Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
13951	2023-04-10 15:50	[2023-04-08_06,01,39.716259]-A... 20d582c2d1fc560702795bc9216eba4e ScreenShot AntiDebug AntiVM Check memory unpack itself					1.0			BRY

13952	2023-04-10 10:43	sec2.exe 6eea1248a188ec88b2e7d50242da4965 NPKI PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File VirusTotal Malware PDB MachineGuid Check memory Checks debugger unpack itself Windows Cryptographic key					2.2		27	ZeroCERT

13953	2023-04-10 10:43	build123456789.exe 2b5fc061696f29db6b1e55ffa37506c0 PWS .NET framework RAT UPX Confuser .NET OS Processor Check .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger ICMP traffic unpack itself Windows DNS Cryptographic key		1			4.4		39	ZeroCERT

13954	2023-04-10 09:52	mcb.exe 1ed1ae52785f50e3ba1bee8c0c71a8d0 PWS .NET framework RAT Generic Malware UPX Antivirus AntiDebug AntiVM OS Processor Check .NET EXE PE32 PE File FormBook Malware download VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows ComputerName DNS Cryptographic key	2 Keyword trend analysis	4	2		12.4	M	48	ZeroCERT

13955	2023-04-10 09:50	leafgrey.exe 16b67de79530a182c3e49ae82bb5f337 UPX Malicious Library Antivirus PE32 PE File MSOffice File OS Processor Check DLL icon Browser Info Stealer Malware download FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware Buffer PE AutoRuns suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk sandbox evasion anti-virtualization VM Disk Size Check installed browsers check Windows Browser Email ComputerName DNS Cryptographic key Software	3 Keyword trend analysis Info http://176.113.115.25/bot/regex http://176.113.115.25/bot/online?guid=TEST22-PC\\test22&key=f91c75a2c5026af6018d7440b3cc6388f9e5424369f44512d073daee9d5318de https://176.113.115.21/V/sdkk5ywn1w/+iBH32vcXr87CL+YROcC3SO1z8sYve4b76amRKql5QDggj0I2AbinPxGpJbUpQllBVERtRx9KxUVyC8nK1a/109MZIB7ehXnhRA3u3fF/IMK5Pu2eHFKgJD6GNFhhJ8ea3akdd9FiO9eshpO8O7kUDRwSFsJBldB2jRI6xHsPmDHX7HIWLDBV7oSpPsNqfwQg==	4	1		18.4	M	53	ZeroCERT

13956	2023-04-10 09:49	fotocr17.exe 9354e489234efc07b0ad81163fd58f35 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			10.4	M		ZeroCERT

13957	2023-04-10 09:47	ts.wsf 291c18d77096065aec86457b63eeb140 Generic Malware Antivirus AntiDebug AntiVM powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities suspicious process WriteConsoleW Tofsee Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	2	3		7.6			ZeroCERT

13958	2023-04-10 09:44	Daggerhashimoto.bat 1a378a4fa84181614b51d0a0de0ebcbc NPKI Generic Malware Downloader Anti_VM Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenShot AntiDebug AntiVM VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.0		1	ZeroCERT

13959	2023-04-10 09:44	s.exe e2c2cc0564de85a2ffd91ad3b66e5f4d UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution					0.6	M		ZeroCERT

13960	2023-04-10 09:42	cred64.dll 846d00634429d1dfd48cbdbc24e8b8e3 Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed					2.4	M	47	ZeroCERT

13961	2023-04-10 09:40	ax.png.ps1 d04c40b337e256cc052a125ab25b1ae4 Formbook Generic Malware Antivirus VirusTotal Malware Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.4		3	ZeroCERT

13962	2023-04-10 09:39	lega.exe d21ed39f2754e2d9f681828a60d0c3c0 Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Tofsee Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader	5 Keyword trend analysis	7	14 Info ET INFO Executable Download from dotted-quad Host ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET INFO TLS Handshake Failure SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Amadey CnC Check-In ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) ET INFO Packed Executable Download ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) ET INFO Dotted Quad Host DLL Request	1	16.0	M		ZeroCERT

13963	2023-04-10 09:38	RegSvcs.exe 8380e9d71cd1fb157301b87e8fb0c911 Loki_b PWS .NET framework RAT UPX .NET EXE PE32 PE File Malware download Malware PDB MachineGuid Malicious Traffic Check memory Checks debugger WMI unpack itself Check virtual network interfaces AntiVM_Disk anti-virtualization IP Check VM Disk Size Check ComputerName Remote Code Execution Trojan DNS	3 Keyword trend analysis	3	6 Info ET DROP Dshield Block Listed Source group 1 ET POLICY External IP Lookup ipinfo.io ET MALWARE Trojan Generic - POST To gate.php with no referer ET MALWARE Trojan Generic - POST To gate.php with no accept headers ET MALWARE Generic Request to gate.php Dotted-Quad ET MALWARE Win32/ModernLoader Activity (POST)		6.0			ZeroCERT

13964	2023-04-10 09:36	ChromeFIX_error.exe 8ae47c8391af6dab310f21335c7b3673 RedLine stealer[m] UPX Malicious Library AntiDebug AntiVM OS Processor Check PE32 PE File VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key crashed		1			8.8	M	38	ZeroCERT

13965	2023-04-10 09:35	cred64.dll 4458e8114c5e302f791c868ef0e54cd0 Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName crashed					2.4	M	54	ZeroCERT