Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
10456	2023-07-08 14:07	PTT_20230707-WA01120xlsx.exe 74c5ede3fd6bf983ae8bf512cdab90ad AgentTesla Generic Malware UPX .NET framework(MSIL) Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		12.8	39	ZeroCERT

10457	2023-07-08 14:05	class-wp-image-editors.php 2796bf32abbebdd11a35603f3453214d Generic Malware task schedule UPX Malicious Library Antivirus AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed	8 Keyword trend analysis Info https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys - rule_id: 34841 https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys https://pastebin.com/raw/PTNbBX9V - rule_id: 34840 https://pastebin.com/raw/PTNbBX9V https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe - rule_id: 21519 https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe - rule_id: 21520 https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe	4	1	4	15.2	37	ZeroCERT

10458	2023-07-08 14:03	rcoekta.exe a4341997cbad7d63be6f3a07b9783804 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	2		7.4	42	ZeroCERT

10459	2023-07-08 14:02	clip64.dll 065b19dd4e0258a3cd9b5ef57a405eac UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself					2.0	53	ZeroCERT

10460	2023-07-07 18:55	enstomc2.1.exe dc1ced16440c1685cfc2bfe7c9fda083 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder	4 Keyword trend analysis Info http://www.deliciasbethel.info/c20s/?DVBX=0MD65XWqEGmfQ0385QOYLMWXUmbCICRz+ZxGu9aOkLt7+ZM+opJpio0/V1ouAxNLj4ViaBph&UbGD=qFNxA0YxDdFXnlHP http://www.rastreosonline.lat/c20s/?DVBX=3rfdN+WQ4K5ti9+PcEtUR+xxfPddEUd2ubj+kG8ODpULlQc0d7OahN6Fp1kUWJZerpn6yhMk&UbGD=qFNxA0YxDdFXnlHP http://www.lawyercriminal.online/c20s/?DVBX=OqT4TDZXX8n4nzhgSqDClvlTeNzDX736vbjdAvptvkJx+VGp3lprU3NJ1OqV6uSCFtdB5HHf&UbGD=qFNxA0YxDdFXnlHP http://www.globalservice.fun/c20s/?DVBX=8GjTKD1P5krVnnM+7bBe0gOYwBaMV8hxPnCdvjlSRTD5gVIx5fO8N6aCbhO/gOACPtm11bCQ&UbGD=qFNxA0YxDdFXnlHP	8	1		4.4	35	ZeroCERT

10461	2023-07-07 18:43	9bd765cdd4c71309_a-lmrnrp.dll b9a0d96f9ff58f51d53387be146360aa .NET DLL DLL PE File PE32 PDB					0.2		ZeroCERT

10462	2023-07-07 18:39	LoaderWPF.exe 2f3080389c8825e786dfaffc4969db2a .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.0	18	ZeroCERT

10463	2023-07-07 18:37	Evolion%20Launcher.exe ca5edac1d63d63c4e4422fec79b538d4 UPX Malicious Library OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.4	32	ZeroCERT

10464	2023-07-07 18:35	Evolion%20Launcher.exe 6cadcd483bbc4c11225938b4efb0ac1c .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key					2.6	30	ZeroCERT

10465	2023-07-07 18:34	IntelRealTech.exe 8c9eb4d9d60900fbb2a07e7990f2fad0 PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1		2.4	30	ZeroCERT

10466	2023-07-07 18:32	out.ps1 fd7e758aa92a90eaae39ed45b2d6bacd RedLine stealer Formbook Hide_EXE Generic Malware Antivirus AntiDebug AntiVM .NET DLL DLL PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder Windows DNS Cryptographic key		1			9.6	3	ZeroCERT

10467	2023-07-07 18:28	Evolion%20Launcher.exe 876283f1527fa588ad861dc2b6cc1b08 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.0	16	ZeroCERT

10468	2023-07-07 18:12	clip64.dll dc587d08b8ca3cd62e5dc057d41a966b UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself DNS		1			2.6	59	ZeroCERT

10469	2023-07-07 18:08	AMDx46.exe 759300ac41209528786f5445346ae591 Malicious Library PE64 PE File Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency Malicious Traffic DNS CoinMiner	1 Keyword trend analysis	3	3		3.2	34	ZeroCERT

10470	2023-07-07 10:13	page.html f6b00338f9b1aa52396ffb72af40bf04 AntiDebug AntiVM MSOffice File Code Injection unpack itself Windows utilities Tofsee Windows DNS	4 Keyword trend analysis	34 Info edgedl.me.gvt1.com(34.104.35.123) - bit.ly(67.199.248.11) - www.google.com(142.250.207.100) - www.gstatic.com(142.250.76.131) - pdf-readonline.website(45.83.122.52) - _googlecast._tcp.local() - fonts.googleapis.com(142.250.206.202) - clients2.googleusercontent.com(142.250.76.129) - accounts.google.com(172.217.25.173) - dhqidctjo3ugevk9u5sev1r.webdav.drivehq.com(66.220.9.58) - fonts.gstatic.com(142.250.206.195) - apis.google.com(142.250.76.142) - dhqidlnsxx2qigisdvn7x2f.webdav.drivehq.com(66.220.9.58) - p13n.adobe.io(54.224.241.105) - dhqid45r064utd5gygt2jy6.webdav.drivehq.com(66.220.9.58) - www.smartsheet.com(151.101.194.191) - clientservices.googleapis.com(172.217.25.163) - 142.250.204.35 - 52.6.155.20 - 142.250.207.99 - 146.75.50.191 - 142.250.66.132 - 216.58.200.227 - 67.199.248.10 - 66.220.9.58 - 121.254.136.27 - 142.250.204.129 - 142.250.204.46 - 142.250.66.77 - 172.217.24.99 - 142.250.204.110 - 45.83.122.52 - 142.250.204.74 - 34.104.35.123 -	2		3.4		ZeroCERT