Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14236	2023-03-27 10:27	cred64.dll 3e762ef2e32a7b9e5fa494e295b15edb Ave Maria WARZONE RAT UPX Malicious Library OS Processor Check DLL PE64 PE File VirusTotal Malware PDB Checks debugger installed browsers check Browser ComputerName DNS crashed		10		3.0	M	49	ZeroCERT

14237	2023-03-27 10:27	ox.exe 7b9742c442c28ca29907a0ffcaca47fa UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself crashed				1.8	M	29	ZeroCERT

14238	2023-03-27 10:25	RedHat.exe 684b2bdbe523cd89846944b6814f4de3 Gen2 Gen1 Generic Malware UPX Malicious Library Antivirus Malicious Packer OS Processor Check PE32 PE File DLL Browser Info Stealer VirusTotal Malware Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications anti-virtualization installed browsers check Windows Red Hat Browser ComputerName DNS	8 Keyword trend analysis Info http://91.107.196.27/88e91184e089da83/freebl3.dll http://91.107.196.27/88e91184e089da83/nss3.dll http://91.107.196.27/88e91184e089da83/mozglue.dll http://91.107.196.27/88e91184e089da83/softokn3.dll http://91.107.196.27/75e7ead3c17835de.php http://91.107.196.27/88e91184e089da83/vcruntime140.dll http://91.107.196.27/88e91184e089da83/msvcp140.dll http://91.107.196.27/88e91184e089da83/sqlite3.dll	1	3	7.4	M	43	ZeroCERT

14239	2023-03-27 10:23	foto0169.exe 2a8355fa97a9ff869abb1e12d6fc70f1 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		2		8.2	M		ZeroCERT

14240	2023-03-27 10:23	76783.exe 1782e83ab6ad4f8b4b24dc03ee802100 PWS .NET framework RAT UPX Admin Tool (Sysinternals etc ...) .NET EXE PE32 PE File VirusTotal Malware Check memory Checks debugger unpack itself Windows ComputerName Cryptographic key				2.4	M	46	ZeroCERT

14241	2023-03-27 07:52	Wyciek-NFZ-16-03-2023.xlsx 67126c10471b06d8a5b86d78bd6052f4 ZIP Format RWX flags setting exploit crash unpack itself Exploit crashed				2.2			ZeroCERT

14242	2023-03-25 20:31	[2023-01-24_12,38,16.664011]-i... c271b8690123fe94527214c1f5cffba6 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			BRY

14243	2023-03-25 15:49	7.html f0e0f44ef5d2bb5e7e398de2b92dd20f Antivirus AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed			2	3.4			ZeroCERT

14244	2023-03-25 02:32	office32ww.msi.16.x-none.tree[... cb8b98aae54e7d85d683c4032c24b7a3 Generic Malware AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			BRY

14245	2023-03-25 02:10	b807c47cdaefec023b49e34b6fdd59... ff5e5be0cacada5cdf90d4b38e6187c9 Gen1 UPX Malicious Library Malicious Packer PE64 PE File Remote Code Execution crashed				0.4			BRY

14246	2023-03-25 01:07	document.wflow d5494c2ee15638c49616a2643d9cbc44 Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection PWS[m] Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.4			BRY

14247	2023-03-25 01:06	document.wflow d5494c2ee15638c49616a2643d9cbc44 Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection PWS[m] Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	3.8			BRY

14248	2023-03-25 01:05	Preview.png f916f325e5d39fec8ff93922d43002d5 AntiDebug AntiVM PNG Format MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities Windows Exploit DNS crashed				3.8			BRY

14249	2023-03-25 01:04	document.wflow d5494c2ee15638c49616a2643d9cbc44 Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection PWS[m] Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.4			BRY

14250	2023-03-25 01:04	Info.plist 9a4fdf46def57336ff67c5b08bbde1dd Downloader Create Service DGA Socket ScreenShot DNS Internet API Code injection PWS[m] Hijack Network Sniff Audio HTTP Steal credential KeyLogger P2P Escalate priviledges persistence FTP Http API AntiDebug AntiVM MSOffice File Code Injection exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed			2	4.8			guest