Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
11716	2023-07-06 10:51	tonyspecialzx.exe b4df3d7f0826501829e1a03991e1fe81 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger				14.0		33	r0d

11717	2023-07-06 10:22	ENL.exe 6bbf5d0c83cb7c0f014c903367e81952 PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		4	4	13.0	M	32	ZeroCERT

11718	2023-07-06 09:43	tonyspecialzx.exe b4df3d7f0826501829e1a03991e1fe81 Generic Malware Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed keylogger				13.0	M	33	r0d

11719	2023-07-06 09:06	data.msi 15f8410481816c5d95d8552728955ea1 Malicious Library OS Processor Check CAB MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName				2.6		25	ZeroCERT

11720	2023-07-06 09:05	t.jpg.ps1 b821c870d2acac3d9de772d1e19e0a76 Hide_EXE Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key				1.4	M	8	ZeroCERT

11721	2023-07-06 09:05	test.bat e3a8e1928ed39b4d8f94a09723fff443 Generic Malware Downloader Antivirus Create Service Socket DGA Steal credential Escalate priviledges Code injection HTTP PWS Sniff Audio DNS ScreenShot Http API Internet API FTP KeyLogger P2P AntiDebug AntiVM powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.2	M		ZeroCERT

11722	2023-07-06 09:01	test.bat 799dcc99a80facea16f932bf0a24eddd Generic Malware Downloader Antivirus Create Service Socket DGA Steal credential Escalate priviledges Code injection HTTP PWS Sniff Audio DNS ScreenShot Http API Internet API FTP KeyLogger P2P AntiDebug AntiVM powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key				3.6			ZeroCERT

11723	2023-07-06 07:35	ansazx.exe fdd25eee7ddd13861e4923ca95ccd013 Formbook Generic Malware Antivirus PWS AntiDebug AntiVM PE File .NET EXE PE32 powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process suspicious TLD WriteConsoleW Windows ComputerName DNS Cryptographic key		3	1	11.4			ZeroCERT

11724	2023-07-06 07:32	tester.exe 2eac8f8ceea82ac9984ac8b4eed5ad14 RedLine stealer Emotet Hide_EXE UPX .NET framework(MSIL) Escalate priviledges PWS Anti_VM AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications malicious URLs installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	1	10.4			ZeroCERT

11725	2023-07-06 07:30	build.exe 500c633d97542e90c7c7baee6ae96c4f UPX Malicious Library OS Processor Check PE File PE32 unpack itself				1.0			ZeroCERT

11726	2023-07-06 07:30	Project_8.exe ed7cf64192cd90aac14b69cdd202f30d UPX Malicious Library Malicious Packer OS Processor Check PE File PE32 Creates executable files unpack itself AppData folder Remote Code Execution DNS		1		5.0			ZeroCERT

11727	2023-07-06 07:30	SDK.exe c9a90d5cd106933f8b535847771c2b6f UPX .NET framework(MSIL) Antivirus PE File .NET EXE PE32 Check memory Checks debugger unpack itself Check virtual network interfaces Tofsee		2	1	1.2			ZeroCERT

11728	2023-07-06 07:29	crypted.exe a526acd18299b8959a660ad70ab45acf RedLine stealer UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key crashed		1	1	8.4			ZeroCERT

11729	2023-07-06 07:28	ENL.exe 6bbf5d0c83cb7c0f014c903367e81952 PWS SMTP KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious TLD IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed		4	4	12.4			ZeroCERT

11730	2023-07-06 07:26	prosperzx.doc be855d4449d170c7783d5767d02491d7 MS_RTF_Obfuscation_Objects RTF File doc Malware download Malware Malicious Traffic exploit crash unpack itself IP Check Tofsee Windows Exploit DNS crashed	1 Keyword trend analysis	3	7 Info ET INFO Executable Download from dotted-quad Host ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 ET POLICY PE EXE or DLL Windows file download HTTP ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	4.0			ZeroCERT