Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
10261	2023-07-17 13:27	file.exe 04a1a6bb7d8a6b9b5e95e09188e169f4 Malicious Library PE File PE32 VirusTotal Malware PDB				2.0	M	32	ZeroCERT

10262	2023-07-17 13:25	3eef203fb515bda85f514e168abb59... d52a5f6d591ea015b18fe22d2dcd92f8 Malicious Library PE File PE32 VirusTotal Malware PDB				2.2	M	45	ZeroCERT

10263	2023-07-17 13:25	an.exe 09ab5b40d8ea72b0fc02000284e22169 RedLine Infostealer UltraVNC UPX Malicious Library VMProtect OS Processor Check PE File PE32 VirusTotal Malware PDB suspicious privilege Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows ComputerName Cryptographic key crashed				6.2	M	23	ZeroCERT

10264	2023-07-17 13:14	Receipt-894324.xls 73f2506109fae384bc40c7ba7cb5fc9c VBA_macro MSOffice File VirusTotal Malware Check memory unpack itself suspicious process	10 Keyword trend analysis Info http://jeromfastsolutions.com:8088/scripts/file10.bin http://jeromfastsolutions.com:8088/templates/file10.bin http://jeromfastsolutions.com:8088/themes/file5.bin http://webservicesamazin.com:8088/css/details.bin http://fasteasyupdates.com:8088/tpls/file3.bin http://onlinefastsolutions.com:8088/plugins/file9.bin http://paymentadvisry.com:8088/styles/file7.bin http://jeromfastsolutions.com:8088/bundle/details.bin http://buyer-remindment.com:8088/css/file8.bin http://onlinefastsolutions.com:8088/fonts/file13.bin	1		3.2	M	37	guest

10265	2023-07-16 11:19	texaszx.doc ab48983ce4d1c89f69c4db12cc86f934 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	5.0		37	ZeroCERT

10266	2023-07-16 11:18	sk.exe 6e7ecd0389a97aa765eca10d5741b882 RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	4	8.0		58	ZeroCERT

10267	2023-07-16 11:17	deep.exe 404da62e0999dcbc4ee9907f5a9b56b6 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself ComputerName				2.4		36	ZeroCERT

10268	2023-07-16 11:16	post.exe bf34de529a120cc9a93664aae4bd83c3 RedlineStealer RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	4	8.0		65	ZeroCERT

10269	2023-07-16 11:14	file.exe 0644a6d1a7994445f05f3d4e20e82140 Themida Packer Generic Malware Anti_VM .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Detects VMWare VMware anti-virtualization Windows Firmware DNS Cryptographic key crashed		1		7.2		39	ZeroCERT

10270	2023-07-16 11:13	gold123.exe f63ac0b3496291dbc468e2d5a1f2bcd5 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	2	7.4		51	ZeroCERT

10271	2023-07-16 11:11	clip64.dll c0973231287f23e7cf3e8335a031bb8d UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself				2.0		58	ZeroCERT

10272	2023-07-16 11:11	texaszx.exe 562befbabd86d628aa650b58d5b0f97a AgentTesla .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2	10.4		29	ZeroCERT

10273	2023-07-16 11:09	damianozx.exe 1713d3d96339f9983809739473cbef08 AgentTesla .NET framework(MSIL) PWS KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2	10.8		44	ZeroCERT

10274	2023-07-16 11:09	damianozx.doc cff9ecbc256c9828f1e9ea683bc5ea31 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5.0		35	ZeroCERT

10275	2023-07-16 11:07	95.214.25.232:3004 fa0e45413ffcfb619ab488952c7d4cf3 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB Remote Code Execution				1.8		29	ZeroCERT