Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12076	2023-06-21 05:45	Log_me.exe 0f1fc7414dafa2f5583eb3c599509f23 Gen1 Gen2 UPX Malicious Library Malicious Packer OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Creates executable files Ransomware					2.2		1	ZeroCERT

12077	2023-06-21 05:39	@sogood1337_crypted%20%283%29.... 02e3ce5f9cff3521b4e443a7a98955ab RedLine stealer UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check PE File PE32 PE64 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Kelihos Tofsee Stealer Windows Browser ComputerName Trojan DNS Cryptographic key Software crashed	3 Keyword trend analysis	4	10 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Executable Download from dotted-quad Host ET HUNTING Suspicious svchost.exe in URI - Possible Process Dump/Trojan Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Possible Kelihos.F EXE Download Common Structure		16.0		41	ZeroCERT

12078	2023-06-21 05:37	conhost.exe eaca64d4830fdeacaa58080f4271c333 PWS .NET framework(MSIL) Emotet Generic Malware Suspicious_Script_Bin task schedule Downloader UPX Malicious Library Malicious Packer Antivirus Create Service DGA Socket DNS Steal credential Code injection HTTP Sniff Audio Http API Internet API Screen VirusTotal Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Tofsee Windows ComputerName Cryptographic key	7 Keyword trend analysis Info https://raw.githubusercontent.com/SilentHash/watchdog/main/WatchDog.exe https://github.com/SilentHash/watchdog/raw/main/WatchDog.exe https://github.com/SilentHash/WinRing/raw/main/WinRing0x64.sys https://raw.githubusercontent.com/SilentHash/WinRing/main/WinRing0x64.sys https://pastebin.com/raw/bWjH1xU4 https://raw.githubusercontent.com/SilentHash/xmrig/main/xmrig.exe https://github.com/SilentHash/xmrig/raw/main/xmrig.exe	6	1		11.8		27	ZeroCERT

12079	2023-06-21 05:36	svchost.exe d076c4b5f5c42b44d583c534f78adbe7 UPX Malicious Library Malicious Packer PE64 PE File VirusTotal Malware					1.8		38	ZeroCERT

12080	2023-06-21 05:33	c.exe 55a96c067de0fd8efb2825ca4fadf93a PWS RedLine stealer UPX Malicious Library Malicious Packer AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications WriteConsoleW installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		9.8	M	29	ZeroCERT

12081	2023-06-21 05:32	rocket.exe e67c3579198e6b84e85ffe74efc921dd PWS .NET framework(MSIL) UPX Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3		6.2		51	ZeroCERT

12082	2023-06-21 05:30	DaHostss.exe 07a224fc3d9edcaa5327490083bc7284 NSIS UPX Malicious Library PE File PE32 OS Processor Check DLL Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		8.4		40	ZeroCERT

12083	2023-06-21 05:30	done.exe 76ede52958acde30e4eb548b60192d26 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware PDB RWX flags setting unpack itself crashed					2.8		26	ZeroCERT

12084	2023-06-21 00:08	XKL.exe 7abab65f41193a9b02bbd3ca73fb2e75 Malicious Packer DNS AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware Buffer PE AutoRuns suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process WriteConsoleW human activity check Windows ComputerName DNS DDNS		1	1		14.8	M	56	guest

12085	2023-06-20 18:21	ss41.exe ab792c894fcf607dee3a7ffc68d3b181 Gen2 Gen1 Generic Malware UPX Malicious Packer PE64 PE File Browser Info Stealer Malware download VirusTotal Malware PDB suspicious privilege Malicious Traffic WMI unpack itself Windows utilities Check virtual network interfaces WriteConsoleW Fabookie Windows Browser ComputerName Remote Code Execution	3 Keyword trend analysis	4	1	3	5.0	M	12	ZeroCERT

12086	2023-06-20 17:59	tndv.zip 83b338082fc994430cd4c0c27077f1c9 ZIP Format VirusTotal Malware Malicious Traffic NetSupport	3 Keyword trend analysis	4	3		1.4	M	18	ZeroCERT

12087	2023-06-20 17:47	Dahost.exe 9639674b0e08cf8e16c763c8c2af8902 Formbook PWS .NET framework(MSIL) AntiDebug AntiVM .NET EXE PE File PE32 VirusTotal Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself					7.8	M	40	ZeroCERT

12088	2023-06-20 17:45	lsass.exe ad85442ee6ba3f66771fbc0adf5de628 UPX Malicious Library PE File PE32 PNG Format DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					3.2	M	42	ZeroCERT

12089	2023-06-20 17:44	HSBC%20Payment%20Advice.exe 70a81d8a8e39dc10c9245907afbd5960 NSIS UPX Malicious Library PE File PE32 DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Ransomware					4.8	M	47	ZeroCERT

12090	2023-06-20 17:41	nice.exe 9b2d50990e152d46b478ca2453728d11 UPX Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		11.4	M	41	ZeroCERT