Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10906	2023-08-08 18:48	Tuwio.exe 4abf4307d3c34c700ba5f3bfcc9d8fbe PE64 PE File VirusTotal Malware suspicious privilege MachineGuid Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key					3.4	M	46	ZeroCERT

10907	2023-08-08 18:47	Alligator_Gamers.exe 5c3d28d428bb30d59eb8ff498540a5d8 Gen1 UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Telegram MachineGuid Malicious Traffic Check memory WMI Creates executable files unpack itself Collect installed applications sandbox evasion anti-virtualization installed browsers check Tofsee Browser Email ComputerName DNS Software	5 Keyword trend analysis	5	4		11.0		43	ZeroCERT

10908	2023-08-08 18:46	isuhgb.exe 0ccc74c374d8c7ce89bce94b6134090d task schedule UPX WinRAR Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 .NET EXE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself AppData folder WriteConsoleW Remote Code Execution crashed					7.6			ZeroCERT

10909	2023-08-08 18:44	test.exe 65c06c0404ce69f08491b0f868e0b635 AsyncRAT task schedule Downloader UPX .NET framework(MSIL) Malicious Library Malicious Packer Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDe VirusTotal Malware AutoRuns Code Injection Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					4.8	M	48	ZeroCERT

10910	2023-08-08 18:43	loki.exe 3cf88d419652e5fc43ec8983fa501618 Malicious Library PE File PE32 VirusTotal Malware PDB					2.0	M	34	ZeroCERT

10911	2023-08-08 18:43	UpdateSvc.exe 089428711dddec20eabf7732eea8fb8d Generic Malware .NET framework(MSIL) Antivirus .NET EXE PE File PE32 VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself WriteConsoleW Ransomware Windows ComputerName					5.4	M	35	ZeroCERT

10912	2023-08-08 18:43	ark.exe 57c8002e35b846998d5543c6d45b0422 .NET framework(MSIL) Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key crashed					3.2	M	19	ZeroCERT

10913	2023-08-08 18:42	RFQ-EUF5089.exe fcb4a32e656f4aa3d890f85d902835b8 PWS KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Telegram PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger		4	4		11.4	M	25	ZeroCERT

10914	2023-08-08 18:40	my.exe 19122289de675e7d76857845c98da6db UPX Malicious Library MZP Format PE File PE32 Browser Info Stealer Malware download VirusTotal Malware Cryptocurrency wallets Cryptocurrency Malicious Traffic Check memory buffers extracted unpack itself Collect installed applications sandbox evasion installed browsers check Ransomware Lumma Stealer Browser ComputerName Remote Code Execution Firmware	3 Keyword trend analysis	2	1	3	8.4	M	20	ZeroCERT

10915	2023-08-08 09:30	Avast.exe 7735f97175abb2da0cfce029d211dc66 PE64 PE File Malware download Amadey VirusTotal Malware Malicious Traffic unpack itself DNS	1 Keyword trend analysis	4	2		3.8	M	46	ZeroCERT

10916	2023-08-08 09:23	DigitalPulse.exe f0ba8b6ab407e8c0c70f78d5f7cf14a1 Generic Malware UPX Malicious Library OS Processor Check MZP Format PE File PE32 PE64 VirusTotal Malware Checks debugger unpack itself AppData folder					2.0	M	6	ZeroCERT

10917	2023-08-08 09:21	BR.exe 1c7a29f48b56d6e89620c0c55d515095 Themida Packer Generic Malware UPX .NET EXE PE File PE32 Browser Info Stealer Malware download VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check SectopRAT Windows Browser Backdoor ComputerName Remote Code Execution Firmware DNS Cryptographic key crashed		1	1		9.4	M	36	ZeroCERT

10918	2023-08-08 09:19	fotod360.exe de76c534160e914236dd0a7a0e9cb68f Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	4 Keyword trend analysis	3	13 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2	3	16.2	M		ZeroCERT

10919	2023-08-08 09:17	5.exe 82cf051811579ee4f1d9978af52f12db Emotet Generic Malware UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB Check memory Check virtual network interfaces Tofsee	1 Keyword trend analysis	3	1		1.8	M	15	ZeroCERT

10920	2023-08-08 09:16	logszx.doc 2c6c2c3fbdd819ee45b543d6632f842f MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit crashed					3.2	M	31	ZeroCERT