Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
91	2024-09-17 13:55	66d329709506e_sngmre.exe 68da26c2c1d0d040a86cc3910a40d287 Client SW User Data Stealer ftp Client info stealer Malicious Library Antivirus Http API PWS AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself ComputerName					7.6	M	57	ZeroCERT

92	2024-09-17 13:55	client.exe 1d21e4dc9b9eb05b637330b6283bb885 UPX PE File .NET EXE PE32 VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName Cryptographic key crashed		2			9.4	M	48	ZeroCERT

93	2024-09-17 13:53	yqy9.exe e2980829e246f82cabeb175d2201ac96 UPX PE File PE32 VirusTotal Malware					1.2	M	60	ZeroCERT

94	2024-09-17 13:53	nc.exe 1b7ee505711d9f7f8cd58b36c8bfc84d UPX PE File PE32 VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself WriteConsoleW					3.2	M	23	ZeroCERT

95	2024-09-17 13:52	5KNCHALAH.exe 3f99c2698fc247d19dd7f42223025252 Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Windows Cryptographic key					3.4	M	57	ZeroCERT

96	2024-09-17 13:51	bIBnZA9851zj.exe 1afd58e3f054a7792007060ed612a7a9 Emotet Gen1 Generic Malware Malicious Library Malicious Packer ASPack UPX PE File DllRegisterServer dll PE32 OS Processor Check DLL VirusTotal Malware Check memory unpack itself AppData folder Remote Code Execution					3.0	M	45	ZeroCERT

97	2024-09-17 13:50	66e7df2dec2db_vnasdsadl.exe 458d31ecc5a490d5bda8d52e7ca8a5b6 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Internet API Http API PWS HTTP Code injection AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder malicious URLs sandbox evasion WriteConsoleW anti-virtualization IP Check installed browsers check Tofsee Windows Browser ComputerName DNS Software	4 Keyword trend analysis	8	9 Info ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET POLICY External IP Lookup api.ipify.org ET INFO Observed Telegram Domain (t .me in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET DROP Spamhaus DROP Listed Traffic Inbound group 23 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1	18.2	M	47	ZeroCERT

98	2024-09-17 13:49	Taskmgr.exe ea257066a195cc1bc1ea398e239006b2 Generic Malware Malicious Library UPX PE File PE64 OS Processor Check VirusTotal Malware MachineGuid RWX flags setting unpack itself suspicious TLD Tofsee ComputerName	1 Keyword trend analysis	2	1		3.8	M	48	ZeroCERT

99	2024-09-17 13:49	XClient_protected.exe c27417453090d3cf9a3884b503d22c49 Malicious Library Malicious Packer Antivirus .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself					2.4	M	63	ZeroCERT

100	2024-09-17 13:46	upd.exe 8da6d3f4326ca248d0a99d21d2d8b135 Generic Malware Malicious Library UPX PE File PE32 VirusTotal Malware unpack itself DNS		1			4.2	M	63	ZeroCERT

101	2024-09-17 13:45	kg.exe 1b2cab632cc4fb94652f4237b4f98342 Raccoon Stealer Generic Malware Admin Tool (Sysinternals etc ...) UPX AntiDebug AntiVM PE File PE32 VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted Creates executable files ICMP traffic RWX flags setting unpack itself AppData folder malicious URLs suspicious TLD DNS crashed	8 Keyword trend analysis	16 Info kodekode.ac.ug() - malware tinyurl.com(104.18.111.161) - mailcious hubvera.ac.ug() - malware fran.ac.ug() - mailcious bit.do(23.21.31.78) - mailcious tuekisa.ac.ug() markinda.top() ddlakava.ac.ug() - malware kode.ac.ug() partadino.ac.ug() - malware rebrand.ly(3.33.143.57) - mailcious markinda.xyz() fransceysse.ac.ug() - malware 15.197.137.111 23.21.31.78 104.17.112.233	3		10.8	M	61	ZeroCERT

102	2024-09-17 13:45	66e4a8917c9ba_crypted.exe a36dc92515ad9a1efd791c57e6b8825b RedLine stealer Antivirus ScreenShot PWS AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		2	6 Info ET DROP Spamhaus DROP Listed Traffic Inbound group 37 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)		14.4	M	54	ZeroCERT

103	2024-09-17 13:44	10.exe 4101b75d5e5fa4b011b571d090ed0501 PE File PE32 VirusTotal Malware Checks debugger		3			3.8	M	59	ZeroCERT

104	2024-09-17 13:43	JLumma.exe 8094be340c539b9ac0d2af7ea4c3120c Schwerer Generic Malware Malicious Library Malicious Packer UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware					1.4	M	46	ZeroCERT

105	2024-09-17 13:40	reverse_shell.exe 85ed77502f23915be5152b48bf4160e1 Metasploit Meterpreter Generic Malware PE File PE64 VirusTotal Malware DNS crashed		1			3.6	M	63	ZeroCERT