Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
11866	2023-06-30 09:44	95.214.25.233:3002 8eca708367942803dd00ee83d0a3944f UPX Malicious Library OS Processor Check PE File PE32				0.6	M		ZeroCERT

11867	2023-06-30 09:29	new64.dll 0168ca4a89a13c8b48f97edcd8c32165 Generic Malware DLL PE64 PE File VirusTotal Malware unpack itself Windows crashed				2.4	M	12	ZeroCERT

11868	2023-06-30 07:47	ProfileUpdate.exe c92d329c982a22f81e4b045e5de2f1c1 RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3	5.4			ZeroCERT

11869	2023-06-29 17:56	herozx.exe 1740c5dae86b5948e6dd0fc2e99534a8 Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2	14.6	M	48	ZeroCERT

11870	2023-06-29 17:38	davincizx.exe dacf04bf96751944ade96bbf9a746429 LokiBot Generic Malware .NET framework(MSIL) Antivirus Socket PWS DNS AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote suspicious process malicious URLs WriteConsoleW installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software		1		15.4	M	51	ZeroCERT

11871	2023-06-29 17:36	wikipedia.exe 7f6e2a0959481ac955ffa5c591a1e25e NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed				4.0	M	42	ZeroCERT

11872	2023-06-29 17:36	dollzx.doc 5452ebd4ac62c603d22998055e7534ac MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware RWX flags setting exploit crash Exploit DNS crashed		1		4.8	M	36	ZeroCERT

11873	2023-06-29 17:08	data64_2.exe 78cdf3b9c25732723d3dda33f24b8eb6 RedLine stealer AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1	1	13.0		31	ZeroCERT

11874	2023-06-29 17:08	postmonn.exe d699bb26d34ae6d55afdbf3cec0174e3 Generic Malware Antivirus UPX Malicious Library Malicious Packer .NET EXE PE File PE32 PowerShell OS Processor Check VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	4	3	10.0		41	ZeroCERT

11875	2023-06-29 17:07	Bar0628.exe 0afd8fcf4215d384ac328f01125c3d5c RedLine stealer Themida Packer UPX Socket DNS AntiDebug AntiVM .NET EXE PE File PE32 PNG Format PE64 JPEG Format Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files ICMP traffic unpack itself Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces AppData folder VMware anti-virtualization installed browsers check Tofsee Interception Stealer Windows Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	13 Keyword trend analysis Info https://sso.passport.yandex.ru/push?uuid=85d50709-205d-41dd-abfd-712b81bf467c&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://dzen.ru/?yredirect=true https://yandex.ru/ http://tokoi45.beget.tech/server.txt http://tokoi45.beget.tech/server1.txt http://tokoi45.beget.tech/server2.txt https://formacioncontinua.com.mx/2/data64_1.exe https://formacioncontinua.com.mx/2/data64_2.exe https://formacioncontinua.com.mx/2/data64_3.exe https://formacioncontinua.com.mx/2/data64_4.exe https://formacioncontinua.com.mx/2/data64_5.exe https://formacioncontinua.com.mx/2/data64_6.exe https://formacioncontinua.com.mx/webArg2.txt	13 Info formacioncontinua.com.mx(66.225.201.117) tokoi45.beget.tech(5.101.152.100) - mailcious iplogger.com(148.251.234.93) - mailcious yandex.ru(77.88.55.60) dzen.ru(62.217.160.2) sso.passport.yandex.ru(213.180.204.24) 213.180.204.24 148.251.234.93 - mailcious 168.119.239.218 - mailcious 5.101.152.100 - malware 77.88.55.88 66.225.201.117 - mailcious 62.217.160.2	4	20.2	M	21	ZeroCERT

11876	2023-06-29 17:06	soft1.eXE 0be1c5894e7ff3044ed425a395e03737 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer Email Client Info Stealer AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Windows Browser Email ComputerName Cryptographic key Software crashed		2		7.0	M		ZeroCERT

11877	2023-06-29 17:04	data64_3.exe eb7c97847a79c9c91b74da04238cf36b Themida Packer UPX .NET EXE PE File PE32 VirusTotal Malware AutoRuns suspicious privilege Check memory Checks debugger Creates executable files unpack itself Checks Bios Detects VMWare Check virtual network interfaces AppData folder VMware anti-virtualization Tofsee Windows Remote Code Execution Firmware crashed	3 Keyword trend analysis	6	1	8.8		37	ZeroCERT

11878	2023-06-29 17:04	1.exe 90aa9056d883bfe16f148deb933b548d Schwerer UPX PE File PE32 Browser Info Stealer VirusTotal Email Client Info Stealer Malware Check memory Checks debugger Creates executable files unpack itself suspicious process AppData folder AntiVM_Disk sandbox evasion VM Disk Size Check Browser Email ComputerName				6.8	M	37	ZeroCERT

11879	2023-06-29 13:34	tofsee.exe 92e466525e810b79ae23eac344a52027 PWS/Dexter Tofsee Malicious Library Malicious Packer PE File PE32 VirusTotal Malware AutoRuns Check memory Creates executable files Windows utilities suspicious process AntiVM_Disk WriteConsoleW Firewall state off VM Disk Size Check Windows				5.2		61	r0d

11880	2023-06-29 10:21	1Top.exe 51b7849db58928fb6c1f1e2a343cd2f0 RedLine stealer UPX .NET framework(MSIL) Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3	6.2	M	47	r0d