Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11071	2023-08-02 10:03	redlkript.exe c3b8d601e3e591f86694bf495397b8d7 UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	5		6.0	M	17	ZeroCERT

11072	2023-08-02 10:02	g.exe 0293212e847c117726731f3cb4994176 Malicious Library PE File PE32 VirusTotal Malware PDB Remote Code Execution					2.0	M	29	ZeroCERT

11073	2023-08-02 10:01	BRR.exe 5efbe5d0bcd3b6a78d4ee2b4ea3236e4 Themida Packer Generic Malware UPX Obsidium protector Anti_VM .NET EXE PE File PE32 VirusTotal Malware Malicious Traffic Check memory Checks debugger unpack itself Checks Bios Detects VMWare Check virtual network interfaces VMware anti-virtualization Tofsee Windows ComputerName Firmware DNS Cryptographic key crashed	1 Keyword trend analysis	3	1		9.0	M	31	ZeroCERT

11074	2023-08-02 10:00	IE_Neth.exe a69b0516cb39875b649aa5003b8ccadb Generic Malware .NET framework(MSIL) Antivirus .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					8.4	M	19	ZeroCERT

11075	2023-08-02 10:00	conhost.exe ecdb97e94c539f0be22aa0bd82739da1 XMRig Miner Emotet Generic Malware Suspicious_Script_Bin task schedule Downloader UPX Malicious Library Antivirus Malicious Packer .NET framework(MSIL) Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP D VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Cryptographic key	7 Keyword trend analysis Info https://github.com/S1lentHashhh/watchdog/raw/main/WatchDog.exe - rule_id: 35032 https://raw.githubusercontent.com/S1lentHashhh/WinRing/main/WinRing0x64.sys - rule_id: 35034 https://raw.githubusercontent.com/S1lentHashhh/WinRing/main/WinRing0x64.sys https://github.com/S1lentHashhh/xmrig/raw/main/xmrig.exe - rule_id: 35033 https://pastebin.com/raw/mu8c4MXX https://github.com/S1lentHashhh/WinRing/raw/main/WinRing0x64.sys - rule_id: 35035 https://github.com/S1lentHashhh/WinRing/raw/main/WinRing0x64.sys	6	1	4	11.6	M	12	ZeroCERT

11076	2023-08-02 09:59	wininit.exe e61c76dd476999bcb6a6fa307754ff96 .NET framework(MSIL) .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself					1.4	M		ZeroCERT

11077	2023-08-02 09:57	IE_Netcape.exe 664f4735aaad4babd8c6ab8abe20e4ce AgentTesla Generic Malware .NET framework(MSIL) Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		15.4	M	36	ZeroCERT

11078	2023-08-02 09:57	IE_NETWORK_PROTOCOL.exe 8321893248c389b13d9db8ef0757a73b Formbook .NET framework(MSIL) PWS AntiDebug AntiVM .NET EXE PE File PE32 FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself ComputerName	2 Keyword trend analysis	5	1		9.0	M	24	ZeroCERT

11079	2023-08-02 09:55	1Lyla.exe 4b1b9a060092af401c073ffbd1dd9e1b UPX Socket DNS PWS SMTP AntiDebug AntiVM .NET EXE PE File PE32 PNG Format GIF Format JPEG Format PE64 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Tofsee Interception Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	10 Keyword trend analysis Info http://tokoi45.beget.tech/server2.txt - rule_id: 34428 http://tokoi45.beget.tech/server1.txt http://disgen.in/webArg1.txt https://iplogger.com/12qaJ4 http://disgen.in/1/data64_1.exe http://disgen.in/1/data64_2.exe http://disgen.in/1/data64_3.exe http://disgen.in/1/data64_4.exe http://disgen.in/1/data64_5.exe http://disgen.in/1/data64_6.exe	7	8 Info ET POLICY PE EXE or DLL Windows file download HTTP SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response) ET INFO TLS Handshake Failure	1	17.4	M	43	ZeroCERT

11080	2023-08-02 09:55	updareservice.exe 21ef28aa75e0283b056e079624cb6ad4 .NET EXE PE File PE32 PDB Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee Windows		2	2		3.0	M		ZeroCERT

11081	2023-08-02 09:52	IE_Neth.exe cdd6c89e919974fd8f8fa65ece0de766 .NET framework(MSIL) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					3.2	M	31	ZeroCERT

11082	2023-08-02 09:52	00000000000000000000000%23%23%... c9ba92fc5db1a1e6428443f3d03ef006 MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic buffers extracted RWX flags setting exploit crash Windows Exploit DNS crashed	1 Keyword trend analysis	1	5 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response		4.6	M	31	ZeroCERT

11083	2023-08-01 16:18	loa.exe 0478a63ce705230c0750bd0688cf3f89 UPX Malicious Library Malicious Packer .NET EXE PE File PE32 OS Processor Check Malware download Amadey VirusTotal Malware AutoRuns Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS	1 Keyword trend analysis	1	8 Info ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Packed Executable Download	1	9.6	M	48	ZeroCERT

11084	2023-08-01 16:17	sd.exe 472512528a7908cda186e815079dd062 UPX .NET framework(MSIL) Malicious Library Malicious Packer Antivirus OS Processor Check .NET EXE PE File PE32 Check memory Checks debugger unpack itself					0.8	M		ZeroCERT

11085	2023-08-01 15:36	xClient.html.exe 2e511b44d6c00e1dd070d15bfe20a909 UPX .NET framework(MSIL) Malicious Library Malicious Packer Antivirus OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself					2.0		52	ZeroCERT