Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
11941	2023-06-27 09:42	NewPurchaseOrderPO838735354643... 08dc73443b35d4dc882d052c10457f4a UPX Malicious Library MZP Format PE32 PE File VirusTotal Malware RWX flags setting unpack itself					2.4		25	ZeroCERT

11942	2023-06-27 09:41	2809121.html 7092db4301292f93acadfbdf73ee8830 AntiDebug AntiVM MSOffice File Code Injection heapspray RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		4.4			guest

11943	2023-06-27 09:22	index.php d5da2435566d523cd212c4688def34cb ZIP Format						M		ZeroCERT

11944	2023-06-27 07:39	LATH.ps1 45d5e30ed69d3ef0e2a5d558afee3c6b Formbook Hide_EXE Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.4		1	guest

11945	2023-06-27 07:38	build.exe 9a9385a7d86a94281327c8c1a9f2305d Malicious Library PE32 PE File PDB unpack itself					1.0	M		ZeroCERT

11946	2023-06-27 07:37	fotod95.exe b2bd05386c45b15e5c1445313f8ec9b1 Gen1 Emotet Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File OS Processor Check CAB DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName DNS Cryptographic key Software crashed	3 Keyword trend analysis	2	10 Info ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response	3	15.2	M		ZeroCERT

11947	2023-06-27 07:36	svchost.exe 1fb72647665a1635f4fbef1430d43279 UPX Malicious Library OS Processor Check PE32 PE File Browser Info Stealer VirusTotal Malware Telegram MachineGuid Malicious Traffic Creates executable files unpack itself Tofsee Browser ComputerName DNS crashed	2 Keyword trend analysis	5	3	1	5.4	M	48	ZeroCERT

11948	2023-06-27 07:35	foto172.exe e609d62d8d48da3d205b632cd2fc52e8 Gen1 Emotet SmokeLoader Malicious Library UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE32 PE File CAB OS Processor Check .NET EXE DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName DNS Cryptographic key Software crashed Downloader	3 Keyword trend analysis	3	15 Info ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download	3	16.2	M		ZeroCERT

11949	2023-06-27 07:33	COM.ps1 52b6d554e3a0a708055b700b763448c0 Formbook Hide_EXE VirusTotal Malware					0.4		1	guest

11950	2023-06-27 07:33	sxemabyrtk_crypted.exe d834c163435fbe314dec88b9a4fa7e3d RedLine stealer UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	1		11.4	M	15	ZeroCERT

11951	2023-06-27 07:32	mu.exe 35a15fad3767597b01a20d75c3c6889a SmokeLoader PE32 PE File VirusTotal Malware					2.2	M	50	ZeroCERT

11952	2023-06-26 17:57	love.jpg.msi 1ba4c0146eda0f204a892338e8283521 Generic Malware Malicious Library Antivirus OS Processor Check CAB MSOffice File VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself AntiVM_Disk VM Disk Size Check ComputerName					3.0		40	ZeroCERT

11953	2023-06-26 17:55	love.lnk da93911622aced9baf5edd0704c5f020 Generic Malware Create Service Escalate priviledges AntiDebug AntiVM GIF Format VirusTotal Malware suspicious privilege Code Injection Creates shortcut unpack itself	1 Keyword trend analysis	1			3.0		20	ZeroCERT

11954	2023-06-26 17:35	Info2.dll 8f8d9541654b011456e78754a33f7d52 Generic Malware DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself Check virtual network interfaces DNS		1	1		2.4	M	29	ZeroCERT

11955	2023-06-26 17:33	TeamsUpdate.dll 650b84eaa4c3b6538ee4e427acb700da Generic Malware DLL PE64 PE File VirusTotal Malware Checks debugger unpack itself Check virtual network interfaces DNS		1	1		2.2	M	15	ZeroCERT