Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14341	2023-04-03 08:27	ntredirect.dll 61131c939b98075c07e189830ff2879d DLL PE32 PE File unpack itself DNS		1		1.6	M		ZeroCERT

14342	2023-04-03 08:26	clickme.lnk dc1bb1e2409b4344609d8a176b3fd55d Antivirus GIF Format VirusTotal Malware Creates shortcut unpack itself WriteConsoleW				1.6		11	ZeroCERT

14343	2023-04-03 08:26	photo_007.exe cd863c532d8b7fb02cfe7ad045c9d032 Gen1 Emotet UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE32 PE File OS Processor Check DLL Browser Info Stealer Malware download Amadey FTP Client Info Stealer Malware AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed	5 Keyword trend analysis	2	6 Info ET MALWARE Amadey CnC Check-In ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO Dotted Quad Host DLL Request	16.0	M		ZeroCERT

14344	2023-04-03 08:24	777.exe 44f50973ac66fd83be9411d6ab53446f Malicious Library PE32 PE File Check memory RWX flags setting unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Browser DNS		1		4.0	M		ZeroCERT

14345	2023-04-03 08:22	sarkof2.1.exe 796099660c004943c505c3bfaa6da30f UPX Malicious Library PE32 PE File OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows Browser Email ComputerName Cryptographic key Software crashed keylogger		2	2	11.6	M	44	ZeroCERT

14346	2023-04-03 08:22	aspectator.exe 0b038f819481ba63e9adfd623c824eb4 UPX Malicious Library OS Processor Check PE32 PE File unpack itself Remote Code Execution				1.0	M		ZeroCERT

14347	2023-04-02 15:33	sex777.exe 943d66043301745e07da302743041496 PWS .NET framework RAT .NET EXE PE32 PE File Browser Info Stealer VirusTotal Malware Cryptocurrency wallets Cryptocurrency Telegram Malicious Traffic Check memory Checks debugger unpack itself Check virtual network interfaces IP Check Tofsee Browser ComputerName DNS	1 Keyword trend analysis	4	5	5.2	M	41	ZeroCERT

14348	2023-04-02 15:31	380.exe 9665de160f7695ba54117e9e3619564c Malicious Library PE32 PE File VirusTotal Malware Check memory RWX flags setting unpack itself AntiVM_Disk sandbox evasion VM Disk Size Check Browser DNS		1		5.2	M	45	ZeroCERT

14349	2023-04-02 15:30	fotocr.exe 3a11872274727385e77e57a186565536 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1		10.4			ZeroCERT

14350	2023-04-02 13:08	cc1be3c6d243a4d8f90e87c84709d4... 9fddc313ba5774bdc646aef46d2de313 Gen1 UPX Malicious Packer PE32 PE File VirusTotal Malware Remote Code Execution				0.6		1	BRY

14351	2023-04-02 12:54	latest-logging-config.data 165d7b3fa08ee81ad6979792b57dea4f AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			BRY

14352	2023-04-02 09:09	handdiy_6.exe 6418bc223b6880e2276b4ef2415544b1 AgentTesla Gen2 Trojan_PWS_Stealer browser info stealer Credential User Data Google Chrome Downloader UPX Malicious Library SQLite Cookie Malicious Packer Create Service DGA Socket DNS BitCoin Code injection HTTP PWS[m] Sniff Audio Steal credent Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	4	3	10.0		54	ZeroCERT

14353	2023-04-02 09:03	updater.exe a04a12bd76283170bc83848686e4f946 UPX Malicious Library OS Processor Check PE64 PE File Malware download VirusTotal Cryptocurrency Miner Malware Cryptocurrency PDB Malicious Traffic Creates executable files DNS CoinMiner	3 Keyword trend analysis	5	3	5.0	M	34	ZeroCERT

14354	2023-04-02 09:00	svhosts.exe 0a935300ad790ad8d03666b1f14e73a4 UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware PDB unpack itself				2.2	M	42	ZeroCERT

14355	2023-04-02 09:00	666.exe ba82f3818c68b163d9e4ad26aff88911 Malicious Library PE32 PE File VirusTotal Malware RWX flags setting unpack itself DNS		1		4.8	M	56	ZeroCERT