Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
12511	2023-06-08 09:28	YY.exe 5a01a667c84893b0ab403b39b3c73b53 AgentTesla RAT browser info stealer Google Chrome User Data Downloader Confuser .NET Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger ScreenShot AntiDebug AntiVM PE64 PE File Remcos VirusTotal Malware PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself DNS DDNS	1 Keyword trend analysis	6	3	9.4	M	28	ZeroCERT

12512	2023-06-08 09:28	main.exe d24e233cbed550a67e8d56f88632a869 Gen1 Emotet Generic Malware UPX Malicious Library Antivirus CAB PE64 PE File PDB Check memory unpack itself WriteConsoleW Windows Remote Code Execution Cryptographic key				1.8			ZeroCERT

12513	2023-06-08 09:27	dot.exe 0a8ef8b03ea08b3ef952d7b7cc7f3082 Generic Malware Malicious Packer PE64 PE File VirusTotal Malware unpack itself DNS		1		3.8	M	48	ZeroCERT

12514	2023-06-08 09:26	HH.exe 66108176e22e6f9513a62c76f2185468 AgentTesla browser info stealer Google Chrome User Data Downloader Confuser .NET Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM PE64 PE File Remcos VirusTotal Malware PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself DNS DDNS		2	3	7.4	M	45	ZeroCERT

12515	2023-06-08 09:26	Dollar.exe 99e770cd68e71c4e1fff20ffbb325624 RAT email stealer Downloader Confuser .NET DNS Code injection PWS[m] Escalate priviledges persistence KeyLogger AntiDebug AntiVM PE64 PE File VirusTotal Malware PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself DNS crashed		1		10.0		45	ZeroCERT

12516	2023-06-08 09:24	sonne.exe f4af549b7d5af2412c9b092cbe5610d1 UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) OS Processor Check PE File PE32 DLL Malware download Amadey Malware AutoRuns PDB Malicious Traffic Check memory Checks debugger Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS	3 Keyword trend analysis	1	7 Info ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET INFO Packed Executable Download ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	8.2	M		ZeroCERT

12517	2023-06-08 09:23	clip64.dll a5ed103ec4719a27ab3d3c01dac66f01 UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself				2.0	M	56	ZeroCERT

12518	2023-06-08 09:21	qqqqqqqqq f2d3c60d35d0213760c48cdfddec36dc OS Processor Check ZIP Format VirusTotal Malware DNS		2		1.4	M	20	ZeroCERT

12519	2023-06-08 09:21	metro.exe bbae70e8a90c7dee5fab03c19a86f1bb RedLine stealer[m] UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer Malware Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed		1	3	10.6			ZeroCERT

12520	2023-06-08 09:21	combo.exe f693e2f2661b6e5824ccd29e5ba58bb6 PWS .NET framework RAT Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM .NET EXE PE File PE32 Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Report Cryptocurrency wallets Cryptocurrency Telegram AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW IP Check Tofsee Ransomware WhiteSnake Stealer Windows Browser Email ComputerName DNS Software	8 Keyword trend analysis Info http://ip-api.com/line?fields=query,country http://129.151.210.129:8082/FMARE_test22%40TEST22-PC_report.wsr http://138.201.197.74:8080/FMARE_test22%40TEST22-PC_report.wsr http://apps.identrust.com/roots/dstrootcax3.p7c http://5.181.12.94/FMARE_test22%40TEST22-PC_report.wsr http://129.151.210.129:8082/pHCVP_test22%40TEST22-PC_report.wsr http://x1.i.lencr.org/ http://r3.i.lencr.org/	17 Info api.telegram.org(149.154.167.220) archive.torproject.org(159.69.63.226) x1.i.lencr.org(104.76.70.102) ip-api.com(208.95.112.1) r3.i.lencr.org(104.76.70.102) 104.76.70.102 167.86.115.218 65.21.49.163 61.111.58.40 149.154.167.220 185.189.159.121 159.69.63.226 138.201.197.74 208.95.112.1 5.181.12.94 129.151.210.129 89.46.80.136	6 Info ET HUNTING Telegram API Domain in DNS Lookup ET INFO TLS Handshake Failure ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE [ANY.RUN] WhiteSnake Stealer Reporting Request (Outbound) ET POLICY External IP Lookup ip-api.com	14.8	M	49	ZeroCERT

12521	2023-06-08 09:19	SS.exe b682e3dc1f18c1131f75ff8582aa5703 RAT email stealer Downloader Confuser .NET DNS Code injection PWS[m] Escalate priviledges persistence KeyLogger AntiDebug AntiVM PE64 PE File VirusTotal Malware PDB MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself DNS crashed		1		9.0	M	26	ZeroCERT

12522	2023-06-08 09:08	fotod25.exe 16a7613fd06e8be30c74a2392a78fcd4 RedLine stealer[m] Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	3 Keyword trend analysis	2	9 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	22.0	M	42	ZeroCERT

12523	2023-06-08 09:07	foto124.exe 36be93fe994c73fdac44e390bacda2dd RedLine stealer[m] Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PWS[m] AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer VirusTotal Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	11 Info ET MALWARE RedLine Stealer TCP CnC net.tcp Init ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET INFO Dotted Quad Host DLL Request	22.4	M	43	ZeroCERT

12524	2023-06-08 09:06	game.exe 9f13df58e0e7d6e235101c2a71f8bd3b UPX Malicious Library PWS[m] AntiDebug AntiVM OS Processor Check PE File PE32 Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Disables Windows Security Windows Update				8.4	M		ZeroCERT

12525	2023-06-07 18:30	SO9006759004_NEW_ORDER_P202.EX... 40b8a12714be22a559b3878196e04282 NSIS Suspicious_Script_Bin UPX Malicious Library PE File PE32 PNG Format DLL VirusTotal Malware Check memory Creates executable files unpack itself AppData folder Windows crashed				4.0		42	ZeroCERT