Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12211	2023-06-15 07:28	dr_mails_.ipb.exe 956d79812c98bbb5f5ba609cba79d5ee AntiDebug AntiVM PE File PE32 Code Injection buffers extracted unpack itself crashed					5.4			ZeroCERT

12212	2023-06-15 07:26	denver.exe 539a444f8dff3d9719e36fd9db31b799 Emotet UPX MPRESS PE64 PE File Remote Code Execution crashed					1.0			ZeroCERT

12213	2023-06-14 20:10	fotod75.exe 1b0c9933b0a99ac13e446dc9dfff0d31 Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	11 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	3	15.8	M		ZeroCERT

12214	2023-06-14 20:10	foto164.exe d7fc6dc543272040fef682b3927e84a5 Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	10 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	3	16.0	M		ZeroCERT

12215	2023-06-14 20:02	64.dll f40e1a15f93696510e5faef3a216f18f Generic Malware DLL PE64 PE File VirusTotal Malware Windows crashed					2.2	M	29	ZeroCERT

12216	2023-06-14 20:00	cred64.dll e6ab640c5271a1c4dda09a46e63aeb81 Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed					2.4	M	51	ZeroCERT

12217	2023-06-14 19:39	berr.php b904bd494f4eee2a317404eb1cc1162e UPX OS Processor Check DLL PE64 PE File PDB Checks debugger crashed					1.0			ZeroCERT

12218	2023-06-14 19:31	clip64.dll 77a6fdd6c731f7da07ffc412c9f17347 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself					2.0	M	51	ZeroCERT

12219	2023-06-14 19:30	YoutubeAdvert.exe 4509256a05f0d4090c11f2d424a33529 Themida Packer UPX .NET EXE PE File PE32 Browser Info Stealer Malware download VirusTotal Malware Check memory Checks debugger unpack itself Checks Bios Collect installed applications Detects VMWare VMware anti-virtualization installed browsers check SectopRAT Windows Browser Backdoor ComputerName Firmware DNS Cryptographic key crashed		1	1		9.4	M	54	ZeroCERT

12220	2023-06-14 19:30	Amday.exe 325cedfb3e4d23ddf1062ad55b6f6b6e Ave Maria WARZONE RAT Generic Malware Themida Packer UPX MPRESS Malicious Library Admin Tool (Sysinternals etc ...) PE File PE32 OS Processor Check DLL JPEG Format PE64 .NET EXE Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Checks Bios Collect installed applications Detects VMWare suspicious process AppData folder WriteConsoleW VMware anti-virtualization installed browsers check Tofsee SectopRAT Windows Browser Backdoor ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed	6 Keyword trend analysis	7	10 Info ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Arechclient2 Backdoor CnC Init ET MALWARE Amadey Bot Activity (POST) M1 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO Dotted Quad Host DLL Request		19.4	M	47	ZeroCERT

12221	2023-06-14 19:29	clip64.dll 83fc14fb36516facb19e0e96286f7f48 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself					2.0		48	ZeroCERT

12222	2023-06-14 19:27	fotod75.exe 6d61adb574da8badaa27b02f221e61a8 Gen1 Emotet UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	12 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request		17.2		42	ZeroCERT

12223	2023-06-14 17:51	8cfe1278-7990-41b7-9ba1-cace58... 74613866a05032ece791ba034e7708a1 RAT UPX OS Processor Check PE64 PE File VirusTotal Malware MachineGuid Check memory Checks debugger unpack itself					1.8	M	9	ZeroCERT

12224	2023-06-14 17:48	Client-built300.exe a49c5e330ff32fce3525644710daacdf Generic Malware UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 VirusTotal Malware RWX flags setting unpack itself crashed					1.8	M	22	ZeroCERT

12225	2023-06-14 17:48	DAN.exe d910f964e8a8e0f07ce1a7c9de35e309 Admin Tool (Sysinternals etc ...) .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself crashed					2.2	M	35	ZeroCERT