Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13216	2023-05-16 09:16	photo230.exe bd745f43c090fd7fc5aeae0ec6b48d5a RedLine stealer[m] Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Confuser .NET SMTP Code injection HTTP PWS[m] Http API Internet API AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	6 Keyword trend analysis Info http://77.91.124.20/store/games/Plugins/cred64.dll - rule_id: 31849 http://77.91.124.20/store/games/Plugins/clip64.dll - rule_id: 32546 http://77.91.124.20/DSC01491/foto0174.exe - rule_id: 32623 http://77.91.124.20/DSC01491/fotocr23.exe - rule_id: 32624 http://77.91.124.20/store/games/index.php - rule_id: 32547 http://77.91.124.20/store/games/index.php	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	5	21.6	M	33	ZeroCERT

13217	2023-05-16 09:15	sesilezx.exe dbeab62690e3177cd56f64428bf23c87 PWS .NET framework RAT .NET EXE PE File PE32 VirusTotal Malware PDB Check memory Checks debugger unpack itself					2.4	M	34	ZeroCERT

13218	2023-05-16 09:13	f3.ps1 89e4c4555657c3cb10655bcfa51ab471 Generic Malware Antivirus PowerShell VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.4	M	3	ZeroCERT

13219	2023-05-16 09:11	f1.ps1 7d6225d08a267f6ff0fcb4ca7245c7cd Generic Malware Antivirus PowerShell VirusTotal Malware powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.4		2	ZeroCERT

13220	2023-05-16 09:10	1230.exe 019cba45c206e0f3606dfb4382d054b1 RedlineRecordBreaker Gen1 Gen2 UPX Malicious Library VMProtect Malicious Packer PE File PE32 JPEG Format OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Malware RecordBreaker MachineGuid Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Stealer Windows Browser DNS	9 Keyword trend analysis Info http://185.181.10.208/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://185.181.10.208/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll http://185.181.10.208/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://185.181.10.208/ - rule_id: 28118 http://185.181.10.208/38d7d699697c9781f72fa487b05c8044 http://185.181.10.208/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://185.181.10.208/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll http://185.181.10.208/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll http://185.181.10.208/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll	1	5	1	7.4	M	30	ZeroCERT

13221	2023-05-16 09:09	f2.ps1 835bda23af56396c8ec4699742300bdf Generic Malware Antivirus PowerShell powershell AutoRuns suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis				5.0			ZeroCERT

13222	2023-05-16 07:33	xboyxVersionxx.txt 9e97c6197f0e42fae10fdb58559d0add UPX Malicious Library Malicious Packer OS Processor Check DLL PE64 PE File VirusTotal Malware					1.0		28	ZeroCERT

13223	2023-05-15 19:18	DZVcjxP.exe a6b930401417a341092dbfd48399c92b Gen2 Gen1 Suspicious_Script_Bin Generic Malware UPX Malicious Library Malicious Packer Antivirus Anti_VM MZP Format PE File PE32 BMP Format OS Processor Check VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName Cryptographic key					5.6		28	ZeroCERT

13224	2023-05-15 11:12	rels 77bf61733a633ea617a4db76ef769a4d AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email					3.2			guest

13225	2023-05-15 11:11	.rels 77bf61733a633ea617a4db76ef769a4d Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest

13226	2023-05-15 11:11	rels 77bf61733a633ea617a4db76ef769a4d AntiDebug AntiVM Email Client Info Stealer Code Injection Check memory Checks debugger unpack itself installed browsers check Browser Email DNS					3.8			guest

13227	2023-05-15 11:10	.rels 77bf61733a633ea617a4db76ef769a4d Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.2			guest

13228	2023-05-15 11:09	[Content_Types].xml d392bb3733b38ef8a29301ec15c1b348 AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					3.8			guest

13229	2023-05-15 11:09	.rels 77bf61733a633ea617a4db76ef769a4d Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		4.8			guest

13230	2023-05-15 11:08	[Content_Types].xml d392bb3733b38ef8a29301ec15c1b348 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2		5.2			guest