Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
1351	2024-08-10 12:37	Operation6572.exe 913bdfccaaed0a1ed80d2c52e5f5d7c3 RedLine stealer ILProtector Packer Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware suspicious privilege Check memory Checks debugger unpack itself Windows Cryptographic key					2.6	M	61	ZeroCERT

1352	2024-08-10 12:37	66b4f6893d3c3_shapr3D.exe 7b873ae5a7cd923a0cc5ac12107da0f2 Generic Malware Malicious Library Malicious Packer Antivirus UPX Anti_VM DllRegisterServer dll PE File PE64 OS Processor Check VirusTotal Malware					0.8	M	22	ZeroCERT

1353	2024-08-10 12:34	CW.exe d3a4c97bab4c5dc62e4144f68f11b6ef Lumma Stealer UPX PE File PE32 VirusTotal Malware					1.2	M	59	ZeroCERT

1354	2024-08-10 12:34	files1.exe 4cdc75abeab5351f2abc572869d70592 Malicious Library Malicious Packer .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware Check memory Checks debugger unpack itself ComputerName					2.4	M	24	ZeroCERT

1355	2024-08-10 12:32	rutua.dll ff432e4003e9d7135a97bd4dc0445dc3 Generic Malware PE File DLL PE32 VirusTotal Malware Checks debugger unpack itself crashed					2.2	M	24	ZeroCERT

1356	2024-08-10 12:31	autoupdate.exe e1dd2552700e2ddf9eff47d0b1c651ed Antivirus UPX PE File .NET EXE PE32 Lnk Format GIF Format VirusTotal Malware Buffer PE MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces AntiVM_Disk VM Disk Size Check Tofsee Interception ComputerName	12 Keyword trend analysis Info http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt https://linhkiem.com/autoupdate_dev/hostfile/update.php https://linhkiem.com/autoupdate_dev/launcher/js/mainsite.js https://linhkiem.com/autoupdate_dev/launcher/css/box-event.css https://linhkiem.com/autoupdate_devcheckupdate.php https://linhkiem.com/autoupdate_dev/launcher/index.html https://linhkiem.com/ https://linhkiem.com/autoupdate_dev/launcher/css/style.css https://linhkiem.com/autoupdate_dev/launcher/js/fadegallery.js https://linhkiem.com/autoupdate_dev/launcher/css/mainsite.css https://linhkiem.com/autoupdate_dev/launcher/js/commone942.js?clear=20140520 https://linhkiem.com/autoupdate_devAutoUpdate.exe	5	1		9.2	M	42	ZeroCERT

1357	2024-08-10 12:31	66b62381ef649_crypted.exe#1 d8f1bd1e839eec9a05b55fbc77c9ef90 Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1	1		8.2	M	27	ZeroCERT

1358	2024-08-10 12:30	file.exe 364045dcd335ffd17f48a8cf5f816a01 Generic Malware Malicious Library Malicious Packer UPX PE File PE32 OS Processor Check VirusTotal Malware Check memory Check virtual network interfaces	1 Keyword trend analysis	4			3.0		23	ZeroCERT

1359	2024-08-10 12:28	win32.exe 3970ef9883559736fed2976032935fe9 Suspicious_Script_Bin Malicious Library .NET framework(MSIL) UPX PE File .NET EXE PE32 OS Processor Check VirusTotal Malware powershell suspicious privilege MachineGuid Check memory Checks debugger buffers extracted WMI unpack itself powershell.exe wrote suspicious process AntiVM_Disk VM Disk Size Check ComputerName					6.2	M	53	ZeroCERT

1360	2024-08-09 17:06	firewall.db 471387c94509d92b8357a6ef9797faed								guest

1361	2024-08-09 16:48	66ae9cc050ded_file0308.exe d7528cd33b73718b5949277420681f90 Suspicious_Script_Bin Malicious Library Socket DGA Http API ScreenShot PWS DNS Internet API AntiDebug AntiVM PE File PE32 Malware download VirusTotal Malware Microsoft AutoRuns Code Injection Checks debugger buffers extracted ICMP traffic unpack itself malicious URLs Tofsee Windows ComputerName DNS	2 Keyword trend analysis	4	6 Info ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download		10.4	M	60	ZeroCERT

1362	2024-08-09 16:46	66b24859611ad_agent_3.exe ba027ccb7de0f4a3769f48136d183dbd Malicious Library Malicious Packer UPX PE File PE32 VirusTotal Malware AutoRuns Creates executable files Windows		2	1		3.4	M	51	ZeroCERT

1363	2024-08-09 16:46	sahost.exe a1ae2e6d777478e37fb28514cdde98f6 Generic Malware Malicious Library .NET framework(MSIL) Antivirus PWS SMTP Internet API KeyLogger AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed keylogger	2 Keyword trend analysis	4	6 Info ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org) ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org) ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY External IP Lookup - checkip.dyndns.org ET INFO 404/Snake/Matiex Keylogger Style External IP Check		16.2	M	40	ZeroCERT

1364	2024-08-09 16:44	main2.exe 305d50d93ffc87e36a9d7d0914f8c4c5 Stealc Client SW User Data Stealer LokiBot RedLine stealer ftp Client info stealer Malicious Library Antivirus .NET framework(MSIL) ASPack UPX Socket Http API PWS HTTP DNS Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 OS Processor Che FTP Client Info Stealer VirusTotal Malware Telegram PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs sandbox evasion WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software crashed	2 Keyword trend analysis	6	3	1	18.4	M	50	ZeroCERT

1365	2024-08-09 16:41	file.exe 19e3d9fd4b09a33c2653151601ab548a Malicious Library AntiDebug AntiVM PE File .NET EXE PE32 VirusTotal Malware PDB Code Injection Check memory Checks debugger buffers extracted unpack itself DNS		1	1		8.4	M	38	ZeroCERT