Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
12376	2023-06-11 22:35	gnilcr.exe 98e4b1b5b793b2ece39ac08b5b175968 RedLine stealer[m] RAT UPX AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		3	1		11.0	M	53	ZeroCERT

12377	2023-06-11 22:34	wininit.exe 1a3a72cfd544d61a7a9b650477460e89 Generic Malware UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.8	M	41	ZeroCERT

12378	2023-06-11 22:34	theme1.xml 7c846c1a3ca16765bede316a0b88981f AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

12379	2023-06-11 22:33	[Content_Types].xml 7084b736cec7aca9dcd6448907d35fb2 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

12380	2023-06-11 22:31	theme1.xml 7c846c1a3ca16765bede316a0b88981f AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

12381	2023-06-11 22:31	Deathmatics.exe 3bcc1eb867ab61418fe7a99dcffa3734 PWS .NET framework RAT UPX .NET EXE PE File PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Report Cryptocurrency wallets Cryptocurrency Telegram suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications Check virtual network interfaces AppData folder IP Check Tofsee Ransomware WhiteSnake Stealer Browser Email ComputerName DNS Software	5 Keyword trend analysis	14 Info r3.i.lencr.org(104.76.70.102) ip-api.com(208.95.112.1) x1.i.lencr.org(104.76.70.102) api.telegram.org(149.154.167.220) 104.76.70.102 167.86.115.218 65.21.49.163 89.46.80.136 149.154.167.220 185.189.159.121 138.201.197.74 - mailcious 208.95.112.1 5.181.12.94 - mailcious 129.151.210.129 - mailcious	6 Info ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] WhiteSnake Stealer Reporting Request (Outbound) ET POLICY External IP Lookup ip-api.com ET HUNTING Telegram API Domain in DNS Lookup	2	12.2	M	48	ZeroCERT

12382	2023-06-11 22:30	[Content_Types].xml 7084b736cec7aca9dcd6448907d35fb2 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

12383	2023-06-11 22:28	apapcr.exe 074f10e3171398d417f88386376174aa RedLine stealer[m] RAT UPX AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	1		11.0	M	52	ZeroCERT

12384	2023-06-11 22:28	theme1.xml 7c846c1a3ca16765bede316a0b88981f AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

12385	2023-06-11 22:28	[Content_Types].xml 7084b736cec7aca9dcd6448907d35fb2 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

12386	2023-06-11 22:28	cleanmgr.exe 21d050c21197079204d5b24526522bb2 UPX Malicious Library PE File PE32 DLL PNG Format VirusTotal Malware Check memory Creates executable files unpack itself AppData folder					2.8	M	45	ZeroCERT

12387	2023-06-11 22:26	theme1.xml 7c846c1a3ca16765bede316a0b88981f AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

12388	2023-06-11 22:25	[Content_Types].xml 7084b736cec7aca9dcd6448907d35fb2 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest

12389	2023-06-11 22:23	aee5f213.exe 5206b4f1cbecc1257f755163111a4929 UPX Malicious Library OS Processor Check PE File PE32 VirusTotal Malware unpack itself					2.0	M	51	ZeroCERT

12390	2023-06-11 22:23	theme1.xml 7c846c1a3ca16765bede316a0b88981f AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2		3.8			guest