Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
13291	2023-05-14 17:34	rhadBxnnruvkl.exe 0472716feb0cc3115bb8d2d95a5e2279 RAT .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself				2.4	M	48	ZeroCERT

13292	2023-05-14 17:32	ProtonVPN.exe d8560a7c131d8313f0f95e49e1aa0b73 Gen1 Gen2 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 DLL JPEG Format Browser Info Stealer Malware download VirusTotal Malware RecordBreaker Buffer PE MachineGuid Code Injection Malicious Traffic Check memory buffers extracted Creates executable files unpack itself Collect installed applications AppData folder WriteConsoleW installed browsers check Stealer Windows Browser DNS crashed	9 Keyword trend analysis Info http://165.232.118.86/ http://165.232.118.86/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll http://165.232.118.86/498c5e808a95e0c9bc9684b0df2e9aaa http://165.232.118.86/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll http://165.232.118.86/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll http://165.232.118.86/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll http://165.232.118.86/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll http://165.232.118.86/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll http://165.232.118.86/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll	2	6 Info ET MALWARE Win32/RecordBreaker CnC Checkin M1 ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Possible Generic Stealer Sending System Information ET HUNTING Possible Generic Stealer Sending a Screenshot	12.4	M	44	ZeroCERT

13293	2023-05-14 17:32	build.exe 1e0be6fd7600c7218b3542af67ab2a0d PWS .NET framework RAT UPX OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2	7.4	M	62	ZeroCERT

13294	2023-05-14 17:32	44444444.exe 4fda10dd689cf07faf7ccad6eeb5b8b3 PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		5.8	M	49	ZeroCERT

13295	2023-05-14 17:32	clip64.dll 73c0c85e39b9a63b42f6c4ff6d634f8b UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE File PE32 VirusTotal Malware PDB Checks debugger unpack itself				2.0	M	59	ZeroCERT

13296	2023-05-14 17:19	tungbot.exe 1789934e3f3f870ab38fb363701f5b88 PWS .NET framework RAT UPX OS Processor Check .NET EXE PE File PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Collect installed applications Check virtual network interfaces installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2	7.4	M	57	ZeroCERT

13297	2023-05-14 17:12	STnew.exe 9698ef1c3c72a67865b27847f3fcb633 Emotet Gen2 Generic Malware UPX Malicious Library AntiDebug AntiVM OS Processor Check PE File PE32 .NET EXE Malware Buffer PE AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder WriteConsoleW Windows ComputerName Remote Code Execution DNS Cryptographic key DDNS crashed	1 Keyword trend analysis	3	5 Info ET POLICY DNS Query to DynDNS Domain *.ddns .net ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	16.4	M		ZeroCERT

13298	2023-05-14 17:12	server.exe 30260b612d994b6c7e5ff1febcb9a157 Formbook RAT .NET EXE PE File PE32 VirusTotal Malware VBScript AutoRuns Check memory Checks debugger WMI wscript.exe payload download Creates executable files unpack itself AntiVM_Disk IP Check VM Disk Size Check Tofsee Interception Windows ComputerName DNS DDNS Dropper	4 Keyword trend analysis	6	6 Info SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup ip-api.com ET INFO DYNAMIC_DNS Query to a .duckdns .org Domain ET INFO DYNAMIC_DNS Query to .duckdns. Domain ET INFO HTTP POST Request to DuckDNS Domain ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain	10.0	M	37	ZeroCERT

13299	2023-05-14 17:10	Widgets.bat b03d77953c460064e03d928ce56b1976 Downloader Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key				4.0			ZeroCERT

13300	2023-05-14 17:09	file4.ps1 97b66f50d529a72add418aaf982a6b10 Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			4.8	M	2	ZeroCERT

13301	2023-05-14 17:09	bild202.exe a17af46e9c7bba005d9907ad2b722560 Loki_b Loki_m RedLine stealer[m] Gen1 PWS .NET framework RAT Generic Malware Downloader UPX Malicious Library Antivirus Malicious Packer Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escala Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency Telegram suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger WMI Creates shortcut Creates executable files unpack itself Collect installed applications Check virtual network interfaces suspicious process AppData folder malicious URLs sandbox evasion anti-virtualization installed browsers check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software	4 Keyword trend analysis	6	3	16.6	M	48	ZeroCERT

13302	2023-05-14 17:08	lega.exe 72361b9ac961ae2ec3e94022f1ccb0a6 RedLine stealer[m] Gen1 Emotet PWS .NET framework RAT RedLine Stealer UPX Malicious Library Confuser .NET SMTP PWS[m] AntiDebug AntiVM CAB PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AppData folder AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1		14.0	M		ZeroCERT

13303	2023-05-14 17:07	HalogenSySCheck.exe ee0da89ff62475fe63a8cd12c7134c5e RedLine stealer[m] RAT PWS .NET framework Generic Malware Downloader UPX Malicious Library Antivirus Confuser .NET Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP Key Browser Info Stealer VirusTotal Malware powershell Telegram suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Collect installed applications powershell.exe wrote Check virtual network interfaces suspicious process AppData folder installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key crashed		3	4	9.8	M	42	ZeroCERT

13304	2023-05-14 17:05	sonbot2.exe 862025de8445a34f8543dcc96c806362 PWS .NET framework RAT UPX OS Processor Check .NET EXE PE File PE32 VirusTotal Malware Check memory Checks debugger unpack itself Check virtual network interfaces Windows DNS Cryptographic key	1 Keyword trend analysis	1		3.2	M	57	ZeroCERT

13305	2023-05-14 17:03	file1.ps1 a02ae4594adc3ed2a6160c84f5cb3a9e Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key	1 Keyword trend analysis			4.8	M	4	ZeroCERT