Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
10921	2023-08-08 09:16	foto4060.exe 154cfd11c188d2d5b6b2aef4c5b36f13 Gen1 Emotet Amadey RedLine Infostealer RedLine stealer Browser Login Data Stealer SmokeLoader UPX Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Confuser .NET Malicious Packer CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader	8 Keyword trend analysis Info http://193.233.254.61/loghub/master http://77.91.68.1/smo/du.exe - rule_id: 35705 http://77.91.68.61/rock/index.php - rule_id: 35495 http://77.91.68.61/rock/Plugins/clip64.dll - rule_id: 35516 http://77.91.68.1/new/fotod360.exe http://77.91.68.1/new/foto4060.exe http://77.91.68.61/rock/Plugins/cred64.dll - rule_id: 35515 http://77.91.68.3/fuzz/faman.exe - rule_id: 35706	5	16 Info ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Redline Stealer Activity (Response) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET INFO Dotted Quad Host DLL Request ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	5	17.8	M		ZeroCERT

10922	2023-08-08 09:15	OLMAPI32.dll 09a9e1b03f7d7de4340bc5f9e656b798 Generic Malware UPX Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware MachineGuid unpack itself Checks Bios sandbox evasion anti-virtualization ComputerName					3.0		49	ZeroCERT

10923	2023-08-08 09:14	ChromeSetup.exe 5a08ba81444a3984161787236f58f064 AgentTesla Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		13.2			ZeroCERT

10924	2023-08-08 09:12	bbb.exe 8834150bb6738dd7d34f5fc406d306da AgentTesla .NET framework(MSIL) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		10.4	M	37	ZeroCERT

10925	2023-08-08 09:12	s64cmd.dll 79c80f6c916250dfad7f433e1ff950ee Malicious Library VMProtect DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself DNS		1			4.0	M	21	ZeroCERT

10926	2023-08-07 18:39	Rhay_92.exe 664bffe24693a7575ffcdaf2e33d6188 UPX Malicious Packer OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.0	M	22	ZeroCERT

10927	2023-08-07 18:37	sdnaumaosm.exe 4c224ad23e402d58bbd23023bf883dc0 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.2	M	42	ZeroCERT

10928	2023-08-07 18:37	plugin_2023-08-06_15-05.exe c51b336b579c7d162f5c1c5ff4ce5599 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.2	M	44	ZeroCERT

10929	2023-08-07 18:35	somefile.exe 54631210ad8202513b794956c59e67a7 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5 Info ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response)		11.6	M	29	ZeroCERT

10930	2023-08-07 18:34	AmpulesUnweened.exe b6e604a44fada526ffdff314ba34953d UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself Remote Code Execution					2.2	M	43	ZeroCERT

10931	2023-08-07 18:33	enterprise-build.lnk 8dd882606c4b8a4b711ff858259694ed Generic Malware Antivirus AntiDebug AntiVM GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.8		14	ZeroCERT

10932	2023-08-07 09:39	soft64.dll bb4e3b588aedce8e203361b0879d9113 Malicious Library VMProtect DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself DNS		1			4.2	M	39	ZeroCERT

10933	2023-08-07 09:39	sof64t.dll 48514490face0a58cd5ea063e7de28e0 Malicious Library VMProtect DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself DNS		1			4.4	M	42	ZeroCERT

10934	2023-08-07 09:36	BR.exe c895da0796fc8d1b87c7212ef1e5b0b7 Themida Packer UPX Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Checks Bios Detects VMWare Check virtual network interfaces VMware anti-virtualization Tofsee Windows ComputerName Firmware DNS Cryptographic key crashed	1 Keyword trend analysis	4	1	1	9.4	M	56	ZeroCERT

10935	2023-08-07 09:34	wowo.exe c2ca868ecfdd5ee7a6d4143890a29872 UPX Malicious Library Malicious Packer .NET EXE PE File PE32 OS Processor Check PE64 Browser Info Stealer Malware download VirusTotal Malware Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Fabookie Browser	3 Keyword trend analysis	4	1	3	5.6	M	51	ZeroCERT