Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13891	2023-04-13 09:10	alph.exe e7465dd41c7a0fae866744b86c78f80a Malicious Library MZP Format PE32 PE File VirusTotal Malware ComputerName DNS		1			2.0	M	39	ZeroCERT

13892	2023-04-13 09:09	auto.dll f983bbe67c157f9debd63b5d434982a0 DLL PE64 PE File VirusTotal Malware unpack itself ComputerName					1.8		12	ZeroCERT

13893	2023-04-13 03:52	files.json 29c87fc16653e3877a975379f13e2842 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName					3.4			BRY

13894	2023-04-13 02:36	Manifest.xml 1c15eb9c5929a77843431ec57ff9b7a9 AntiDebug AntiVM MSOffice File Code Injection buffers extracted RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed					4.2			BRY

13895	2023-04-12 18:38	exo.exe dfb76e6ff97b7ada3e059ed03da18700 Gen1 Emotet Gen2 Generic Malware UPX Malicious Library Anti_VM Admin Tool (Sysinternals etc ...) Malicious Packer OS Processor Check PE64 PE File DLL ZIP Format VirusTotal Malware Check memory Checks debugger Creates executable files unpack itself					2.6	M	25	ZeroCERT

13896	2023-04-12 18:35	644c4dc6bac9156546cca54ce95fa2... b8fd2b1bf9995f286509982b5aceae14 RAT Downloader task schedule UPX Confuser .NET Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM .NET EXE PE32 PE File VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName		1			9.6	M	51	ZeroCERT

13897	2023-04-12 18:33	60f6582886a92241e116efbb17804e... 79c1be7c958d5cded0534d37b0104305 UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File PDB Code Injection Checks debugger buffers extracted unpack itself Windows crashed					6.2	M		ZeroCERT

13898	2023-04-12 18:27	ve_April.1(2947).wsf 9c92bf67778574b68e30067b19dc8ca4 Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key					5.6			ZeroCERT

13899	2023-04-12 17:19	t40qOrtfDw5JAOa.exe bb3d8386c1b4be06c17f9fba69d87391 RedLine stealer[m] PWS .NET framework RAT Admin Tool (Sysinternals etc ...) PWS[m] ScreenShot BitCoin AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities Collect installed applications Check virtual network interfaces suspicious process AppData folder WriteConsoleW installed browsers check Tofsee Windows Browser ComputerName DNS Cryptographic key Software crashed	2 Keyword trend analysis	3	2		15.0		32	ZeroCERT

13900	2023-04-12 13:38	xI-Febuary.12(69).wsf 964c85c835fe3ee30b9cc70d484fad43 Generic Malware Antivirus AntiDebug AntiVM suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	6 Keyword trend analysis				5.6			ZeroCERT

13901	2023-04-12 13:38	xu-November.21(7354).wsf b87327f3d6171c25482b5e4e6387ffc6 Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself suspicious process Windows ComputerName Cryptographic key	10 Keyword trend analysis Info https://diabeflix.club/Q6py/bb2yV https://bsdtreeinc.com/5DY/yY0Kv1fADF1 https://medicaintl.com/CmyH/TIYYBtdMUV https://nomadlove.com.br/VR8f/EG1edeReGmd https://cientificagroup.com/ARvDiE/DJ1aPtT https://iluminareodonto.com.br/8K3IA/3birWLtz9 https://institutoekballo.org/DuZjN/vHwZNakm https://ianjesuscr.org/3nSn/AljncR https://conectabrazilnewbank.com/vyxB/iP9G6kk https://alkanaria-uae.com/3iv/9AePbUKU				5.6			ZeroCERT

13902	2023-04-12 13:31	rem.exe cb43cfa544d997cbbf5ca1d3e437fb92 AgentTesla NPKI PWS .NET framework RAT browser info stealer Generic Malware Google Chrome User Data Downloader UPX Antivirus Create Service Socket DNS PWS[m] Sniff Audio Internet API Escalate priviledges KeyLogger AntiDebug AntiVM OS Processor Check .NET VirusTotal Malware AutoRuns suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut ICMP traffic unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key keylogger		5			13.0	M	43	ZeroCERT

13903	2023-04-12 13:30	File_pass1234.7z 9f886ca42bfa5a7511f23525b03776f2 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	4 Keyword trend analysis	8	2	1	4.6	M	7	ZeroCERT

13904	2023-04-12 13:29	cpp_self_SC.bat 7b99fd1109a4f8307320a92fbb237bfb NPKI Generic Malware Downloader Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Windows ComputerName Cryptographic key					4.0			ZeroCERT

13905	2023-04-12 13:15	31A1C087-CB71-4F3D-8B97-898F09... d41d8cd98f00b204e9800998ecf8427e AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Windows Browser Email ComputerName keylogger					4.0			BRY