Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Score	Zero	VT	Player
14356	2023-04-02 08:58	Redline2.exe 07ed3cf75dcfb540175c949c271e936a PWS .NET framework RAT UPX OS Processor Check .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Malware suspicious privilege Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Windows Browser ComputerName DNS Cryptographic key Software crashed		1		6.2	M	58	ZeroCERT

14357	2023-04-02 08:58	527dcac0-7266-48b4-893b-a2ee87... 13e943e4a218b36c30fcc7fe865d5d93 .NET EXE PE32 PE File VirusTotal Malware PDB Check memory Checks debugger unpack itself				1.8		28	ZeroCERT

14358	2023-04-02 08:56	9a3e5c94-0917-4b87-b1e2-540783... 041b96460a5646b883436e0b327829eb UPX Malicious Library OS Processor Check PE32 PE File VirusTotal Malware unpack itself crashed				2.0		36	ZeroCERT

14359	2023-04-02 08:54	ntvdm64.exe 5d27d7c444aa9ac075cf892d70357e54 PE64 PE File VirusTotal Malware Creates executable files unpack itself				2.4		9	ZeroCERT

14360	2023-04-02 08:54	clip64.dll 9e9f6b48159690d4916e38b26d8f92cb UPX Malicious Library Admin Tool (Sysinternals etc ...) OS Processor Check DLL PE32 PE File VirusTotal Malware PDB Checks debugger unpack itself				2.0	M	59	ZeroCERT

14361	2023-04-02 08:52	drub.exe 7f9a558c286182185482a0406820c176 RAT Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM .NET EXE PE32 PE File Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut unpack itself powershell.exe wrote Check virtual network interfaces suspicious process Windows Browser Email ComputerName DNS Cryptographic key Software crashed		1		14.2	M	46	ZeroCERT

14362	2023-04-02 08:52	foto0169.exe e162570e19e5b7b60bdea41e4aee9b46 Gen1 Emotet UPX Malicious Library CAB PE32 PE File Browser Info Stealer FTP Client Info Stealer AutoRuns PDB suspicious privilege Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Windows Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed		1		8.2			ZeroCERT

14363	2023-04-01 11:11	https://www.facebook.com/recov... 00838a8cb21d38ac2ec93f8e6003f1d8 Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File icon PNG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	9 Keyword trend analysis Info https://m.facebook.com/favicon.ico https://fbsbx.com/security/hsts-pixel.gif https://facebook.com/security/hsts-pixel.gif?c=3.2 https://m.facebook.com/login/identify/?ctx=recover&c&multiple_results=0&from_login_screen=0&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/2xs6jaqwoaL.png https://www.facebook.com/recover/initiate/?ldata=AWdu9jOm_Vz9oxOyhcWwMT2sAbKJiix516xWvQ4nCxFV1S37siY3l3C6S3u4xp-ztme4ivBgdnsyWh9jVQyB5w4KqwpqCyrmf8PDliykkZ5tePO9XNgJoRexoC3Ux8seM3jcdm2gAR4E-JVJCU4MlYZ0ku5pkQ6e_COFE6k8BEMgzy8QIaNicxWpg5S6WGS50j5WBeDImWd6dBo12z5gW4MSVVFColbWx1xyDdVmG6kYG8YXmOnjOEzzUfTI-TBF9wRufqc-LFgmNiuR7Yo6Zl23 https://fbcdn.net/security/hsts-pixel.gif?c=2 https://m.facebook.com/recover/initiate/?ldata=AWdu9jOm_Vz9oxOyhcWwMT2sAbKJiix516xWvQ4nCxFV1S37siY3l3C6S3u4xp-ztme4ivBgdnsyWh9jVQyB5w4KqwpqCyrmf8PDliykkZ5tePO9XNgJoRexoC3Ux8seM3jcdm2gAR4E-JVJCU4MlYZ0ku5pkQ6e_COFE6k8BEMgzy8QIaNicxWpg5S6WGS50j5WBeDImWd6dBo12z5gW4MSVVFColbWx1xyDdVmG6kYG8YXmOnjOEzzUfTI-TBF9wRufqc-LFgmNiuR7Yo6Zl23&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png	8	2	4.2			guest

14364	2023-04-01 10:43	https://www.facebook.com/recov... 707a75561797d7d3a6bb50eeaa0798cd Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File icon PNG Format Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	9 Keyword trend analysis Info https://m.facebook.com/favicon.ico https://fbsbx.com/security/hsts-pixel.gif https://facebook.com/security/hsts-pixel.gif?c=3.2 https://m.facebook.com/login/identify/?ctx=recover&c&multiple_results=0&from_login_screen=0&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/2xs6jaqwoaL.png https://www.facebook.com/recover/initiate/?ldata=AWdu9jOm_Vz9oxOyhcWwMT2sAbKJiix516xWvQ4nCxFV1S37siY3l3C6S3u4xp-ztme4ivBgdnsyWh9jVQyB5w4KqwpqCyrmf8PDliykkZ5tePO9XNgJoRexoC3Ux8seM3jcdm2gAR4E-JVJCU4MlYZ0ku5pkQ6e_COFE6k8BEMgzy8QIaNicxWpg5S6WGS50j5WBeDImWd6dBo12z5gW4MSVVFColbWx1xyDdVmG6kYG8YXmOnjOEzzUfTI-TBF9wRufqc-LFgmNiuR7Yo6Zl23 https://fbcdn.net/security/hsts-pixel.gif?c=2 https://m.facebook.com/recover/initiate/?ldata=AWdu9jOm_Vz9oxOyhcWwMT2sAbKJiix516xWvQ4nCxFV1S37siY3l3C6S3u4xp-ztme4ivBgdnsyWh9jVQyB5w4KqwpqCyrmf8PDliykkZ5tePO9XNgJoRexoC3Ux8seM3jcdm2gAR4E-JVJCU4MlYZ0ku5pkQ6e_COFE6k8BEMgzy8QIaNicxWpg5S6WGS50j5WBeDImWd6dBo12z5gW4MSVVFColbWx1xyDdVmG6kYG8YXmOnjOEzzUfTI-TBF9wRufqc-LFgmNiuR7Yo6Zl23&_rdr https://static.xx.fbcdn.net/rsrc.php/v3/y8/r/k97pj8-or6s.png	8	2	4.2			guest

14365	2023-04-01 10:21	https://www.google.com/search?... 29b78806a6c5b7e11cc66628a3aa33eb Downloader Create Service DGA Socket DNS Hijack Network Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger ScreenShot AntiDebug AntiVM MSOffice File Code Injection RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed	2 Keyword trend analysis Info https://www.google.com/images/branding/searchlogo/1x/googlelogo_desk_heirloom_color_150x55dp.gif https://www.google.com/search?q=t+mobile+login&source=hp&ei=jWInZICdLYLQkPIPlrCG8AQ&oq=tmobile+lo&gs_lcp=ChFtb2JpbGUtZ3dzLXdpei1ocBABGAAyBwgAEIAEEAoyCAgAEIAEEMkDMggIABCKBRCSAzILCAAQgAQQsQMQgwEyBQgAEIAEMgUIABCABDIFCAAQgAQyBQgAEIAEOgsIKRCABBCxAxCDAToCCCk6DggAEI8BEOoCEIwDEOUCOg4ILhCPARDqAhCMAxDlAjoICAAQgAQQsQM6DgguEIAEELEDEIMBENQCOgsILhCABBDHARCvAToNCC4QgAQQxwEQ0QMQCjoKCAAQgAQQyQMQCjoKCAAQgAQQkgMQCjoQCC4QgAQQsQMQxwEQ0QMQClDWDFiRZ2CLb2gAcAB4AIAB5AGIAa4NkgEFMC44LjKYAQCgAQGwARQ&sclient=mobile-gws-wiz-hp	2	2	4.2			guest

14366	2023-04-01 10:00	Cha-Ching.ogg 6a9a2240cd15abb6a9359e7561f594e5 AntiDebug AntiVM Email Client Info Stealer suspicious privilege Checks debugger Creates shortcut unpack itself installed browsers check Browser Email ComputerName				3.4			guest

14367	2023-04-01 09:54	handdiy_3.exe d5cddebc785771e1db6dd5a0a64438aa AgentTesla Gen2 Trojan_PWS_Stealer browser info stealer Credential User Data Generic Malware Google Chrome Downloader UPX Malicious Library SQLite Cookie Malicious Packer Create Service DGA Socket DNS BitCoin Code injection HTTP PWS[m] Sniff Aud Browser Info Stealer VirusTotal Malware suspicious privilege Code Injection Checks debugger WMI Creates executable files exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed	1 Keyword trend analysis	4	5	10.4	M	55	guest

14368	2023-04-01 04:45	security-sysdiagnose.txt 96100b0a36473988dacac84b13d5ceca AgentTesla browser info stealer Generic Malware Google Chrome User Data Downloader Create Service DGA Socket DNS BitCoin Code injection HTTP PWS[m] Sniff Audio Steal credential Http API P2P Internet API Escalate priviledges persistence FTP KeyLogger Scree Browser Info Stealer Code Injection Checks debugger exploit crash unpack itself malicious URLs installed browsers check Exploit Browser crashed				4.8			guest

14369	2023-03-31 18:30	File_pass1234.7z 92ca1fb37f27d4f68e36a48db3ddd7f0 PWS[m] Escalate priviledges KeyLogger AntiDebug AntiVM Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself IP Check Tofsee DNS	4 Keyword trend analysis	11	2	4.2	M		ZeroCERT

14370	2023-03-31 17:01	24....................24......... 409e6c1dd82691daeb9823579810efde MS_RTF_Obfuscation_Objects RTF File doc Malware download VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Exploit DNS crashed Downloader	1 Keyword trend analysis	1	3	4.6	M	34	ZeroCERT