-09-23 19:49	d1e3511d22c7f4502e50699a6735aa... d1e3511d22c7f4502e50699a6735aa38 Malicious Library UPX .NET DLL PE File DLL PE32 OS Processor Check VirusTotal Malware PDB					1.8		41	ZeroCERT

10245	2023-09-23 19:47	df656194809375ad60e61b7e05cf02... df656194809375ad60e61b7e05cf02ac Malicious Library UPX .NET DLL PE File DLL PE32 OS Processor Check VirusTotal Malware PDB					1.0		3	ZeroCERT