Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
14071	2023-04-18 17:37	okes.exe 2775771aca8f5cdb689354532eba3109 UPX MPRESS PE64 PE File VirusTotal Malware crashed					2.0	M	41	ZeroCERT

14072	2023-04-18 17:36	Prynt_Stealer_5.6.exe c9b42a5736dc621a27af89075e9cd8b4 PWS .NET framework RAT UPX .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.8	M	53	ZeroCERT

14073	2023-04-18 17:35	virus.exe 43967615d9e0e19bc59d32fdb5afd7e4 RedLine stealer[m] PWS .NET framework RAT Generic Malware Downloader UPX Malicious Library Antivirus Create Service DGA Socket DNS Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges FTP KeyLogger ScreenS Browser Info Stealer VirusTotal Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself powershell.exe wrote Check virtual network interfaces suspicious process AppData folder malicious URLs installed browsers check Windows Browser ComputerName DNS Cryptographic key	1 Keyword trend analysis	2			10.2	M	34	ZeroCERT

14074	2023-04-18 17:34	ark.exe b5bb2601161911af5e73af89d2010875 PWS .NET framework Admin Tool (Sysinternals etc ...) SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed	1 Keyword trend analysis	2	1		12.0	M	25	ZeroCERT

14075	2023-04-18 13:36	locacem2.1.exe 241b78d02640dea21e13c5bb27f3070c UPX Malicious Library PE32 PE File FormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Creates executable files unpack itself	12 Keyword trend analysis Info http://www.293854.com/3ri5/?47c8A=8VfWc3I9T0q8uLWt5vMA8t/NaJjt99H5WpUIa33bhFXaN7+r5efgDAaDSWZ+OfLFop0DNHorEURjgXjwxWmjSn88pL4ptwdkA3+hAeE=&Ix=-ol_d8ABE - rule_id: 29906 http://www.bonniebathco.com/3ri5/ - rule_id: 29907 http://www.bonniebathco.com/3ri5/?47c8A=m+9EiGOaRuotdr7HR1ai1gdt1GNDw1TmEpGkjtFtzc/dlwOBWFwqBGIyHAmZ6oV7v4zUEyUjENgsJ6+uFn07ZXodw4yIovvs9zaIw1Y=&Ix=-ol_d8ABE - rule_id: 29907 http://www.whymart.info/3ri5/?47c8A=gg0WwMZJut98Pb9POX8BsR2tb4GvDHep0vhbybEGdeWO1wRcOh+rgMaB6OW+qqHzEPN/5qYCuQhy7THlnR0IkhmSzx7meYhwBzxXGxM=&Ix=-ol_d8ABE - rule_id: 29908 http://www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip http://www.brownstone.marketing/3ri5/?47c8A=v1a+ZoEzcRh50q2tDj03ofuTuK6dEashxWLebDlTotVYA45flfV1EPZtnjLTp8wtzJObZuW2CufgECU/vSOjQIa0l3HPVQyXyXUaHkE=&Ix=-ol_d8ABE - rule_id: 29909 http://www.wormholeent.com/3ri5/ - rule_id: 29905 http://www.brownstone.marketing/3ri5/ - rule_id: 29909 http://www.socialhundutbildning.com/3ri5/?47c8A=6fyh8NvGOALu1WTna1arX7cRTcJCaVezDnAB3SRdKno18i/IpLBv249NcS6xMQ5eVQU4L0x/+9B8EC80MEZinUr1wfqFxLl/6VdFhjA=&Ix=-ol_d8ABE - rule_id: 29904 http://www.whymart.info/3ri5/ - rule_id: 29908 http://www.293854.com/3ri5/ - rule_id: 29906 http://www.wormholeent.com/3ri5/?47c8A=GAeB9SO66wCu7XeOxUWjwQ3IXqr33QahFXqmZDAHjMk4F3Cn5yc7ZixTmnMJeZduFMM5t3USTT/RsQKU/fMUECl8s6zVBxGU3NlUJkM=&Ix=-ol_d8ABE - rule_id: 29905	15 Info www.socialhundutbildning.com(85.132.152.254) - mailcious www.virgocxexdc.com(64.32.2.54) - mailcious www.whymart.info(162.0.228.125) - mailcious www.wormholeent.com(154.92.17.251) - mailcious www.brownstone.marketing(208.91.197.39) - mailcious www.bonniebathco.com(213.171.195.105) - mailcious www.293854.com(122.10.13.104) - mailcious 208.91.197.39 - mailcious 122.10.13.104 - mailcious 85.132.152.254 - mailcious 64.32.2.54 - mailcious 154.92.17.251 - mailcious 162.0.228.125 - mailcious 45.33.6.223 213.171.195.105 - mailcious	2	11 Info http://www.293854.com/3ri5/ http://www.bonniebathco.com/3ri5/ http://www.bonniebathco.com/3ri5/ http://www.whymart.info/3ri5/ http://www.brownstone.marketing/3ri5/ http://www.wormholeent.com/3ri5/ http://www.brownstone.marketing/3ri5/ http://www.socialhundutbildning.com/3ri5/ http://www.whymart.info/3ri5/ http://www.293854.com/3ri5/ http://www.wormholeent.com/3ri5/	5.4	M	35	ZeroCERT

14076	2023-04-18 10:49	locacem2.1.exe 241b78d02640dea21e13c5bb27f3070c UPX Malicious Library PE32 PE File VirusTotal Malware suspicious privilege Check memory Creates executable files unpack itself					3.2	M	35	r0d

14077	2023-04-18 09:54	paladin.hta 1788bf59ef4448b60cab56c45cc7cafe Generic Malware Antivirus PowerShell VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key					5.6		21	ZeroCERT

14078	2023-04-18 09:48	paladin.hta 1788bf59ef4448b60cab56c45cc7cafe VirusTotal Malware crashed					1.0		21	ZeroCERT

14079	2023-04-18 09:48	rt.php.ps1 5051d5610215e59183b9f6651d01d6d1 NPKI Generic Malware Antivirus Check memory unpack itself WriteConsoleW Windows Cryptographic key					1.0			ZeroCERT

14080	2023-04-18 09:40	foto0157.exe 9e887c02dffcda52de09155e7e21e109 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1			8.2			ZeroCERT

14081	2023-04-18 09:40	Output.exe 453776b8b812727c5a905d4db70c1935 Gen1 UPX Malicious Library Malicious Packer AntiDebug AntiVM PE32 PE File OS Processor Check DLL Browser Info Stealer VirusTotal Email Client Info Stealer Malware Code Injection Malicious Traffic Check memory Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AppData folder sandbox evasion WriteConsoleW anti-virtualization installed browsers check Windows Browser Email ComputerName DNS	8 Keyword trend analysis Info http://45.159.248.242/59b232f2b6dc5770.php http://45.159.248.242/ffa2f6cf414d2e27/mozglue.dll http://45.159.248.242/ffa2f6cf414d2e27/freebl3.dll http://45.159.248.242/ffa2f6cf414d2e27/nss3.dll http://45.159.248.242/ffa2f6cf414d2e27/msvcp140.dll http://45.159.248.242/ffa2f6cf414d2e27/softokn3.dll http://45.159.248.242/ffa2f6cf414d2e27/vcruntime140.dll http://45.159.248.242/ffa2f6cf414d2e27/sqlite3.dll	1	3		10.8	M	26	ZeroCERT

14082	2023-04-18 09:40	File_pass1234.7z 69ed08a803fe4dcc357817089fcf212d PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM suspicious privilege Check memory Checks debugger Creates executable files unpack itself					2.0			ZeroCERT

14083	2023-04-18 09:38	hugo.exe 85150fc161f06e745f463388cd0fff4f Themida Packer UPX MPRESS PE64 PE File VirusTotal Malware Remote Code Execution crashed					2.2	M	23	ZeroCERT

14084	2023-04-17 19:11	pinduoduo.apk 2eeac5f3be2b27d0af774ead7dd9132e OS Processor Check ZIP Format VirusTotal Malware					0.6		10	guest

14085	2023-04-17 18:00	ts.exe 16f2a3898cdc27798158c9bf35a4eff4 UPX OS Processor Check PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware Check memory buffers extracted unpack itself Ransomware Browser DNS Software		1			4.4	M	57	ZeroCERT