Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	VT	Player
11671	2023-07-08 14:07	Aas.EXE c3baac987bee5800b92b7e2d6d42db1a Emotet Suspicious_Script_Bin Generic Malware Malicious Library Admin Tool (Sysinternals etc ...) UPX CAB PE File PE32 DLL VirusTotal Malware AutoRuns PDB Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows utilities suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Remote Code Execution crashed		2			7.6	22	ZeroCERT

11672	2023-07-08 14:07	bnhost.exe a3be2d1b0cdf0bb7aa40cf2cbe054a51 .NET EXE PE File PE32 Browser Info Stealer RedLine FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI ICMP traffic unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	3		10.4	36	ZeroCERT

11673	2023-07-08 14:07	PTT_20230707-WA01120xlsx.exe 74c5ede3fd6bf983ae8bf512cdab90ad AgentTesla Generic Malware UPX .NET framework(MSIL) Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Check virtual network interfaces suspicious process IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed		2	2		12.8	39	ZeroCERT

11674	2023-07-08 14:05	class-wp-image-editors.php 2796bf32abbebdd11a35603f3453214d Generic Malware task schedule UPX Malicious Library Antivirus AntiDebug AntiVM OS Processor Check PE File PE32 VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process malicious URLs WriteConsoleW Tofsee Windows ComputerName Cryptographic key crashed	8 Keyword trend analysis Info https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys - rule_id: 34841 https://github.com/S1lentHash/file_to_dwnld/raw/main/WinRing0x64.sys https://pastebin.com/raw/PTNbBX9V - rule_id: 34840 https://pastebin.com/raw/PTNbBX9V https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe - rule_id: 21519 https://github.com/S1lentHash/newwatch/raw/main/NewNewWatch.exe https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe - rule_id: 21520 https://github.com/S1lentHash/xmrig/raw/main/xmrig.exe	4	1	4	15.2	37	ZeroCERT

11675	2023-07-08 14:03	rcoekta.exe a4341997cbad7d63be6f3a07b9783804 RedLine Infostealer RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed	1 Keyword trend analysis	3	2		7.4	42	ZeroCERT

11676	2023-07-08 14:02	clip64.dll 065b19dd4e0258a3cd9b5ef57a405eac UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself					2.0	53	ZeroCERT

11677	2023-07-07 18:55	enstomc2.1.exe dc1ced16440c1685cfc2bfe7c9fda083 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself AppData folder	4 Keyword trend analysis Info http://www.deliciasbethel.info/c20s/?DVBX=0MD65XWqEGmfQ0385QOYLMWXUmbCICRz+ZxGu9aOkLt7+ZM+opJpio0/V1ouAxNLj4ViaBph&UbGD=qFNxA0YxDdFXnlHP http://www.rastreosonline.lat/c20s/?DVBX=3rfdN+WQ4K5ti9+PcEtUR+xxfPddEUd2ubj+kG8ODpULlQc0d7OahN6Fp1kUWJZerpn6yhMk&UbGD=qFNxA0YxDdFXnlHP http://www.lawyercriminal.online/c20s/?DVBX=OqT4TDZXX8n4nzhgSqDClvlTeNzDX736vbjdAvptvkJx+VGp3lprU3NJ1OqV6uSCFtdB5HHf&UbGD=qFNxA0YxDdFXnlHP http://www.globalservice.fun/c20s/?DVBX=8GjTKD1P5krVnnM+7bBe0gOYwBaMV8hxPnCdvjlSRTD5gVIx5fO8N6aCbhO/gOACPtm11bCQ&UbGD=qFNxA0YxDdFXnlHP	8	1		4.4	35	ZeroCERT

11678	2023-07-07 18:43	9bd765cdd4c71309_a-lmrnrp.dll b9a0d96f9ff58f51d53387be146360aa .NET DLL DLL PE File PE32 PDB					0.2		ZeroCERT

11679	2023-07-07 18:39	LoaderWPF.exe 2f3080389c8825e786dfaffc4969db2a .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.0	18	ZeroCERT

11680	2023-07-07 18:37	Evolion%20Launcher.exe ca5edac1d63d63c4e4422fec79b538d4 UPX Malicious Library OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.4	32	ZeroCERT

11681	2023-07-07 18:35	Evolion%20Launcher.exe 6cadcd483bbc4c11225938b4efb0ac1c .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself Windows Cryptographic key					2.6	30	ZeroCERT

11682	2023-07-07 18:34	IntelRealTech.exe 8c9eb4d9d60900fbb2a07e7990f2fad0 PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1		2.4	30	ZeroCERT

11683	2023-07-07 18:32	out.ps1 fd7e758aa92a90eaae39ed45b2d6bacd RedLine stealer Formbook Hide_EXE Generic Malware Antivirus AntiDebug AntiVM .NET DLL DLL PE File PE32 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities AppData folder Windows DNS Cryptographic key		1			9.6	3	ZeroCERT

11684	2023-07-07 18:28	Evolion%20Launcher.exe 876283f1527fa588ad861dc2b6cc1b08 .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Windows Cryptographic key					2.0	16	ZeroCERT

11685	2023-07-07 18:12	clip64.dll dc587d08b8ca3cd62e5dc057d41a966b UPX Admin Tool (Sysinternals etc ...) Malicious Library OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself DNS		1			2.6	59	ZeroCERT